[pkg-lxc-devel] Bug#1030389: Bug#1030389: lxc: Conflict with new systemd cgroup unified hierarchy
Pierre-Elliott Bécue
peb at debian.org
Wed Apr 24 16:27:07 BST 2024
Linas Vepstas <linasvepstas at gmail.com> wrote on 07/02/2023 at 00:35:18+0100:
> There is nothing in /usr/share/doc/lxc/README.Debian.gz that provides
> the work-around. I am using containers managed by root, started when
> the OS boots.
>
> su - root and then lxc-ls -f reports
>
> NAME STATE AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED
> bind-base STOPPED 0 - - - false
>
> Note the right-most column. Nothing in the README about "unprivileged
> containers" would seem to apply.
>
> apparmor is not installed on this system.
>
> The only work-around given in the two github issues is to set
I also succeed at running privileged containers on my system.
Could you print your container config to me please? It's possible some
things in your config are conflicting with cgroups v2.
> GRUB_CMDLINE_LINUX=systemd.unified_cgroup_hierarchy=false
>
> in /etc/default/grub.d/cgroup.cfg and the Debian README does not mention this work-around.
>
> Perhaps it is possible to put systemd.unified_cgroup_hierarchy=false
> into /etc/sysctl.conf ? Or perhaps some other config file?
systemd.unified_cgroup_hierarchy=false looks like a kernel command line,
I doubt it can be done after having booted.
> There is another work-around:
>
> mkdir -p /sys/fs/cgroup/systemd && mount -t cgroup cgroup -o
> none,name=systemd /sys/fs/cgroup/systemd
>
> However, sticking this mkdir into some /etc/init.d file does not seem
> plausible for a server; it feels too hacky.
--
PEB
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 853 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-lxc-devel/attachments/20240424/79998bf6/attachment.sig>
More information about the Pkg-lxc-devel
mailing list