"cgroupfs failed to detect cgroup metadata"

einfair · March 15, 2020, 5:37am

I am trying to create and start Debian in container under Sabayon Linux.
Kernel version is

uname -a

Linux sabayon.local 5.4.0-sabayon #1 SMP Wed Jan 22 18:17:45 UTC 2020 x86_64 Intel® Core™2 Quad CPU Q9650 @ 3.00GHz GenuineIntel GNU/Linux

The start command is
$ sudo lxc-start -n “anotherworld” --foreground --logfile=aw.log
$ cat aw.log
lxc-start anotherworld 20200315035414.724 ERROR lxc_cgfs - cgroups/cgfs.c:cgfs_init:2364 - cgroupfs failed to detect cgroup metadata
lxc-start anotherworld 20200315035414.724 ERROR lxc_start - start.c:lxc_spawn:1214 - Failed initializing cgroup support.
lxc-start anotherworld 20200315035414.724 ERROR lxc_start - start.c:__lxc_start:1459 - Failed to spawn container “anotherworld”.
lxc-start anotherworld 20200315035415.228 ERROR lxc_start_ui - tools/lxc_start.c:main:371 - The container failed to start.
…
$ lxc-checkconfig

--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled

--- Control groups ---
Cgroups: enabled

Cgroup v1 mount points: 


Cgroup v2 mount points: 
/sys/fs/cgroup

Cgroup v1 systemd controller: /usr/bin/lxc-checkconfig: line 156: printf \033[1;31m: command not found

Cgroup v1 freezer controller: /usr/bin/lxc-checkconfig: line 163: printf \033[1;31m: command not found

Cgroup namespace: required
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled

--- Misc ---
Veth pair device: enabled, loaded
Macvlan: enabled, not loaded
Vlan: enabled, not loaded
Bridges: enabled, loaded
Advanced netfilter: enabled, loaded
CONFIG_NF_NAT_IPV4: missing
CONFIG_NF_NAT_IPV6: missing
CONFIG_IP_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_IP6_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled, not loadedCONFIG_NETFILTER_XT_MATCH_COMMENT: enabled, not loaded
FUSE (for use with lxcfs): enabled, loaded

--- Checkpoint/Restore ---
checkpoint restore: enabled
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: enabled
CONFIG_INET_DIAG: enabled
CONFIG_PACKET_DIAG: enabled
CONFIG_NETLINK_DIAG: enabled
File capabilities: enabled

Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig

mount | grep cgroup

cgroup2 on /sys/fs/cgroup type cgroup2 (rw,nosuid,nodev,noexec,relatime)

cat /proc/1/mountinfo | grep cgroup

28 20 0:23 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime shared:8 - cgroup2 cgroup2 rw

cat /proc/self/cgroup

0::/user.slice/user-1000.slice/session-2.scope

I don’t want to use cgroup v1, or “unified” hierarchy.

What I need to check and reconfigure to start that container?

brauner · March 15, 2020, 2:30pm

The lxc version you use is ancient as can be seen from the log output you posted. It mentions the cgfs cgroup driver. This drivers does not support cgroup2 and has been removed from out codebase several years ago. I’m afraid you need to find a recent version of LXC to make this work. I suggest waiting a week for the new LXC 4.0 release which will have full support for cgroup2 (also called “unified” cgroup).

einfair · April 11, 2020, 3:13pm

Now I am trying to start priveleged container,

lxc-start -n test2 --foreground --logpriority=debug --logfile=/root/logfile.txt

lxc-start: test2: cgroups/cgfsng.c: cgfsng_setup_limits_legacy: 2829 No such file or directory - Failed to set "devices.deny" to "a"
lxc-start: test2: start.c: lxc_spawn: 1788 Failed to setup legacy device cgroup controller limits
lxc-start: test2: start.c: __lxc_start: 1953 Failed to spawn container "test2"
lxc-start: test2: tools/lxc_start.c: main: 308 The container failed to start
lxc-start: test2: tools/lxc_start.c: main: 313 Additional information can be obtained by setting the --logfile and --logpriority options

uname -a

Linux localhost 5.4.28-gentoo-x86_64 #5 SMP Fri Apr 10 17:23:45 MSK 2020 x86_64 Intel(R) Core™2 Quad CPU Q9450 @ 2.66GHz GenuineIntel GNU/Linux

Version of lxc is 4.0.0_p9 (d8ccf906038e7ca3241e572192ffa59999adb923)

cat /root/logfile.txt

https://gist.githubusercontent.com/EinstokFair/6c5d4c53b0fae531a960bbb7205b596d/raw/87bb9e09731b592221981f7009a0d49deeb57a6d/gistfile1.txt

I am not sure, that I built kernel correctly.

# zcat /proc/config.gz | grep CONFIG_SECCOMP
CONFIG_SECCOMP=y
CONFIG_SECCOMP_FILTER=y

systemctl --version

systemd 244 (244)
+PAM -AUDIT -SELINUX +IMA -APPARMOR +SMACK -SYSVINIT +UTMP -LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL -XZ +LZ4 +SECCOMP +BLKID -ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=unified

setting
lxc.cgroup.devices.allow =
lxc.cgroup.devices.deny =
allows container to run.

Now I am trying to understand that advice:

github.com/lxc/lxc

[lxc-3.0.0 cgroups/cgfsng] Failed to setup limits

opened 03:10AM - 10 Apr 18 UTC

closed 08:32AM - 10 Apr 18 UTC

Obarun

* Distribution: Obarun Arch linux based system without systemd, use of s6 superv…ision suite instead * The output of * `lxc-start --version` lxc 3.0.0 * `lxc-checkconfig` --- Namespaces --- Namespaces: enabled Utsname namespace: enabled Ipc namespace: enabled Pid namespace: enabled User namespace: enabled Network namespace: enabled --- Control groups --- Cgroups: enabled Cgroup v1 mount points: /sys/fs/cgroup/cpuset /sys/fs/cgroup/cpu /sys/fs/cgroup/cpuacct /sys/fs/cgroup/blkio /sys/fs/cgroup/memory /sys/fs/cgroup/freezer /sys/fs/cgroup/net_cls /sys/fs/cgroup/perf_event /sys/fs/cgroup/net_prio /sys/fs/cgroup/hugetlb /sys/fs/cgroup/pids /sys/fs/cgroup/rdma Cgroup v2 mount points: Cgroup v1 systemd controller: missing Cgroup v1 clone_children flag: enabled Cgroup device: enabled Cgroup sched: enabled Cgroup cpu account: enabled Cgroup memory controller: enabled Cgroup cpuset: enabled --- Misc --- Veth pair device: enabled, loaded Macvlan: enabled, not loaded Vlan: enabled, loaded Bridges: enabled, loaded Advanced netfilter: enabled, not loaded CONFIG_NF_NAT_IPV4: enabled, loaded CONFIG_NF_NAT_IPV6: enabled, not loaded CONFIG_IP_NF_TARGET_MASQUERADE: enabled, loaded CONFIG_IP6_NF_TARGET_MASQUERADE: enabled, not loaded CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled, loaded CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled, not loaded FUSE (for use with lxcfs): enabled, loaded --- Checkpoint/Restore --- checkpoint restore: enabled CONFIG_FHANDLE: enabled CONFIG_EVENTFD: enabled CONFIG_EPOLL: enabled CONFIG_UNIX_DIAG: enabled CONFIG_INET_DIAG: enabled CONFIG_PACKET_DIAG: enabled CONFIG_NETLINK_DIAG: enabled File capabilities: * `uname -a` Linux obarunS6 4.15.14-1-ARCH #1 SMP PREEMPT Wed Mar 28 17:34:29 UTC 2018 x86_64 GNU/Linux * `cat /proc/self/cgroup` 13:devices:/org/freedesktop/ConsoleKit/Session2 12:rdma:/org/freedesktop/ConsoleKit/Session2 11:pids:/org/freedesktop/ConsoleKit/Session2 10:hugetlb:/org/freedesktop/ConsoleKit/Session2 9:net_prio:/org/freedesktop/ConsoleKit/Session2 8:perf_event:/org/freedesktop/ConsoleKit/Session2 7:net_cls:/org/freedesktop/ConsoleKit/Session2 6:freezer:/org/freedesktop/ConsoleKit/Session2 5:memory:/org/freedesktop/ConsoleKit/Session2 4:blkio:/org/freedesktop/ConsoleKit/Session2 3:cpuacct:/org/freedesktop/ConsoleKit/Session2 2:cpu:/org/freedesktop/ConsoleKit/Session2 1:cpuset:/org/freedesktop/ConsoleKit/Session2 * `cat /proc/1/mounts` proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0 sys /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0 dev /dev devtmpfs rw,nosuid,relatime,size=4022836k,nr_inodes=1005709,mode=755 0 0 run /run tmpfs rw,nosuid,nodev,relatime,mode=755 0 0 /dev/sda3 / ext4 rw,relatime,data=ordered 0 0 shm /dev/shm tmpfs rw,nosuid,nodev,relatime 0 0 devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0 cgroup /sys/fs/cgroup tmpfs rw,relatime 0 0 cgroup /sys/fs/cgroup/cpuset cgroup rw,relatime,cpuset,clone_children 0 0 cgroup /sys/fs/cgroup/cpu cgroup rw,relatime,cpu 0 0 cgroup /sys/fs/cgroup/cpuacct cgroup rw,relatime,cpuacct 0 0 cgroup /sys/fs/cgroup/blkio cgroup rw,relatime,blkio 0 0 cgroup /sys/fs/cgroup/memory cgroup rw,relatime,memory 0 0 cgroup /sys/fs/cgroup/freezer cgroup rw,relatime,freezer 0 0 cgroup /sys/fs/cgroup/net_cls cgroup rw,relatime,net_cls 0 0 cgroup /sys/fs/cgroup/perf_event cgroup rw,relatime,perf_event,release_agent=/run/cgmanager/agents/cgm-release-agent.perf_event 0 0 cgroup /sys/fs/cgroup/net_prio cgroup rw,relatime,net_prio 0 0 cgroup /sys/fs/cgroup/hugetlb cgroup rw,relatime,hugetlb,release_agent=/run/cgmanager/agents/cgm-release-agent.hugetlb 0 0 cgroup /sys/fs/cgroup/pids cgroup rw,relatime,pids,release_agent=/run/cgmanager/agents/cgm-release-agent.pids 0 0 cgroup /sys/fs/cgroup/rdma cgroup rw,relatime,rdma,release_agent=/run/cgmanager/agents/cgm-release-agent.rdma 0 0 /dev/sda1 /boot ext2 rw,relatime,block_validity,barrier,user_xattr,acl,stripe=4 0 0 /dev/sda4 /home ext4 rw,relatime,data=ordered 0 0 none /run/user/1000 tmpfs rw,relatime,mode=700,uid=1000 0 0 gvfsd-fuse /run/user/1000/gvfs fuse.gvfsd-fuse rw,nosuid,nodev,relatime,user_id=1000,group_id=100 0 0 * `configuration file` lxc.include = /usr/share/lxc/config/common.conf lxc.tty.max = 2 lxc.signal.halt=SIGRTMIN+4 lxc.cap.drop = setfcap sys_nice sys_pacct sys_rawio * `log file` lxc-start base 20180410024430.386 INFO lxc_container - lxccontainer.c:do_lxcapi_start:939 - Attempting to set proc title to [lxc monitor] /var/lib/lxc base lxc-start base 20180410024430.386 INFO lxc_lsm - lsm/lsm.c:lsm_init:46 - LSM security driver nop lxc-start base 20180410024430.386 INFO lxc_seccomp - seccomp.c:parse_config_v2:585 - processing: .reject_force_umount # comment this to allow umount -f; not recommended lxc-start base 20180410024430.386 INFO lxc_seccomp - seccomp.c:parse_config_v2:761 - Adding native rule for reject_force_umount # comment this to allow umount -f; not recommended action 0(kill) lxc-start base 20180410024430.386 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:411 - Setting Seccomp rule to reject force umounts lxc-start base 20180410024430.386 INFO lxc_seccomp - seccomp.c:parse_config_v2:765 - Adding compat rule for reject_force_umount action 0(kill) lxc-start base 20180410024430.386 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:411 - Setting Seccomp rule to reject force umounts lxc-start base 20180410024430.386 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:411 - Setting Seccomp rule to reject force umounts lxc-start base 20180410024430.386 INFO lxc_seccomp - seccomp.c:parse_config_v2:585 - processing: .[all] lxc-start base 20180410024430.386 INFO lxc_seccomp - seccomp.c:parse_config_v2:585 - processing: .kexec_load errno 1 lxc-start base 20180410024430.386 INFO lxc_seccomp - seccomp.c:parse_config_v2:761 - Adding native rule for kexec_load errno 1 action 327681(errno) lxc-start base 20180410024430.386 INFO lxc_seccomp - seccomp.c:parse_config_v2:765 - Adding compat rule for kexec_load action 327681(errno) lxc-start base 20180410024430.386 INFO lxc_seccomp - seccomp.c:parse_config_v2:585 - processing: .open_by_handle_at errno 1 lxc-start base 20180410024430.386 INFO lxc_seccomp - seccomp.c:parse_config_v2:761 - Adding native rule for open_by_handle_at errno 1 action 327681(errno) lxc-start base 20180410024430.386 INFO lxc_seccomp - seccomp.c:parse_config_v2:765 - Adding compat rule for open_by_handle_at action 327681(errno) lxc-start base 20180410024430.386 INFO lxc_seccomp - seccomp.c:parse_config_v2:585 - processing: .init_module errno 1 lxc-start base 20180410024430.386 INFO lxc_seccomp - seccomp.c:parse_config_v2:761 - Adding native rule for init_module errno 1 action 327681(errno) lxc-start base 20180410024430.386 INFO lxc_seccomp - seccomp.c:parse_config_v2:765 - Adding compat rule for init_module action 327681(errno) lxc-start base 20180410024430.386 INFO lxc_seccomp - seccomp.c:parse_config_v2:585 - processing: .finit_module errno 1 lxc-start base 20180410024430.386 INFO lxc_seccomp - seccomp.c:parse_config_v2:761 - Adding native rule for finit_module errno 1 action 327681(errno) lxc-start base 20180410024430.386 INFO lxc_seccomp - seccomp.c:parse_config_v2:765 - Adding compat rule for finit_module action 327681(errno) lxc-start base 20180410024430.386 INFO lxc_seccomp - seccomp.c:parse_config_v2:585 - processing: .delete_module errno 1 lxc-start base 20180410024430.386 INFO lxc_seccomp - seccomp.c:parse_config_v2:761 - Adding native rule for delete_module errno 1 action 327681(errno) lxc-start base 20180410024430.386 INFO lxc_seccomp - seccomp.c:parse_config_v2:765 - Adding compat rule for delete_module action 327681(errno) lxc-start base 20180410024430.386 INFO lxc_seccomp - seccomp.c:parse_config_v2:775 - Merging in the compat Seccomp ctx into the main one lxc-start base 20180410024430.387 DEBUG terminal - terminal.c:lxc_terminal_peer_default:691 - The process does not have a controlling terminal lxc-start base 20180410024430.387 INFO lxc_start - start.c:lxc_init:846 - Container "base" is initialized lxc-start base 20180410024430.387 INFO lxc_network - network.c:instantiate_veth:171 - Retrieved mtu 1500 from lxcbr0 lxc-start base 20180410024430.387 INFO lxc_network - network.c:instantiate_veth:197 - Attached "veth10YFUQ" to bridge "lxcbr0" lxc-start base 20180410024430.388 DEBUG lxc_network - network.c:instantiate_veth:222 - Instantiated veth "veth10YFUQ/vethHBLU77", index is "6" lxc-start base 20180410024430.388 INFO lxc_cgroup - cgroups/cgroup.c:cgroup_init:60 - cgroup driver cgfsng initing for base lxc-start base 20180410024430.388 DEBUG lxc_cgfsng - cgroups/cgfsng.c:cg_legacy_handle_cpuset_hierarchy:750 - "cgroup.clone_children" was already set to "1" lxc-start base 20180410024430.389 INFO lxc_start - start.c:lxc_spawn:1614 - Cloned CLONE_NEWNS lxc-start base 20180410024430.389 INFO lxc_start - start.c:lxc_spawn:1614 - Cloned CLONE_NEWPID lxc-start base 20180410024430.389 INFO lxc_start - start.c:lxc_spawn:1614 - Cloned CLONE_NEWUTS lxc-start base 20180410024430.389 INFO lxc_start - start.c:lxc_spawn:1614 - Cloned CLONE_NEWIPC lxc-start base 20180410024430.389 INFO lxc_start - start.c:lxc_spawn:1614 - Cloned CLONE_NEWNET lxc-start base 20180410024430.389 DEBUG lxc_start - start.c:lxc_try_preserve_namespaces:199 - Preserved mnt namespace via fd 15 lxc-start base 20180410024430.389 DEBUG lxc_start - start.c:lxc_try_preserve_namespaces:199 - Preserved pid namespace via fd 16 lxc-start base 20180410024430.389 DEBUG lxc_start - start.c:lxc_try_preserve_namespaces:199 - Preserved uts namespace via fd 17 lxc-start base 20180410024430.389 DEBUG lxc_start - start.c:lxc_try_preserve_namespaces:199 - Preserved ipc namespace via fd 18 lxc-start base 20180410024430.389 DEBUG lxc_start - start.c:lxc_try_preserve_namespaces:199 - Preserved net namespace via fd 19 lxc-start base 20180410024430.389 INFO lxc_cgfsng - cgroups/cgfsng.c:__cg_legacy_setup_limits:2740 - Limits for the legacy cgroup hierarchies have been setup lxc-start base 20180410024430.389 DEBUG lxc_start - start.c:lxc_spawn:1668 - Preserved net namespace via fd 10 lxc-start base 20180410024430.399 DEBUG lxc_network - network.c:lxc_network_move_created_netdev_priv:2479 - Moved network device "vethHBLU77"/"eth0" to network namespace of 1643 lxc-start base 20180410024430.399 INFO lxc_start - start.c:do_start:1177 - Unshared CLONE_NEWCGROUP lxc-start base 20180410024430.399 DEBUG storage - storage/storage.c:storage_query:247 - Detected rootfs type "dir" lxc-start base 20180410024430.399 DEBUG lxc_conf - conf.c:lxc_setup_rootfs:1338 - Mounted rootfs "/var/cache/obarun/pkgbuild/base/container/rootfs" onto "/usr/lib/lxc/rootfs" with options "(null)" lxc-start base 20180410024430.399 INFO lxc_conf - conf.c:setup_utsname:774 - Set hostname to "base" lxc-start base 20180410024430.411 DEBUG lxc_network - network.c:setup_hw_addr:2745 - Mac address "00:16:3e:9d:ac:60" on "eth0" has been setup lxc-start base 20180410024430.411 DEBUG lxc_network - network.c:lxc_setup_netdev_in_child_namespaces:3003 - Network device "eth0" has been setup lxc-start base 20180410024430.411 INFO lxc_network - network.c:lxc_setup_network_in_child_namespaces:3024 - network has been setup lxc-start base 20180410024430.411 INFO lxc_conf - conf.c:mount_autodev:1163 - Preparing "/dev" lxc-start base 20180410024430.411 INFO lxc_conf - conf.c:mount_autodev:1185 - Mounted tmpfs on "/usr/lib/lxc/rootfs/dev" lxc-start base 20180410024430.411 INFO lxc_conf - conf.c:mount_autodev:1202 - Prepared "/dev" lxc-start base 20180410024430.411 INFO lxc_conf - conf.c:run_script_argv:368 - Executing script "/usr/share/lxcfs/lxc.mount.hook" for container "base", config section "lxc" lxc-start base 20180410024430.416 INFO lxc_conf - conf.c:lxc_fill_autodev:1238 - Populating "/dev" lxc-start base 20180410024430.416 DEBUG lxc_conf - conf.c:lxc_fill_autodev:1253 - Created device node "/usr/lib/lxc/rootfs/dev/full" lxc-start base 20180410024430.416 DEBUG lxc_conf - conf.c:lxc_fill_autodev:1253 - Created device node "/usr/lib/lxc/rootfs/dev/null" lxc-start base 20180410024430.416 DEBUG lxc_conf - conf.c:lxc_fill_autodev:1253 - Created device node "/usr/lib/lxc/rootfs/dev/random" lxc-start base 20180410024430.416 DEBUG lxc_conf - conf.c:lxc_fill_autodev:1253 - Created device node "/usr/lib/lxc/rootfs/dev/tty" lxc-start base 20180410024430.416 DEBUG lxc_conf - conf.c:lxc_fill_autodev:1253 - Created device node "/usr/lib/lxc/rootfs/dev/urandom" lxc-start base 20180410024430.416 DEBUG lxc_conf - conf.c:lxc_fill_autodev:1253 - Created device node "/usr/lib/lxc/rootfs/dev/zero" lxc-start base 20180410024430.416 INFO lxc_conf - conf.c:lxc_fill_autodev:1291 - Populated "/dev" lxc-start base 20180410024430.416 DEBUG lxc_conf - conf.c:mount_entry:1934 - Remounting "/sys/fs/fuse/connections" on "/usr/lib/lxc/rootfs/sys/fs/fuse/connections" to respect bind or remount options lxc-start base 20180410024430.416 DEBUG lxc_conf - conf.c:mount_entry:1955 - Flags for "/sys/fs/fuse/connections" were 4110, required extra flags are 14 lxc-start base 20180410024430.416 DEBUG lxc_conf - conf.c:mount_entry:2011 - Mounted "/sys/fs/fuse/connections" on "/usr/lib/lxc/rootfs/sys/fs/fuse/connections" with filesystem type "none" lxc-start base 20180410024430.416 INFO lxc_conf - conf.c:mount_file_entries:2243 - Finished setting up mounts lxc-start base 20180410024430.416 DEBUG lxc_conf - conf.c:lxc_setup_ttydir_console:1697 - Created directory for console and tty devices at "/usr/lib/lxc/rootfs/dev/lxc" lxc-start base 20180410024430.416 DEBUG lxc_conf - conf.c:lxc_setup_ttydir_console:1748 - Mounted "/dev/pts/2" onto "/usr/lib/lxc/rootfs/dev/lxc/console" lxc-start base 20180410024430.416 DEBUG lxc_conf - conf.c:lxc_setup_ttydir_console:1756 - Mounted "/dev/pts/2" onto "/usr/lib/lxc/rootfs/dev/lxc/console" lxc-start base 20180410024430.416 DEBUG lxc_conf - conf.c:lxc_setup_ttydir_console:1758 - Console has been setup under "/usr/lib/lxc/rootfs/dev/lxc/console" and mounted to "/usr/lib/lxc/rootfs/dev/console" lxc-start base 20180410024430.416 INFO lxc_utils - utils.c:lxc_mount_proc_if_needed:1720 - I am 1, /proc/self points to "1" lxc-start base 20180410024430.435 DEBUG lxc_conf - conf.c:setup_rootfs_pivot_root:1140 - pivot_root("/usr/lib/lxc/rootfs") successful lxc-start base 20180410024430.435 DEBUG lxc_conf - conf.c:setup_pivot_root:1469 - Finished pivot_root() lxc-start base 20180410024430.435 DEBUG lxc_conf - conf.c:lxc_setup_devpts:1549 - Mount new devpts instance with options "newinstance,ptmxmode=0666,mode=0620,max=1024" lxc-start base 20180410024430.435 DEBUG lxc_conf - conf.c:lxc_setup_devpts:1569 - Created dummy "/dev/ptmx" file as bind mount target lxc-start base 20180410024430.435 DEBUG lxc_conf - conf.c:lxc_setup_devpts:1574 - Bind mounted "/dev/pts/ptmx" to "/dev/ptmx" lxc-start base 20180410024430.435 DEBUG lxc_conf - conf.c:lxc_allocate_ttys:970 - Created tty "/dev/pts/0" with master fd 11 and slave fd 14 lxc-start base 20180410024430.435 DEBUG lxc_conf - conf.c:lxc_allocate_ttys:970 - Created tty "/dev/pts/1" with master fd 15 and slave fd 16 lxc-start base 20180410024430.435 DEBUG lxc_conf - conf.c:lxc_allocate_ttys:970 - Created tty "/dev/pts/2" with master fd 17 and slave fd 18 lxc-start base 20180410024430.435 DEBUG lxc_conf - conf.c:lxc_allocate_ttys:970 - Created tty "/dev/pts/3" with master fd 19 and slave fd 20 lxc-start base 20180410024430.435 DEBUG lxc_conf - conf.c:lxc_allocate_ttys:970 - Created tty "/dev/pts/4" with master fd 21 and slave fd 22 lxc-start base 20180410024430.435 DEBUG lxc_conf - conf.c:lxc_allocate_ttys:970 - Created tty "/dev/pts/5" with master fd 23 and slave fd 24 lxc-start base 20180410024430.435 INFO lxc_conf - conf.c:lxc_allocate_ttys:990 - Finished creating 6 tty devices lxc-start base 20180410024430.435 DEBUG lxc_conf - conf.c:lxc_setup_ttys:896 - Bind mounted "/dev/pts/0" onto "/dev/tty1" lxc-start base 20180410024430.435 DEBUG lxc_conf - conf.c:lxc_setup_ttys:896 - Bind mounted "/dev/pts/1" onto "/dev/tty2" lxc-start base 20180410024430.435 DEBUG lxc_conf - conf.c:lxc_setup_ttys:896 - Bind mounted "/dev/pts/2" onto "/dev/tty3" lxc-start base 20180410024430.435 DEBUG lxc_conf - conf.c:lxc_setup_ttys:896 - Bind mounted "/dev/pts/3" onto "/dev/tty4" lxc-start base 20180410024430.435 DEBUG lxc_conf - conf.c:lxc_setup_ttys:896 - Bind mounted "/dev/pts/4" onto "/dev/tty5" lxc-start base 20180410024430.435 DEBUG lxc_conf - conf.c:lxc_setup_ttys:896 - Bind mounted "/dev/pts/5" onto "/dev/tty6" lxc-start base 20180410024430.435 INFO lxc_conf - conf.c:lxc_setup_ttys:940 - Finished setting up 6 /dev/tty<N> device(s) lxc-start base 20180410024430.435 INFO lxc_conf - conf.c:setup_personality:1613 - Set personality to "0x0" lxc-start base 20180410024430.435 DEBUG lxc_conf - conf.c:setup_caps:2413 - Dropped mac_admin (33) capability lxc-start base 20180410024430.435 DEBUG lxc_conf - conf.c:setup_caps:2413 - Dropped mac_override (32) capability lxc-start base 20180410024430.435 DEBUG lxc_conf - conf.c:setup_caps:2413 - Dropped sys_time (25) capability lxc-start base 20180410024430.435 DEBUG lxc_conf - conf.c:setup_caps:2413 - Dropped sys_module (16) capability lxc-start base 20180410024430.435 DEBUG lxc_conf - conf.c:setup_caps:2413 - Dropped sys_rawio (17) capability lxc-start base 20180410024430.435 DEBUG lxc_conf - conf.c:setup_caps:2413 - Dropped setfcap (31) capability lxc-start base 20180410024430.435 DEBUG lxc_conf - conf.c:setup_caps:2413 - Dropped sys_nice (23) capability lxc-start base 20180410024430.435 DEBUG lxc_conf - conf.c:setup_caps:2413 - Dropped sys_pacct (20) capability lxc-start base 20180410024430.435 DEBUG lxc_conf - conf.c:setup_caps:2413 - Dropped sys_rawio (17) capability lxc-start base 20180410024430.435 DEBUG lxc_conf - conf.c:setup_caps:2416 - Capabilities have been setup lxc-start base 20180410024430.435 NOTICE lxc_conf - conf.c:lxc_setup:3479 - The container "base" is set up lxc-start base 20180410024430.436 ERROR lxc_cgfsng - cgroups/cgfsng.c:cg_legacy_set_data:2693 - Failed to setup limits for the "devices" controller. The controller seems to be unused by "cgfsng" cgroup driver or not enabled on the cgroup hierarchy lxc-start base 20180410024430.436 WARN lxc_cgfsng - cgroups/cgfsng.c:__cg_legacy_setup_limits:2731 - Failed to set "devices.deny" to "a" lxc-start base 20180410024430.436 ERROR lxc_start - start.c:lxc_spawn:1722 - Failed to setup legacy device cgroup controller limits lxc-start base 20180410024430.436 INFO lxc_network - network.c:lxc_delete_network_priv:2563 - Interface "eth0" with index 6 already deleted or existing in different network namespace lxc-start base 20180410024430.436 INFO lxc_network - network.c:lxc_delete_network_priv:2573 - Removed interface "eth0" with index 6 lxc-start base 20180410024430.463 INFO lxc_network - network.c:lxc_delete_network_priv:2594 - Removed interface "veth10YFUQ" from "lxcbr0" lxc-start base 20180410024430.463 DEBUG lxc_network - network.c:lxc_delete_network:3151 - Deleted network devices lxc-start base 20180410024430.463 DEBUG lxc_container - lxccontainer.c:wait_on_daemonized_start:812 - First child 1638 exited lxc-start base 20180410024430.463 ERROR lxc_container - lxccontainer.c:wait_on_daemonized_start:824 - Received container state "ABORTING" instead of "RUNNING" lxc-start base 20180410024430.463 ERROR lxc_start - start.c:__lxc_start:1866 - Failed to spawn container "base" lxc-start base 20180410024430.464 INFO lxc_conf - conf.c:run_script_argv:368 - Executing script "/usr/share/lxcfs/lxc.reboot.hook" for container "base", config section "lxc" # Issue description As you can see on the log, i have some trouble with the cgfsng driver. Googling the error doesn't help me more. So, i'm a little confused now with the use of cgmanager on this new lxc release and my knowledge about cgroups is very poor. Actually, i have a cgmanager service running on my system, but apparently this is not needed anymore. After looking here https://brauner.github.io/2018/02/20/lxc-removes-legacy-cgroup-drivers.html, it seem needed to start an lxcfs service(i'm not sure about that). So, what i need to use or do? my init system already populate the /sys/fs/cgroup parsing what it found in /proc/cgroups file Thanks for your time and help

(about mounting in second way), and to create unpriveleged container (third way).