Lxc exec failure and systemd cgroup

HGuillemet · November 25, 2020, 10:34pm

I have been using non-systemd guests (gentoo) from a non-systemd host (gentoo) without problem.
Then I need to create a debian guest and I found out that the guest won’t start if /sys/fs/cgroup/systemd is unmounted (which is the case on gentoo host).
After

# mount -t cgroup -o none,name=systemd systemd /sys/fs/cgroup/systemd

the debian guest could start.
But then no way to exec anything in non-systemd containers:

$ lxc exec guest bash
Error: Failed to retrieve PID of executing child process
$ unmount /sys/fs/cgroup/systemd
$ lxc exec guest bash
guest #

What can explain this and how can I fix the issue ?

stgraber · November 26, 2020, 12:00am

Does restarting the broken containers help?

HGuillemet · November 26, 2020, 9:05am

The container is not really broken: it continues to work as normal after the mount, it’s just I cannot lxc exec.
Restarting the container when systemd is mounted works and I can lxc exec into it afterwards (at least during 15 minutes after the restart).
If I unmount, lxc exec still works.
If I remount, lxc exec still works.

So it seems that if /sys/fs/cgroup/systemd is mounted before I start all my containers, not just systemd containers, there is no issue.

Weird but manageable.
Thank you for your help.

stgraber · November 26, 2020, 4:27pm

Yeah, changing cgroup mount config on a running system is always quite tricky, we’d strongly recommend always mounting name=systemd if you think you may at some point run a container using systemd and have that done as early on boot as possible (prior to any container or even other services starting).