Hi,
I am able to create and run privileged containers on OpenWRT 19.07.2 and LXC 2.1.1
I am unable to run unprivileged containers. I am getting the following errors
lxc-start myalpine 20200410140608.707 ERROR lxc_utils - utils.c:mkdir_p:257 - Permission denied - failed to create directory '/sys/fs/cgroup/lxc/myalpine'
lxc-start myalpine 20200410140608.707 ERROR lxc_cgfs - cgroups/cgfs.c:lxc_cgroupfs_create:1022 - Permission denied - Could not create cgroup '/lxc/myalpine' in '/sys/fs/cgroup'.
lxc-start myalpine 20200410140608.710 ERROR lxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:209 - Permission denied - Failed to delete /sys/fs/cgroup//lxc
lxc-start myalpine 20200410140608.711 ERROR lxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:209 - Permission denied - Failed to delete /sys/fs/cgroup/
lxc-start myalpine 20200410140608.711 ERROR lxc_start - start.c:lxc_spawn:1221 - Failed creating cgroups.
There is lxc
directory under /sys/fs/cgroup
and it is owned by root:root
I went through similar posts in this forum and other forums as well. I am trying to provide as much information as possible here:
/proc/self/cgroup
cat /proc/self/cgroup
1:cpuset,cpu,cpuacct,blkio,memory,devices,freezer,net_cls,perf_event,pids,debug:/
Config File
cat /home/strive/.local/share/lxc/myalpine/config
lxc.include = /etc/lxc/default.conf
lxc.include = /usr/share/lxc/config/alpine.common.conf
lxc.include = /usr/share/lxc/config/alpine.userns.conf
lxc.arch = linux64
# find your ids via
# cat /etc/s*id|grep $USER
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536
lxc.init.uid = 100000
lxc.init.gid = 100000
lxc.mount.auto = proc:mixed sys:ro cgroup:mixed
# lan interface
lxc.net.0.type = veth
lxc.net.0.link = br-lan
lxc.net.0.flags = up
# wan interface
#lxc.net.1.type = veth
#lxc.net.1.link = br-lan
# adapt <user> and <vm-name>
lxc.rootfs.path = dir:/home/strive/.local/share/lxc/myalpine/rootfs
In one of the posts it was mentioned to include the line session optional pam_cgfs.so -c freezer,memory,name=systemd,cpuset,cpu
in /etc/pam.d/common-session
and /etc/pam.d/common-session-noninteractive
files. However, pam_cgfs.so
is not present in my OpenWRT VM.
Am i missing something that is required for proper cgroup hierarchy. Please give me some pointers to solve this issue.