[Wolves] Ubuntu 16.04 LXC Unprivileged containers and limits
Dave Morley
davmor2 at davmor2.co.uk
Tue Aug 2 16:02:45 UTC 2016
On Tue, 02 Aug 2016 15:09:23 +0000
Simon Burke via Wolves <wolves at mailman.lug.org.uk> wrote:
> So I'm currently looking to replace our horrid dev team environment,
> and was looking to use a mix of Ansible, and LXC.
>
> However I've come across an issue where I can start privileged
> containers with and without memory and cpu limits (via
> lxc.cgroup.memory.limit_in_bytes = 512M etc). But with an unprivileged
> user, I can run containers without any constraints, but as soon as I
> try to impose a limit... the container fails to start:
>
> lxc-start 20160802160535.160 ERROR lxc_cgfsng -
> cgfsng.c:cgfsng_setup_limits:1645 - No devices cgroup setup for
> unpriv1 lxc-start 20160802160535.160 ERROR lxc_start -
> start.c:lxc_spawn:1226 - failed to setup the devices cgroup for
> 'unpriv1' lxc-start 20160802160535.160 ERROR lxc_start -
> start.c:__lxc_start:1353 - failed to spawn 'unpriv1'
> lxc-start 20160802160535.191 INFO lxc_conf -
> conf.c:run_script_argv:367 - Executing script
> '/usr/share/lxcfs/lxc.reboot.hook' for container 'unpriv1', config
> section 'lxc'
> lxc-start 20160802160535.695 WARN lxc_commands -
> commands.c:lxc_cmd_rsp_recv:172 - command get_cgroup failed to receive
> response
> lxc-start 20160802160540.700 ERROR lxc_start_ui -
> lxc_start.c:main:344 - The container failed to start.
>
> The conf file for the container:
>
> # Distribution configuration
> lxc.include = /usr/share/lxc/config/ubuntu.common.conf
> lxc.include = /usr/share/lxc/config/ubuntu.userns.conf
> lxc.arch = x86_64
>
> # Container specific configuration
> lxc.id_map = u 0 165536 65536
> lxc.id_map = g 0 165536 65536
> lxc.rootfs = /home/lxc/.local/share/lxc/unpriv1/rootfs
> lxc.rootfs.backend = dir
> lxc.utsname = unpriv1
> lxc.mount.auto = cgroup
> lxc.cgroup.memory.limit_in_bytes = 512M
>
> # Network configuration
> lxc.network.type = veth
> lxc.network.link = br0
>
>
> Does anyone have reasonable suggestions as to what the heck I'm
> missing. I realise it is likely cgroup config that is missing, but Im
> struggling to find decent documentation for it...
>
> Thanks.
> _______________________________________________
> Wolves LUG mailing list
> Homepage: http://www.wolveslug.org.uk/
> Mailing list: Wolves at mailman.lug.org.uk
> Mailing list home: https://mailman.lug.org.uk/mailman/listinfo/wolves
https://www.stgraber.org/2016/03/11/lxd-2-0-introduction-to-lxd-112/
this guy writes pretty good guides for lxc and lxd they should be able
to help you out.
--
You Make It, I'll Break It!
I Love My Job :)
http://www.canonical.com
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.lug.org.uk/pipermail/wolves/attachments/20160802/ff9851d6/attachment.sig>
More information about the Wolves
mailing list