[Wolves] Ubuntu 16.04 LXC Unprivileged containers and limits

Dave Morley davmor2 at davmor2.co.uk
Tue Aug 2 16:02:45 UTC 2016


On Tue, 02 Aug 2016 15:09:23 +0000
Simon Burke via Wolves <wolves at mailman.lug.org.uk> wrote:

> So I'm currently looking to replace our horrid dev team environment,
> and was looking to use a mix of Ansible, and LXC.
> 
> However I've come across an issue where I can start privileged
> containers with and without memory and cpu limits (via
> lxc.cgroup.memory.limit_in_bytes = 512M etc). But with an unprivileged
> user, I can run containers without any constraints, but as soon as I
> try to impose a limit... the container fails to start:
> 
>       lxc-start 20160802160535.160 ERROR    lxc_cgfsng -
> cgfsng.c:cgfsng_setup_limits:1645 - No devices cgroup setup for
> unpriv1 lxc-start 20160802160535.160 ERROR    lxc_start -
> start.c:lxc_spawn:1226 - failed to setup the devices cgroup for
> 'unpriv1' lxc-start 20160802160535.160 ERROR    lxc_start -
> start.c:__lxc_start:1353 - failed to spawn 'unpriv1'
>       lxc-start 20160802160535.191 INFO     lxc_conf -
> conf.c:run_script_argv:367 - Executing script
> '/usr/share/lxcfs/lxc.reboot.hook' for container 'unpriv1', config
> section 'lxc'
>       lxc-start 20160802160535.695 WARN     lxc_commands -
> commands.c:lxc_cmd_rsp_recv:172 - command get_cgroup failed to receive
> response
>       lxc-start 20160802160540.700 ERROR    lxc_start_ui -
> lxc_start.c:main:344 - The container failed to start.
> 
> The conf file for the container:
> 
>       # Distribution configuration
>       lxc.include = /usr/share/lxc/config/ubuntu.common.conf
>       lxc.include = /usr/share/lxc/config/ubuntu.userns.conf
>       lxc.arch = x86_64
> 
>       # Container specific configuration
>       lxc.id_map = u 0 165536 65536
>       lxc.id_map = g 0 165536 65536
>       lxc.rootfs = /home/lxc/.local/share/lxc/unpriv1/rootfs
>       lxc.rootfs.backend = dir
>       lxc.utsname = unpriv1
>       lxc.mount.auto = cgroup
>       lxc.cgroup.memory.limit_in_bytes = 512M
> 
>       # Network configuration
>       lxc.network.type = veth
>       lxc.network.link = br0
> 
> 
> Does anyone have reasonable suggestions as to what the heck I'm
> missing. I realise it is likely cgroup config that is missing, but Im
> struggling to find decent documentation for it...
> 
> Thanks.
> _______________________________________________
> Wolves LUG mailing list
> Homepage: http://www.wolveslug.org.uk/
> Mailing list: Wolves at mailman.lug.org.uk
> Mailing list home: https://mailman.lug.org.uk/mailman/listinfo/wolves

https://www.stgraber.org/2016/03/11/lxd-2-0-introduction-to-lxd-112/
this guy writes pretty good guides for lxc and lxd they should be able
to help you out.
-- 
You Make It, I'll Break It!

I Love My Job :)

http://www.canonical.com
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.lug.org.uk/pipermail/wolves/attachments/20160802/ff9851d6/attachment.sig>


More information about the Wolves mailing list