recently introduced systemd mount problems on unpriviledged containers
16 views
Skip to first unread message
Ede Wolf
May 13, 2021, 11:31:54 AM5/13/21
to LXC users mailing-list
After an upgrade of either lxc or systemd unpriviledged containers using
systemd as init fail to start, because they cannot mount
/sys/fs/cgroup/systemd:
"Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not permitted"
[!!!!!!] "Failed to mount API filesystems."
And fair enough, this directory does not exist on the host. Creating it
manually and assigning it the proper permissions makes the continer
start up:
mkdir /sys/fs/cgroup/systemd
mount -t cgroup -o none,name=systemd systemd /sys/fs/cgroup/systemd
chown unpriv:lxc /sys/fs/cgroup/systemd
Now, while it is no deal to create this directory beforehand, what is
unclear to me, if I have multiple containers running under different
users, how would that be accomplished when all are trying to mount the
same directory? So I am not sure, this is the proper way.
Another, not yet updated host, does neither feature this cgroup/systemd
directory, but the containers do still start up fine. And we are not
talking about a big jump:
lxc-4.0.6 vs. 4.0.8,
systemd 248-5 vs. 248.2-2
kernel 5.10.31 vs. 5.10.36
respectively, with the lower versions working flawlessly.
Why is such a fundamental change, that breaks existing installations,
not being reflected in versioning? Or is there just a fundamental
configuration issue on my side that I just have gotten away with so far?
Thanks
Ede
systemd as init fail to start, because they cannot mount
/sys/fs/cgroup/systemd:
"Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not permitted"
[!!!!!!] "Failed to mount API filesystems."
And fair enough, this directory does not exist on the host. Creating it
manually and assigning it the proper permissions makes the continer
start up:
mkdir /sys/fs/cgroup/systemd
mount -t cgroup -o none,name=systemd systemd /sys/fs/cgroup/systemd
chown unpriv:lxc /sys/fs/cgroup/systemd
Now, while it is no deal to create this directory beforehand, what is
unclear to me, if I have multiple containers running under different
users, how would that be accomplished when all are trying to mount the
same directory? So I am not sure, this is the proper way.
Another, not yet updated host, does neither feature this cgroup/systemd
directory, but the containers do still start up fine. And we are not
talking about a big jump:
lxc-4.0.6 vs. 4.0.8,
systemd 248-5 vs. 248.2-2
kernel 5.10.31 vs. 5.10.36
respectively, with the lower versions working flawlessly.
Why is such a fundamental change, that breaks existing installations,
not being reflected in versioning? Or is there just a fundamental
configuration issue on my side that I just have gotten away with so far?
Thanks
Ede
Reply all
Reply to author
Forward
0 new messages