May 14, 2021, 5:24:48 AMMay 14
to LXC users mailing-list
After an upgrade of either lxc or systemd, unpriviledged containers
using systemd as init system fail to start, because they cannot mount
"Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not permitted"
[!!!!!!] "Failed to mount API filesystems."
Fair enough, as this directory does not exist on the host. Creating it
manually and assigning it the proper permissions makes the continer
mount -t cgroup -o none,name=systemd systemd /sys/fs/cgroup/systemd
chown unpriv:lxc /sys/fs/cgroup/systemd
Now, while it is no deal to create this directory beforehand, what makes
me wonder, if I have multiple containers running under different users,
how would that be accomplished, when all are trying to mount the same
Therefore I am not too confident, this is the proper way of handling this.
Further, another, not yet updated host, does neither feature this
cgroup/systemd directory, but the containers do still start up fine. And
we are not talking about a big version jump:
lxc-4.0.6 vs. 4.0.8,
systemd 248-5 vs. 248.2-2.
kernel 5.10.31 vs. 5.10.36
respectively, with the lower versions still working flawlessly.
Has there been any major change, that is not reflected by the versioning?
Or are there any hints for an obvious misconfiguration on my side that
I've just been getting away with so far?