recently (re) introduced systemd mount problems on unpriviledged containers?

Skip to first unread message

Ede Wolf

May 14, 2021, 5:24:48 AMMay 14
to LXC users mailing-list

After an upgrade of either lxc or systemd, unpriviledged containers
using systemd as init system fail to start, because they cannot mount

"Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not permitted"
[!!!!!!] "Failed to mount API filesystems."

Fair enough, as this directory does not exist on the host. Creating it
manually and assigning it the proper permissions makes the continer
start up:

mkdir /sys/fs/cgroup/systemd
mount -t cgroup -o none,name=systemd systemd /sys/fs/cgroup/systemd
chown unpriv:lxc /sys/fs/cgroup/systemd

Now, while it is no deal to create this directory beforehand, what makes
me wonder, if I have multiple containers running under different users,
how would that be accomplished, when all are trying to mount the same
cgroup directory?
Therefore I am not too confident, this is the proper way of handling this.

Further, another, not yet updated host, does neither feature this
cgroup/systemd directory, but the containers do still start up fine. And
we are not talking about a big version jump:

lxc-4.0.6 vs. 4.0.8,
systemd 248-5 vs. 248.2-2.
kernel 5.10.31 vs. 5.10.36

respectively, with the lower versions still working flawlessly.

Has there been any major change, that is not reflected by the versioning?
Or are there any hints for an obvious misconfiguration on my side that
I've just been getting away with so far?


Reply all
Reply to author
0 new messages