Ede Wolf
unread,May 14, 2021, 5:24:48 AM5/14/21Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Sign in to report message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to LXC users mailing-list
Hello,
After an upgrade of either lxc or systemd, unpriviledged containers
using systemd as init system fail to start, because they cannot mount
/sys/fs/cgroup/systemd:
"Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not permitted"
[!!!!!!] "Failed to mount API filesystems."
Fair enough, as this directory does not exist on the host. Creating it
manually and assigning it the proper permissions makes the continer
start up:
mkdir /sys/fs/cgroup/systemd
mount -t cgroup -o none,name=systemd systemd /sys/fs/cgroup/systemd
chown unpriv:lxc /sys/fs/cgroup/systemd
Now, while it is no deal to create this directory beforehand, what makes
me wonder, if I have multiple containers running under different users,
how would that be accomplished, when all are trying to mount the same
cgroup directory?
Therefore I am not too confident, this is the proper way of handling this.
Further, another, not yet updated host, does neither feature this
cgroup/systemd directory, but the containers do still start up fine. And
we are not talking about a big version jump:
lxc-4.0.6 vs. 4.0.8,
systemd 248-5 vs. 248.2-2.
kernel 5.10.31 vs. 5.10.36
respectively, with the lower versions still working flawlessly.
Has there been any major change, that is not reflected by the versioning?
Or are there any hints for an obvious misconfiguration on my side that
I've just been getting away with so far?
Thanks
Ede