Thomas Glaeser
Thomas Glaeser
I can't confirm that this solves the issue reported here, which happens only when launching the container as ordinary user, not when starting it as root. I can confirm though...
When setting `lxc.init.cmd = /bin/bash` the container start fails with ``` lxc-start foo 20220210232048.293 INFO confile - confile.c:set_config_idmaps:2069 - Read uid map: type u nsid 0 hostid 1000000 range 1000...
Right, it seems to be a permission issue. You mean write access to files under `/sys/fs/cgroup/`? And yes those files are usually owned by `root:root` and only writable by user...
When comparing the log output from `desktop` startup running as `root` to the `foo` startup running as `admin` the significant difference before the error seems to be ``` lxc-start foo...
Any comments from the LXC team please, @brauner, @stgraber? What am I missing when copying a perfectly working unprivileged container from `/var/lib/lxc/` to `/home/admin/.local/share/lxc`; what else do I need to...
> It is not possible to simply start a container from a shell as a user and automatically delegate a cgroup. Therefore, you need to wrap each call to any...
> You need to ensure that the process from which you're running `lxc-start` has write access to its cgroups. You can look at the cgroup list through `cat /proc/self/cgroup` and...
> No, for cgroup2, it's typically handled by systemd, so you need a systemd scope which is what systemd-run does for you. Hmm, I'm now using `systemd-run` to start the...
Thanks @stgraber for checking. I updated the uploaded file [foo.log](https://tglaeser.keybase.pub/foo.log) with debug log level. Also here is the output from `cat /proc/self/cgroup`: ``` 7:memory:/user.slice/user-1000.slice/session-7.scope 6:devices:/user.slice 5:freezer:/ 4:blkio:/user.slice 3:cpuset:/ 2:cpu,cpuacct:/user.slice 1:name=systemd:/user.slice/user-1000.slice/session-7.scope...
Now, this is getting interesting. Here it is: ``` $ cat /proc/self/cgroup 7:memory:/user.slice/user-1000.slice/session-7.scope 6:cpu,cpuacct:/user.slice 5:devices:/user.slice 4:freezer:/ 3:cpuset:/ 2:blkio:/user.slice 1:name=systemd:/user.slice/user-1000.slice/session-7.scope 0::/user.slice/user-1000.slice/session-7.scope ``` ``` $ systemd-run --unit=foo --user --scope -p "Delegate=yes" --...