[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: LXC backport for jessie?

Hi again,

Just tested the 1.1.5 backport on Jessie. Works very well. The problems I had with 1.0.6 yesterday are gone today with 1.1.5.
However when I start a container, the following output is shown:

# lxc-start -n a1 -d
lxc-start: utils.c: setproctitle: 1461 Invalid argument - setting cmdline failed

This is not an error but rather an informative output which was discussed in https://lists.linuxcontainers.org/pipermail/lxc-users/2015-November/010409.html.
It should go away with the 1.1.6 release.

cheers,
ck


On Wed, Mar 30, 2016 at 7:43 AM, Claudio Kuenzler <ck@claudiokuenzler.com> wrote:
Hello Christian,

Appreciate your effort in backporting the new(er) LXC 1.1 to Jessie. Thank you!
Just yesterday I came across a show-stopper with a bugging 1.0.6 so I would have had to
a) Compile a newer LXC myself or
b) Move to Ubuntu

I'll test the backport today.

Thanks again.


On Tue, Mar 29, 2016 at 8:17 PM, Christian Seiler <christian@iwakd.de> wrote:
On 03/05/2016 11:30 AM, Bogdan wrote:
> Would someone be interested in creating such a backport?

Just for your information: lxc 1:1.1.5-1~bpo8+1 was accepted into
jessie-backports today (thanks, backports ftp-masters!) and is
already available on the amd64 architecture, the other architectures
(such as i386) will need to wait a bit longer to appear (but will
soon).

Take note of two things:

1. To create a container as a normal user (which was your use case for
requesting the backport, I believe) needs some manual intervention
(also on Stretch, this is not specific to the backport):

    a. You need to explicitly tell the kernel to allow it (it's
       disabled by default), so set the following sysctl:
       kernel.unprivileged_userns_clone = 1
       (Make it permanent in /etc/sysctl.d.)

    b. You need to make sure that the process starting the LXC
       container is in a cgroup where the current user can create
       sub-cgroups for _every_ controller. In Ubuntu their systemd
       version carries a patch that session scopes have that
       property by default to support LXC, but that is not the case
       in Debian, which basically means this still needs to be done
       manually at the moment. Examples of how to do so can be found
       in the first repsonse in this stackexchange thread: [1]

If you follow that, you can in fact create unprivileged containers
as a normal user, both on Stretch and also on Jessie with this
backport.

2. As per backports policy, we will track the LXC package in Stretch
with jessie-backports, and the plan for Stretch is to include LXC
2.0. So be aware that at some point in the future, once LXC 2.0 has
been migrated to Stretch, we will also upload a backport of LXC 2.0
to jessie-backports and 1.1 will not be available anymore. Nobody in
Debian has plans to support LXC 1.1 after that point. (On the other
hand, LXC 2.0 is what's going to make the whole cgroup business much
easier to use out of the box.)

Regards,
Christian

[1] http://unix.stackexchange.com/questions/170998/how-to-create-user-cgroups-with-systemd



Reply to: