[libvirt] Lxc support

Jean-Philippe Menil jean-philippe.menil at univ-nantes.fr
Fri Oct 29 10:27:59 UTC 2010 

Le 29/10/2010 12:00, Osier a écrit :
> On 10/29/2010 04:42 PM, Jean-Philippe Menil wrote:
>> Hi,
>>
>> i'm trying to test the lxc support in libvirt, but but libvirt failed to
>> start container with error "lxcContainerAvailable:897 : clone call
>> returned Operation not permitted, container support is not enabled"
>>
>
> What's the kernel version you use? Just as the error message says, the
> system call 'clone' failed, It's probly caused by lacking of kernel
> support.
>
> At least you should make sure 'clone' support these flags:
>
> CLONE_NEWPID, CLONE_NEWNS, CLONE_NEWUTS, CLONE_NEWIPC, SIGCHLD
>
> - Osier
>
>> Althought i've compiled libvirt with th lxc support:
>> configure: Configuration summary
>> configure: =====================
>> configure:
>> configure: Drivers
>> configure:
>> configure: Xen: no
>> configure: Proxy: no
>> configure: QEMU: yes
>> configure: UML: yes
>> configure: OpenVZ: no
>> configure: VBox: no
>> configure: XenAPI: no
>> configure: LXC: yes
>> configure: PHYP: no
>> configure: ONE: no
>> configure: ESX: no
>> configure: Test: yes
>> configure: Remote: yes
>> configure: Network: yes
>> configure: Libvirtd: yes
>> configure: netcf: no
>> configure: macvtap: yes
>> configure: virtport: no
>>
>> Here is my xml:
>> <domain type='lxc'>
>> <name>lxc1</name>
>> <memory>500000</memory>
>> <os>
>> <type>exe</type>
>> <init>/bin/sh</init>
>> </os>
>> <vcpu>1</vcpu>
>> <clock offset='utc'/>
>> <on_poweroff>destroy</on_poweroff>
>> <on_reboot>restart</on_reboot>
>> <on_crash>destroy</on_crash>
>> <devices>
>> <emulator>/usr/lib/libvirt/libvirt_lxc</emulator>
>> <filesystem type='mount'>
>> <source dir='/var/lib/lxc/lxc1/rootfs'/>
>> <target dir='/'/>
>> </filesystem>
>> <interface type='bridge'>
>> <source bridge='U13'/>
>> <target dev='veth0'/>
>> </interface>
>> <console type='pty' >
>> <target port='5'/>
>> </console>
>> </devices>
>> </domain>
>>
>> And here are the errors:
>> 10:41:09.968: debug : virCgroupNew:542 : New group /
>> 10:41:09.968: debug : virCgroupDetect:232 : Detected mount/mapping 0:cpu
>> at /var/local/cgroup in
>> 10:41:09.968: debug : virCgroupDetect:232 : Detected mount/mapping
>> 1:cpuacct at /var/local/cgroup in
>> 10:41:09.968: debug : virCgroupDetect:232 : Detected mount/mapping
>> 2:cpuset at /var/local/cgroup in
>> 10:41:09.968: debug : virCgroupDetect:232 : Detected mount/mapping
>> 3:memory at /var/local/cgroup in
>> 10:41:09.968: debug : virCgroupDetect:232 : Detected mount/mapping
>> 4:devices at /var/local/cgroup in
>> 10:41:09.968: debug : virCgroupDetect:232 : Detected mount/mapping
>> 5:freezer at /var/local/cgroup in
>> 10:41:09.968: debug : virCgroupNew:542 : New group /libvirt
>> 10:41:09.968: debug : virCgroupDetect:232 : Detected mount/mapping 0:cpu
>> at /var/local/cgroup in
>> 10:41:09.968: debug : virCgroupDetect:232 : Detected mount/mapping
>> 1:cpuacct at /var/local/cgroup in
>> 10:41:09.968: debug : virCgroupDetect:232 : Detected mount/mapping
>> 2:cpuset at /var/local/cgroup in
>> 10:41:09.968: debug : virCgroupDetect:232 : Detected mount/mapping
>> 3:memory at /var/local/cgroup in
>> 10:41:09.968: debug : virCgroupDetect:232 : Detected mount/mapping
>> 4:devices at /var/local/cgroup in
>> 10:41:09.968: debug : virCgroupDetect:232 : Detected mount/mapping
>> 5:freezer at /var/local/cgroup in
>> 10:41:09.968: debug : virCgroupMakeGroup:484 : Make group /libvirt
>> 10:41:09.968: debug : virCgroupMakeGroup:496 : Make controller
>> /var/local/cgroup/libvirt/
>> 10:41:09.968: debug : virCgroupMakeGroup:496 : Make controller
>> /var/local/cgroup/libvirt/
>> 10:41:09.968: debug : virCgroupMakeGroup:496 : Make controller
>> /var/local/cgroup/libvirt/
>> 10:41:09.968: debug : virCgroupMakeGroup:496 : Make controller
>> /var/local/cgroup/libvirt/
>> 10:41:09.968: debug : virCgroupMakeGroup:496 : Make controller
>> /var/local/cgroup/libvirt/
>> 10:41:09.968: debug : virCgroupMakeGroup:496 : Make controller
>> /var/local/cgroup/libvirt/
>> 10:41:09.968: debug : virCgroupNew:542 : New group /libvirt/lxc
>> 10:41:09.968: debug : virCgroupDetect:232 : Detected mount/mapping 0:cpu
>> at /var/local/cgroup in
>> 10:41:09.968: debug : virCgroupDetect:232 : Detected mount/mapping
>> 1:cpuacct at /var/local/cgroup in
>> 10:41:09.968: debug : virCgroupDetect:232 : Detected mount/mapping
>> 2:cpuset at /var/local/cgroup in
>> 10:41:09.968: debug : virCgroupDetect:232 : Detected mount/mapping
>> 3:memory at /var/local/cgroup in
>> 10:41:09.968: debug : virCgroupDetect:232 : Detected mount/mapping
>> 4:devices at /var/local/cgroup in
>> 10:41:09.968: debug : virCgroupDetect:232 : Detected mount/mapping
>> 5:freezer at /var/local/cgroup in
>> 10:41:09.968: debug : virCgroupMakeGroup:484 : Make group /libvirt/lxc
>> 10:41:09.968: debug : virCgroupMakeGroup:496 : Make controller
>> /var/local/cgroup/libvirt/lxc/
>> 10:41:09.968: debug : lxcControllerRun:595 : Setting up private /dev/pts
>> 10:41:10.012: debug : lxcControllerRun:621 : Mouting 'devpts' on
>> /var/lib/lxc/lxc1/rootfs/dev/pts
>> 10:41:10.012: debug : lxcControllerRun:636 : Opening tty on private
>> /var/lib/lxc/lxc1/rootfs/dev/pts/ptmx
>> 10:41:10.044: debug : lxcContainerAvailable:897 : clone call returned
>> Operation not permitted, container support is not enabled
>> 10:41:10.044: debug : lxcContainerStart:848 : Enable network namespaces
>> 10:41:10.076: debug : lxcContainerStart:854 : clone() completed, new
>> container PID is -1
>> 10:41:10.076: error : lxcContainerStart:858 : Failed to run clone
>> container: Operation not permitted
>> 10:41:10.076: debug : vethDelete:159 : veth: veth1
>> 10:41:10.076: debug : virRunWithHook:818 : ip link del veth1
>>
>> Can someone tell me what i'm doing wrong?
>>
>> Many thanks.
>>
>> Regards.
>>
>>
>>
>> --
>> libvir-list mailing list
>> libvir-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/libvir-list
>
> --
> libvir-list mailing list
> libvir-list at redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
Hi,

thanks for your response.
The kernel is a 2.6.36 wit hthe following:
root at redbreast:/tmp# cat /boot/config-2.6.36-dsiun-1a | grep -i  pid
CONFIG_PROC_PID_CPUSET=y
CONFIG_PID_NS=y
# CONFIG_SPI_SPIDEV is not set
CONFIG_HID_PID=y
root at redbreast:/tmp# cat /boot/config-2.6.36-dsiun-1a | grep -i  cgroup
CONFIG_CGROUPS=y
CONFIG_CGROUP_DEBUG=y
CONFIG_CGROUP_NS=y
CONFIG_CGROUP_FREEZER=y
CONFIG_CGROUP_DEVICE=y
CONFIG_CGROUP_CPUACCT=y
CONFIG_CGROUP_MEM_RES_CTLR=y
CONFIG_CGROUP_MEM_RES_CTLR_SWAP=y
CONFIG_CGROUP_SCHED=y
CONFIG_BLK_CGROUP=m
# CONFIG_DEBUG_BLK_CGROUP is not set
CONFIG_NET_CLS_CGROUP=y

Can you explain, how can i check the clone flags?

Many thanks.

Regards.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jean-philippe_menil.vcf
Type: text/x-vcard
Size: 433 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20101029/2e1464ad/attachment-0001.vcf>

More information about the libvir-list mailing list