[libvirt] Lxc support

Jean-Philippe Menil jean-philippe.menil at univ-nantes.fr
Fri Oct 29 13:41:25 UTC 2010 

Le 29/10/2010 14:51, Serge Hallyn a écrit :
> Quoting Jean-Philippe Menil (jean-philippe.menil at univ-nantes.fr):
>> 10:41:10.076: error : lxcContainerStart:858 : Failed to run clone
>> container: Operation not permitted
>
> I would guess that the libvirt process creating the container has dropped some
> of the needed capabilities (CAP_SYS_ADMIN and a few others).  Is libvirtd
> running as root?  What does /proc/$$/status for that process show?
Hi,

libvirt is running as root.

root at redbreast:/tmp# ps aux | grep libvirtd | grep -v grep
root     15718  0.0  0.0 157760  2924 ?        Sl   15:35   0:00 
/usr/sbin/libvirtd -d

root at redbreast:/tmp# cat /proc/15718/status
Name:	libvirtd
State:	S (sleeping)
Tgid:	15718
Pid:	15718
PPid:	1
TracerPid:	0
Uid:	0	0	0	0
Gid:	0	0	0	0
FDSize:	64
Groups:	0
VmPeak:	  181892 kB
VmSize:	  157760 kB
VmLck:	       0 kB
VmHWM:	    2924 kB
VmRSS:	    2924 kB
VmData:	  115012 kB
VmStk:	     136 kB
VmExe:	     792 kB
VmLib:	    6372 kB
VmPTE:	     124 kB
VmSwap:	       0 kB
Threads:	7
SigQ:	2/16382
SigPnd:	0000000000000000
ShdPnd:	0000000000000000
SigBlk:	0000000000000000
SigIgn:	0000000000001000
SigCgt:	0000000180014007
CapInh:	0000000000000000
CapPrm:	ffffffffffffffff
CapEff:	ffffffffffffffff
CapBnd:	ffffffffffffffff
Cpus_allowed:	ffff
Cpus_allowed_list:	0-15
Mems_allowed:	00000000,00000003
Mems_allowed_list:	0-1
voluntary_ctxt_switches:	321
nonvoluntary_ctxt_switches:	7

and

root at redbreast:/tmp# cat /proc/15718/cgroup
1:blkio,net_cls,freezer,devices,memory,cpuacct,cpu,ns,debug,cpuset:/

root at redbreast:/tmp# mount | grep cgroup
none on /var/local/cgroup type cgroup (rw)

In the log, i can find the following:
15:35:58.853: debug : virCgroupMakeGroup:496 : Make controller 
/var/local/cgroup/libvirt/lxc/
15:35:58.853: warning : lxcStartup:2109 : Unable to create cgroup for 
driver: Operation not permitted

If i do an:
root at redbreast:~# ls -la /var/local/cgroup/libvirt/lxc/
ls: impossible d'accéder à /var/local/cgroup/libvirt/lxc/: Aucun fichier 
ou dossier de ce type
root at redbreast:~# mkdir /var/local/cgroup/libvirt/lxc/
mkdir: impossible de créer le répertoire 
« /var/local/cgroup/libvirt/lxc/ »: Opération non permise

However, i mount the cgroup with the rw flag.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jean-philippe_menil.vcf
Type: text/x-vcard
Size: 433 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20101029/afa74d8c/attachment-0001.vcf>

More information about the libvir-list mailing list