[libvirt] Lxc support

Jean-Philippe Menil jean-philippe.menil at univ-nantes.fr
Fri Oct 29 14:19:35 UTC 2010


Le 29/10/2010 15:59, Daniel P. Berrange a écrit :
> On Fri, Oct 29, 2010 at 03:41:25PM +0200, Jean-Philippe Menil wrote:
>> Le 29/10/2010 14:51, Serge Hallyn a écrit :
>>> Quoting Jean-Philippe Menil (jean-philippe.menil at univ-nantes.fr):
>>>> 10:41:10.076: error : lxcContainerStart:858 : Failed to run clone
>>>> container: Operation not permitted
>>>
>>> I would guess that the libvirt process creating the container has dropped
>>> some
>>> of the needed capabilities (CAP_SYS_ADMIN and a few others).  Is libvirtd
>>> running as root?  What does /proc/$$/status for that process show?
>> Hi,
>>
>> libvirt is running as root.
>>
>> root at redbreast:/tmp# ps aux | grep libvirtd | grep -v grep
>> root     15718  0.0  0.0 157760  2924 ?        Sl   15:35   0:00
>> /usr/sbin/libvirtd -d
>>
>> root at redbreast:/tmp# cat /proc/15718/status
>> Name:	libvirtd
>> State:	S (sleeping)
>> Tgid:	15718
>> Pid:	15718
>> PPid:	1
>> TracerPid:	0
>> Uid:	0	0	0	0
>> Gid:	0	0	0	0
>> FDSize:	64
>> Groups:	0
>> VmPeak:	  181892 kB
>> VmSize:	  157760 kB
>> VmLck:	       0 kB
>> VmHWM:	    2924 kB
>> VmRSS:	    2924 kB
>> VmData:	  115012 kB
>> VmStk:	     136 kB
>> VmExe:	     792 kB
>> VmLib:	    6372 kB
>> VmPTE:	     124 kB
>> VmSwap:	       0 kB
>> Threads:	7
>> SigQ:	2/16382
>> SigPnd:	0000000000000000
>> ShdPnd:	0000000000000000
>> SigBlk:	0000000000000000
>> SigIgn:	0000000000001000
>> SigCgt:	0000000180014007
>> CapInh:	0000000000000000
>> CapPrm:	ffffffffffffffff
>> CapEff:	ffffffffffffffff
>> CapBnd:	ffffffffffffffff
>> Cpus_allowed:	ffff
>> Cpus_allowed_list:	0-15
>> Mems_allowed:	00000000,00000003
>> Mems_allowed_list:	0-1
>> voluntary_ctxt_switches:	321
>> nonvoluntary_ctxt_switches:	7
>>
>> and
>>
>> root at redbreast:/tmp# cat /proc/15718/cgroup
>> 1:blkio,net_cls,freezer,devices,memory,cpuacct,cpu,ns,debug,cpuset:/
>
> The problem is probably the 'blkio' controller combined with the 'ns'
> controller. The 'blkio' controller will refuse to allow creation of
> any child cgroups. This will cause the libvirt warning you see below.
> It will also break the 'ns' cgroup, because that *requires* that you
> can create child cgroups when creating a new container.
>
>> root at redbreast:/tmp# mount | grep cgroup
>> none on /var/local/cgroup type cgroup (rw)
>>
>> In the log, i can find the following:
>> 15:35:58.853: debug : virCgroupMakeGroup:496 : Make controller
>> /var/local/cgroup/libvirt/lxc/
>> 15:35:58.853: warning : lxcStartup:2109 : Unable to create cgroup for
>> driver: Operation not permitted
>
>
> Daniel
Yes, you are right.
Removing the blk_cgroup module, and now everything work's fine.

Many thanks for your help.

Regards.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jean-philippe_menil.vcf
Type: text/x-vcard
Size: 447 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20101029/7988febf/attachment-0001.vcf>


More information about the libvir-list mailing list