[libvirt] Lxc support
Jean-Philippe Menil
jean-philippe.menil at univ-nantes.fr
Fri Oct 29 14:19:35 UTC 2010
Le 29/10/2010 15:59, Daniel P. Berrange a écrit :
> On Fri, Oct 29, 2010 at 03:41:25PM +0200, Jean-Philippe Menil wrote:
>> Le 29/10/2010 14:51, Serge Hallyn a écrit :
>>> Quoting Jean-Philippe Menil (jean-philippe.menil at univ-nantes.fr):
>>>> 10:41:10.076: error : lxcContainerStart:858 : Failed to run clone
>>>> container: Operation not permitted
>>>
>>> I would guess that the libvirt process creating the container has dropped
>>> some
>>> of the needed capabilities (CAP_SYS_ADMIN and a few others). Is libvirtd
>>> running as root? What does /proc/$$/status for that process show?
>> Hi,
>>
>> libvirt is running as root.
>>
>> root at redbreast:/tmp# ps aux | grep libvirtd | grep -v grep
>> root 15718 0.0 0.0 157760 2924 ? Sl 15:35 0:00
>> /usr/sbin/libvirtd -d
>>
>> root at redbreast:/tmp# cat /proc/15718/status
>> Name: libvirtd
>> State: S (sleeping)
>> Tgid: 15718
>> Pid: 15718
>> PPid: 1
>> TracerPid: 0
>> Uid: 0 0 0 0
>> Gid: 0 0 0 0
>> FDSize: 64
>> Groups: 0
>> VmPeak: 181892 kB
>> VmSize: 157760 kB
>> VmLck: 0 kB
>> VmHWM: 2924 kB
>> VmRSS: 2924 kB
>> VmData: 115012 kB
>> VmStk: 136 kB
>> VmExe: 792 kB
>> VmLib: 6372 kB
>> VmPTE: 124 kB
>> VmSwap: 0 kB
>> Threads: 7
>> SigQ: 2/16382
>> SigPnd: 0000000000000000
>> ShdPnd: 0000000000000000
>> SigBlk: 0000000000000000
>> SigIgn: 0000000000001000
>> SigCgt: 0000000180014007
>> CapInh: 0000000000000000
>> CapPrm: ffffffffffffffff
>> CapEff: ffffffffffffffff
>> CapBnd: ffffffffffffffff
>> Cpus_allowed: ffff
>> Cpus_allowed_list: 0-15
>> Mems_allowed: 00000000,00000003
>> Mems_allowed_list: 0-1
>> voluntary_ctxt_switches: 321
>> nonvoluntary_ctxt_switches: 7
>>
>> and
>>
>> root at redbreast:/tmp# cat /proc/15718/cgroup
>> 1:blkio,net_cls,freezer,devices,memory,cpuacct,cpu,ns,debug,cpuset:/
>
> The problem is probably the 'blkio' controller combined with the 'ns'
> controller. The 'blkio' controller will refuse to allow creation of
> any child cgroups. This will cause the libvirt warning you see below.
> It will also break the 'ns' cgroup, because that *requires* that you
> can create child cgroups when creating a new container.
>
>> root at redbreast:/tmp# mount | grep cgroup
>> none on /var/local/cgroup type cgroup (rw)
>>
>> In the log, i can find the following:
>> 15:35:58.853: debug : virCgroupMakeGroup:496 : Make controller
>> /var/local/cgroup/libvirt/lxc/
>> 15:35:58.853: warning : lxcStartup:2109 : Unable to create cgroup for
>> driver: Operation not permitted
>
>
> Daniel
Yes, you are right.
Removing the blk_cgroup module, and now everything work's fine.
Many thanks for your help.
Regards.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jean-philippe_menil.vcf
Type: text/x-vcard
Size: 447 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20101029/7988febf/attachment-0001.vcf>
More information about the libvir-list
mailing list