Gentoo - systemd LXC containers not working under OpenRC
Linux - ContainersThis forum is for the discussion of all topics relating to Linux containers. Docker, LXC, LXD, runC, containerd, CoreOS, Kubernetes, Mesos, rkt, and all other Linux container platforms are welcome.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Gentoo - systemd LXC containers not working under OpenRC
Hello, I created a doskanoness cgroup namespace for my LXC containers but containers with systemd don't work.
The bash script that creates namespaces:
Code:
#!/bin/bash
mountpoint -q "/sys/fs/cgroup/systemd" \
|| (mkdir -p /sys/fs/cgroup/systemd && mount -t cgroup cgroup -o none,name=systemd /sys/fs/cgroup/systemd)
for d in /sys/fs/cgroup/*; do
f=$(basename $d)
if [ "$f" = "unified" ]; then
continue
elif [ "$f" = "cpuset" ]; then
echo 1 > $d/cgroup.clone_children;
elif [ "$f" = "memory" ]; then
echo 1 > $d/memory.use_hierarchy;
fi
mkdir -p $d/doskanoness
chown -R doskanoness:doskanoness $d/doskanoness
done
Before editing /etc/cgroup/cgrules.conf and reboot:
Code:
doskanoness@lxc-gentoo ~ $ cat /proc/self/cgroup
15:name=systemd:/
14:misc:/doskanoness
13:pids:/doskanoness
12:hugetlb:/doskanoness
11:net_prio:/doskanoness
10:perf_event:/doskanoness
9:net_cls:/doskanoness
8:freezer:/doskanoness
7:devices:/doskanoness
6:memory:/doskanoness
5:blkio:/doskanoness
4:cpuacct:/doskanoness
3:cpu:/doskanoness
2:cpuset:/doskanoness
1:name=openrc:/sshd
0::/ssh
doskanoness@lxc-gentoo ~ $ cat /etc/cgroup/cgrules.conf
# /etc/cgrules.conf
#The format of this file is described in cgrules.conf(5)
#manual page.
#
# Example:
#<user> <controllers> <destination>
#@student cpu,memory usergroup/student/
#peter cpu test1/
#% memory test2/
doskanoness misc,pids,hugetlb,net_prio,perf_event,net_cls,freezer,devices,memory,blkio,cpuacct,cpu,cpuset doskanoness/
# End of file
doskanoness@lxc-gentoo ~ $ cat /etc/cgroup/cgred.conf
# /etc/sysconfig/cgred.conf - CGroup Rules Engine Daemon configuration file
#
# The four options listed below (CONFIG_FILE, LOG_FILE, NODAEMON, LOG) are
# the only valid ones. Defining anything else in this file will cause the
# CGroup Rules Engine program to fail. So, don't do it.
# The pathname to the configuration file for CGroup Rules Engine
CONFIG_FILE="/etc/cgroup/cgrules.conf"
# Uncomment the following line to log to specified file instead of syslog
#LOG_FILE="/var/log/cgrulesengd.log"
# Uncomment the second line to run CGroup Rules Engine in non-daemon mode
NODAEMON=""
#NODAEMON="--nodaemon"
# Set owner of cgred socket. 'cgexec' tool should have write access there
# (either using suid and/or sgid permissions or Linux capabilities).
SOCKET_USER=""
SOCKET_GROUP="cgred"
# Uncomment the second line to disable logging for CGroup Rules Engine
# Uncomment the third line to enable more verbose logging.
LOG=""
#LOG="--nolog"
#LOG="-v
and after:
Code:
doskanoness@lxc-gentoo ~ $ cat /proc/self/cgroup
15:name=systemd:/
14:misc:/
13:pids:/
12:hugetlb:/
11:net_prio:/
10:perf_event:/
9:net_cls:/
8:freezer:/
7:devices:/
6:memory:/
5:blkio:/
4:cpuacct:/
3:cpu:/
2:cpuset:/
1:name=openrc:/sshd
0::/sshd
doskanoness@lxc-gentoo ~ $ cat /etc/cgroup/cgrules.conf
# /etc/cgrules.conf
#The format of this file is described in cgrules.conf(5)
#manual page.
#
# Example:
#<user> <controllers> <destination>
#@student cpu,memory usergroup/student/
#peter cpu test1/
#% memory test2/
doskanoness name=systemd,name=openrc,misc,pids,hugetlb,net_prio,perf_event,net_cls,freezer,devices,memory,blkio,cpuacct,cpu,cpuset doskanoness/
# End of file
doskanoness@lxc-gentoo ~ $ cat /etc/cgroup/cgred.conf
# /etc/sysconfig/cgred.conf - CGroup Rules Engine Daemon configuration file
#
# The four options listed below (CONFIG_FILE, LOG_FILE, NODAEMON, LOG) are
# the only valid ones. Defining anything else in this file will cause the
# CGroup Rules Engine program to fail. So, don't do it.
# The pathname to the configuration file for CGroup Rules Engine
CONFIG_FILE="/etc/cgroup/cgrules.conf"
# Uncomment the following line to log to specified file instead of syslog
#LOG_FILE="/var/log/cgrulesengd.log"
# Uncomment the second line to run CGroup Rules Engine in non-daemon mode
NODAEMON=""
#NODAEMON="--nodaemon"
# Set owner of cgred socket. 'cgexec' tool should have write access there
# (either using suid and/or sgid permissions or Linux capabilities).
SOCKET_USER=""
SOCKET_GROUP="cgred"
# Uncomment the second line to disable logging for CGroup Rules Engine
# Uncomment the third line to enable more verbose logging.
LOG=""
#LOG="--nolog"
#LOG="-v"
doskanoness@lxc-gentoo ~ $ echo $$
2585
doskanoness@lxc-gentoo ~ $ sudo cgclassify -g name=systemd:doskanoness 2585
Error changing group of pid 2585: Success
The full output of cgrules -d: https://dpaste.com/85P8FTS5S
What should I put in /etc/cgroup/cgrules.conf to assign doskanoness cgroup to the name=systemd controller?
Thanks
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
