Skip to main content
Unix & Linux

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

Required fields*

7
  • Thank you @Anthon, I never can ever get the code formatting right in these websites ,x Commented Jan 28, 2015 at 22:50
  • Thank you. Sorry for the late reply. Your first point, "Actually in archlinux, this won't work with e.g. a unprivileged user (recommended when using unpriv. lxc containers). i.e. that user doesn't have sudo :)" does not stand as you only need your root administrator to create and chown you into all cgroup controllers. This is perfectly fine and secure.movepid can be done without root rights and hence, the unpriv. user does not need any sudorights. (Btw, libcgroup is not supposed to be used anymore. RHEL and others have deprecated it.) Commented Jan 31, 2015 at 14:44
  • @Brauner. How do you autostart at boot, your unprivileged user's containers then? Actually your solutions listed only worked (and implied) a sudo user. Mine did not. You asked how to fix it. Anyway, there has just been an update, and cgconfig now fails to start, as user.slices are added automatically, ahead of the cgconfig settings it seems. These are lacking any user permissions (possibly a regression bug, am looking into it now). I didn't say it was the best solution. It was the/a solution to your inquiry. :) But my containers aren't starting on boot now, grrr. Commented Jan 31, 2015 at 15:48
  • The reason I listed systemctl enable lxcadmin@container was so root could decide to run a unpriv container on boot. If the user himself uses it in --user (land), it would only boot when he logs in, not very useful for a server. And a note on your comment. chowning a user into all controllers, allows that user to start moving pid's into host space, I believe, which is quite a security risk. Commented Jan 31, 2015 at 15:52
  • Erm, that seemingly is what you were doing with your method initially listed I guess, but look at this, even if it's ubuntu systemd package bugs.launchpad.net/ubuntu/+source/systemd/+bug/1413927 But something was updated in past days changing the logic.. I am trying to track it down. Commented Jan 31, 2015 at 15:58