[prev in list] [next in list] [prev in thread] [next in thread] 

List:       lxc-users
Subject:    Re: [lxc-users] lxc 2.0: command get_cgroup failed for 'dom1': Permission denied
From:       Harald Dunkel <harald.dunkel () aixigo ! de>
Date:       2016-10-19 10:59:36
Message-ID: e059e512-654c-1162-311b-e1916a625fa7 () aixigo ! de
[Download RAW message or body]

On 10/18/2016 08:59 AM, Harald Dunkel wrote:
> Hi folks,
> 
> since lxc 2.0 my monitoring scripts return error messages about
> running system containers, e.g.:
> 
> % lxc-ls -P /data1/lxc --fancy jerry1
> lxc-ls: commands.c: lxc_cmd_get_cgroup_path: 468 command get_cgroup failed for \
>                 'jerry1': Permission denied
> lxc-ls: commands.c: lxc_cmd_get_cgroup_path: 468 command get_cgroup failed for \
>                 'jerry1': Permission denied
> lxc-ls: commands.c: lxc_cmd_get_cgroup_path: 468 command get_cgroup failed for \
>                 'jerry1': Permission denied
> lxc-ls: commands.c: lxc_cmd_get_cgroup_path: 468 command get_cgroup failed for \
> 'jerry1': Permission denied NAME   STATE AUTOSTART GROUPS IPV4 IPV6
> jerry1 -     0         auto   -    -
> 
> Using strace the "permission denied" is not shown, but the
> output of lxc-ls is still broken.
> 
> This is pretty painful. I wouldn't like to do monitoring
> with root, if it can be avoided.
> 
> 
> Plattform is Jessie, lxc 2.0.4. No systemd.
> 

PS: systemd and the most recent lxc 2.0.5 didn't help,
unfortunately.

Using docker I can add the monitoring user to the "docker"
group. Very convenient. Maybe there is a similar construct
for lxc that I missed in the documentation?


Every helpful comment is highly appreciated
Harri

_______________________________________________
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users


[prev in list] [next in list] [prev in thread] [next in thread]