Open p-himik opened 5 years ago
Yeah this looks like fun. It's strange we haven't seen this before -- given that Docker-in-LXC has been known to work for a long time. I'll Cc @brauner for his opinion on this one.
The main issue I see with just adding an other special-case for fuse.lxcfs
is that we can't really be sure that fuse.lxcfs
is actually what we think it is when setting up the container (other filesystem names are provided by the kernel).
I've seen only a single mention of this specific case online. And the user decided just to switch the host OS from CentOS 7 to Ubuntu. Here's an interesting part though - on Ubuntu it all works even on kernel 4.4. I have no idea why - probably it's some Ubuntu patches or something.
Similarly, I do not use systemd cgroup2 mounts. Therefore mount cgroup2 manually.
# mount -t cgroup2 cgroup2 /sys/fs/cgroup/
# cat /proc/self/mountinfo | grep cgroup2
24 22 0:22 / /sys/fs/cgroup rw,relatime - cgroup2 cgroup2 rw
fields[9]
should be cgroup2
, but due to my manual mount
fields[9]
= rw Changing fields[8]
works fine.
While fields[9]
works in ubuntu due to additional field in mountinfo
.
Not many would face the same issue, but /proc/self/mountinfo
output may vary
The same issue Host server Centos 7.9.2009 with 3.10.0-1160.31.1.el7.x86_64 LXD container Ubuntu 20.04 If i run command
cgroupfs-umount
cgroupfs-mount
Docker is working . cgroup remount in differenet options/path
before cgroupfs-umount
cgroupfs-mount
after cgroupfs-mount
But ,after reboot all groups remount in old way and docker doesn't start again Maybe i should add commands before start lxd container. Or i have to generate another mount comand with more appropriate parameters, default options doesn't work
@brauner Is lxcfs used to fake cgroupfs with certain kernels / distributions? We can treat fuse.lxcfs
as though it were cgroupfs
if that makes sense, but I was under the impression lxcfs was only used to mask /proc
(EDIT: ah, is this used for cgroup namespaces?)?
@brauner Is lxcfs used to fake cgroupfs with certain kernels / distributions? We can treat
fuse.lxcfs
as though it werecgroupfs
if that makes sense, but I was under the impression lxcfs was only used to mask/proc
(EDIT: ah, is this used for cgroup namespaces?)?
A long long time ago on a kernel version far far away, LXCFS implemented userspace cgroup namespaces. So on kernels without cgroup namespaces LXCFS can be used to emulate them but nowadays that's rarely used since such kernels should be super old.
The list of relevant errors from dockerd:
As you can see, the file system in this case is
fuse.lxcfs
whereas at https://github.com/opencontainers/runc/blob/master/libcontainer/cgroups/utils.go#L156 it's expected to find eithercgroup2
orcgroup
. It's completely outside of my expertise but as far as I can tell, LXCFS is used in this case to provide "a container aware cgroupfs tree" because kernels < 4.6 do not have cgroup namespaces support.