This was reported to the upstream https://github.com/lxc/lxc/issues/3198
The purpose of libpam-cgfs is only chowning some CGroup directories to the
login user.
When Linux is booted with systemd.unified_cgroup_hierarchy,
/sys/fs/cgroup/user.slice/user-$UID.slice/session-nnn.scope is not chowned to a
login user.
So libpam-cgfs completely fails to function under cgroup v2.
** Also affects: lxcfs (Ubuntu)
Importance: Undecided
Status: New
** Bug watch added: LXC bug tracker #3198
https://github.com/lxc/lxc/issues/3198
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1850667
Title:
cgroup v2 is not fully supported yet, proceeding with partial
confinement
Status in docker.io package in Ubuntu:
New
Status in lxc package in Ubuntu:
New
Status in lxcfs package in Ubuntu:
New
Status in lxd package in Ubuntu:
New
Status in snapd package in Ubuntu:
In Progress
Bug description:
Systemd upstream switched the default cgroup hierarchy to unified with
v243. This change is reverted by the Ubuntu systemd packages, but as
unified is the way to go per upstream support should be added to all
relevant Ubuntu packges (and snaps):
https://github.com/systemd/systemd/blob/v243/NEWS#L56
* systemd now defaults to the "unified" cgroup hierarchy setup during
build-time, i.e. -Ddefault-hierarchy=unified is now the build-time
default. Previously, -Ddefault-hierarchy=hybrid was the default.
This
change reflects the fact that cgroupsv2 support has matured
substantially in both systemd and in the kernel, and is clearly the
way forward. Downstream production distributions might want to
continue to use -Ddefault-hierarchy=hybrid (or even =legacy) for
their builds as unfortunately the popular container managers have
not
caught up with the kernel API changes.
Systemd is rebuilt using the new default and is available from the following
PPA for testing:
https://launchpad.net/~rbalint/+archive/ubuntu/systemd-unified-cgh
The autopkgtest results against other packges are available here:
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac
/autopkgtest-eoan-rbalint-systemd-unified-cgh/?format=plain
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac
/autopkgtest-focal-rbalint-systemd-unified-cgh/?format=plain
lxc autopkgtest failing:
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac
/autopkgtest-eoan-rbalint-systemd-unified-
cgh/eoan/amd64/d/docker.io/20191030_155944_2331e@/log.gz
snapd autopkgtest failing:
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac
/autopkgtest-eoan-rbalint-systemd-unified-
cgh/eoan/amd64/s/snapd/20191030_161354_94b26@/log.gz
docker.io autopkgtest failing:
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac
/autopkgtest-eoan-rbalint-systemd-unified-
cgh/eoan/amd64/d/docker.io/20191030_155944_2331e@/log.gz
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1850667/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
