Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 599152 - sys-apps/systemd-232 breaks lxc-start, docker due to cgroup2
Summary: sys-apps/systemd-232 breaks lxc-start, docker due to cgroup2
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo systemd Team
: 599268 (view as bug list)
Depends on:
Blocks: CVE-2016-7795, CVE-2016-7796
  Show dependency tree
Reported: 2016-11-07 15:54 UTC by Pablo Cholaky
Modified: 2017-04-20 12:40 UTC (History)
8 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Pablo Cholaky 2016-11-07 15:54:00 UTC
Using systemd 232, /sys/fs/cgroup/systemd is using cgroup2, causing lxc-start images to fail due cgroup permission (Operation not permitted)

There is a workaround for that? I tried

I know this seems to be more a bug between systemd or lxc userspace tools, but I would like to keep this bug here as existing issue and if someone can let some workaround meanwhile and/or use it as base to report properly to systemd or lxc userspace tools with more technical domain of this matter.

I can confirm this works fine with systemd 231, and systemd loading cgroup v1 for systemd. 232 uses cgroup2 causing the problem.
Comment 1 Pablo Cholaky 2016-11-07 15:54:59 UTC
As additional info, using lxc on Ubuntu images, xenial amd64
Comment 2 Mike Gilbert gentoo-dev 2016-11-07 16:11:07 UTC
I do not use lxc, and I am unfamiliar with its use of cgroups. You should work with upstream (systemd and lxc) directly on this.
Comment 3 Mike Gilbert gentoo-dev 2016-11-10 23:28:47 UTC
*** Bug 599268 has been marked as a duplicate of this bug. ***
Comment 4 Mike Gilbert gentoo-dev 2016-11-10 23:31:26 UTC
This has been reverted upstream. We will pick it up with systemd-233, or whenever I backport patches.
Comment 5 Renich Bon Ciric 2017-02-01 20:46:02 UTC
This has been fixed here:

As a workaround, just append this to your GRUB_CMDLINE_LINUX_DEFAULT: systemd.legacy_systemd_cgroup_controller=yes

So it looks something like:

# /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="quiet systemd.legacy_systemd_cgroup_controller=yes"

This is affecting docker as well (irrelevant to this ticket, I know).
Comment 6 Pacho Ramos gentoo-dev 2017-02-07 15:43:07 UTC
Maybe this backport would be useful for us:
Comment 7 Pacho Ramos gentoo-dev 2017-04-20 12:40:55 UTC
this should be fixed in 233 finally