Ask Your Question

How to properly set up an linux resource container (LXC)

asked 2011-11-21 02:28:26 +0000

tjw344 gravatar image

updated 2011-12-16 06:17:13 +0000

Can someone point me in a direction to a guide or something. I looked around and found one, but I am not sure it is correct anymore because I think lxc has made some changes recently. I am using fedora 16 and yum installed lxc-*. How do I proceed? I'd like to say that when I try to mkdir /cgroup and mount it at boot in fstab, fedora does not properly boot and enters recovery mode. Any suggestions?

# /etc/fstab
# Created by anaconda on Fri Dec  9 13:18:53 2011
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
UUID=ca1e6904-73dc-4fc9-b611-ba8f010580de   /       ext4    defaults            1 1
UUID=EA83-296C                  /boot/efi   vfat    umask=0077,shortname=winnt  0 0
UUID=3950db3c-7107-4deb-a38c-0d5979761451   /home       ext4    defaults            1 2
UUID=afddf429-813c-4d92-97d8-afbd5ad11ec6   swap        swap    defaults            0 0
#cgroup                     /cgroup     cgroup  defaults            0 0

cgorups is commented out because fedora 16 won't boot if its not. Also, if I try to mount cgroup this is what it looks like:

[root@xxxxxx-fedora ~]# mount cgroup
mount: cgroup already mounted or /sys/fs/cgroup/perf_event busy
mount: according to mtab, cgroup is already mounted on /sys/fs/cgroup/perf_event

Already created cgroup with:

mkdir -p /cgroup
edit retag flag offensive close delete


The most up to date information is on the LXC mailing list. https://lists.sourceforge.net/mailman/listinfo/lxc-users if you need help with cgroups, post your /etc/fstab. The documentation on lxc is both fragmented and lagging.

bodhi.zazen ( 2011-12-16 05:21:18 +0000 )edit

The most up to date information is on the LXC mailing list. https://lists.sourceforge.net/mailman/listinfo/lxc-users

bodhi.zazen ( 2011-12-16 05:21:18 +0000 )edit

I agree, Just joined the mailing list.. It is difficult to look through, but will give it a go.

tjw344 ( 2011-12-16 06:21:58 +0000 )edit

I am giving up on this for the time being. After reading the mailing list it seems that LXC is not ready for easy use. It has several problems that may be addressed in the near future, but are not worked out right now. One particular problem is that the program does not integrate all the necessary

tjw344 ( 2011-12-21 03:05:54 +0000 )edit

components of the OS's that it runs on. ie bridge utils (I would prefer networ manager handle this), cgroups, and many other userspace progs. In order to do a lot of these things, personal patches and scripts are floating around. I could be wrong, but this seems to daunting for me.

tjw344 ( 2011-12-21 03:09:31 +0000 )edit

5 Answers

Sort by ยป oldest newest most voted

answered 2012-09-21 15:23:52 +0000

ganto gravatar image

updated 2012-09-21 15:26:16 +0000

Hi everybody

I just tried to setup a Fedora 17 LXC container within a Fedora 17 host. I quickly describe here how I made my setup and what is working so far. I think they don't yet ship the lxc-fedora template yet, because it's not fully working (at least for Fedora 17). A lot of tips and tricks I found in the links posted before.

Create Container

I used the lxc-fedora template which is shipped by upstream to create the Fedora 17 container. Another few manual steps I did in the container chroot:

  • Enable the networking service:

    chroot $rootfs chkconfig network on
  • Shut up systemd udev errors:

    chroot $rootfs ln -s /dev/null /etc/systemd/system/udev-control.socket
    chroot $rootfs ln -s /dev/null /etc/systemd/system/udev-kernel.socket
  • Install and enable SSH:

    chroot $rootfs yum install openssh-server
    chroot $rootfs systemctl enable sshd.service

Run via libvirt

I then first tried to start the container via libvirt, since this would be my preferred method. This failed with an access denied error to my container root file system as long as I set selinux to enforcing.

After setting selinux to permissive, the container booted nicely and I got a login prompt of the container on virsh console. However, every login attempt failed with the following error in /var/log/secure:

login: FAILED LOGIN 1 FROM pts/0 FOR root, Authentication failure
login: pam_securetty(login:auth): access denied: tty 'pts/0' is not secure !

If I try to login via ssh the following error prevents a successful login:

sshd[239]: Accepted password for root from port 36485 ssh2
sshd[239]: pam_loginuid(sshd:session): set_loginuid failed
sshd[239]: pam_unix(sshd:session): session opened for user root by (uid=0)
sshd[239]: error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session
sshd[241]: error: open /dev/tty failed - could not set controlling tty: No such file or directory
sshd[239]: Received disconnect from 11: disconnected by user

I guess some of the container internal pseudo file systems such as devpts are not properly set up by libvirt. Unfortunately I don't know how to debug this further.


When I start the container with the generated configuration and lxc-start then the container also successfully starts. I don't get a prompt when trying lxc-console. The following log message can be found in /var/log/secure:

agetty[261]: tcsetattr problem: Input/output error

At least here, the login via SSH works and I get a bash within the container.

The big problem with this setup is, that I cannot properly restart a container. After lxc-stop another lxc-start is failing with:

lxc-start: Device or resource busy - failed to remove previous cgroup '/sys/fs/cgroup/systemd/testcontainer'
lxc-start: failed to spawn 'testcontainer'
lxc-start: Device or resource busy - failed to remove cgroup '/sys/fs/cgroup/systemd/testcontainer'

Only after rebooting the host I was able to start the container again.

I'm not really an experienced Fedora user, so forgive me the lack of knowledge in selinux, systemd and cgroups. Any help is appreciated.

If you are aware of any tweaks or recent developments to make this setup run, please let me know.

edit flag offensive delete publish link more


Thanks. This should help quite a few folks. Upvoted :)

FranciscoD_ ( 2012-09-23 09:45:12 +0000 )edit

answered 2011-11-22 19:00:53 +0000

Just googled and found this: http://www.techrepublic.com/blog/opensource/introducing-linux-virtual-containers-with-lxc/1289. Give it a whirl. If you manage to get it running, please do post the steps for others.

edit flag offensive delete publish link more


Well thanks for trying. Your article is from February of 2010. Read the post above. I guess there isn't much to go on for fedora. Ill post follow up (give me some time, is more complicated than I was hoping, I don't know too much about cgroups yet)

tjw344 ( 2011-11-22 23:46:30 +0000 )edit

answered 2011-12-16 16:16:48 +0000

So in fedora 16 cgroup is already mounted at /sys/fs/cgroup/

If lxc does not work with that location , file a bug report and as a work around you can use mount -o bind

In fstab

/sys/fs/cgroup  /cgroup  none  bind  0  0
edit flag offensive delete publish link more


This worked fine

tjw344 ( 2011-12-21 03:03:31 +0000 )edit

answered 2012-07-14 14:32:19 +0000

Schorschi gravatar image

updated 2012-07-15 14:42:08 +0000

Where do you find lxc-fedora script? I installed lxc and libvirt on a Fedora 17 system, and lxc-fedora is no where to be found. I did a yum whatprovides */lxc-fedora not find in any package? So where is this script?

Ok, so on Fedora 17 yum install lxc does not add the lxc-fedora template script? Why not? does not make any sense to me, if you install lxc from a fedora repository the expectation is that at least the fedora template script would be included, just about every documented example via Google assumes this, implies this.

edit flag offensive delete publish link more


I agree, the downside of LXC has always been the rapid development and lack of documentation. You really need to subacribe to the mailing lists to stay up to date. Your above "answer" is probably best filed as a bug report.

bodhi.zazen ( 2012-07-16 15:30:46 +0000 )edit

answered 2011-11-22 20:03:09 +0000

updated 2011-11-22 20:12:08 +0000

LXC is indeed in rapid development and if you want to try it I highly suggest you register for the mailing lists as the mailing lists are the best source of up to date information.

You need to configure your host, I highly suggest you use a bridge for networking.

http://blog.bodhizazen.net/linux/lxc-linux-containers/ http://blog.bodhizazen.net/linux/lxc-configure-fedora-containers/ http://lxc.teegra.net/

Note: The information on fedora containers is a bit outdated as it uses febootstrap rather then lxc-fedora. feboostrap is no longer supported, user lxc-fedora. The configuration files may be of assistance to you.

You should then, in theory, be able to create a guest with the lxc scripts (these scripts are included in the lxc package).

/usr/bin/lxc-debian {create|destroy|purge|help} /usr/bin/lxc-fedora {create|destroy|purge|help}

edit flag offensive delete publish link more

Your answer

Please start posting your answer anonymously - your answer will be saved within the current session and published after you log in or create a new account. Please try to give a substantial answer, for discussions, please use comments and please do remember to vote (after you log in)!

Add answer

[hide preview]

Use your votes!

  • Use the 30 daily voting points that you get!
  • Up-vote well framed questions that provide enough information to enable people provide answers.
  • Thank your helpers by up-voting their comments and answers. If a question you asked has been answered, accept the best answer by clicking on the checkbox on the left side of the answer.
  • Down-voting might cost you karma, but you should consider doing so for incorrect or clearly detrimental questions and answers.

Question tools



Asked: 2011-11-21 02:28:26 +0000

Seen: 8,991 times

Last updated: Sep 21 '12