Hi! I'm trying to get rid of a hack to make systemd (kind of) work in Linux containers on libvirt. The hack can be found in the first mail of [0]. systemd folks told me that systemd needs a name=systemd cgroup [0], which makes perfectly sense to me. I found that libvirt does this already, but uid 0 within the container is not allowed to access it. (Maybe as Kay noted a chmod() is missing) Now I'm wondering whether this is simply not supported in libvirt (I'm on 1.2.1) or am I doing something horrible wrong. This is my domain: ---cut--- <domain type='lxc'> <name>my2ndcontainer</name> <memory>524288</memory> <os> <type>exe</type> <init>/bin/bash</init> </os> <idmap> <!-- here be dragons, the mapping is non-linear --> <uid start='0' target='100000' count='998'/> <gid start='0' target='100000' count='998'/> <uid start='65533' target='100998' count='2'/> <gid start='65533' target='100998' count='2'/> </idmap> <devices> <console type='pty'/> <filesystem type='mount'> <source dir='/home/container//my2ndcontainer/rootfs'/> <target dir='/'/> </filesystem> <interface type='bridge'> <source bridge='br0'/> <mac address='4a:19:0a:01:01:a4'/> </interface> </devices> </domain> ---cut--- Within my domain: ---cut--- test1:/ # mount /dev/vda2 on / type ext4 (rw,relatime,data=ordered) proc on /proc type proc (rw,nosuid,nodev,noexec,relatime) proc on /proc/sys type proc (ro,relatime) sysfs on /sys type sysfs (ro,relatime) libvirt on /proc/meminfo type fuse (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other) tmpfs on /sys/fs/cgroup type tmpfs (rw,nosuid,nodev,noexec,relatime,size=64k,mode=755,uid=100000,gid=100000) cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpuacct,cpu) cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset) cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory) cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices) cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer) cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio) cgroup on /sys/fs/cgroup/net_cls type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls) cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event) cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd) devfs on /dev type tmpfs (rw,nosuid,relatime,size=64k,mode=755) devpts on /dev/pts type devpts (rw,nosuid,relatime,gid=5,mode=620,ptmxmode=666) devpts on /dev/ptmx type devpts (rw,nosuid,relatime,gid=5,mode=620,ptmxmode=666) test1:/ # ls -la /sys/fs/cgroup/systemd total 0 drwxr-xr-x 2 nobody nogroup 0 Feb 6 09:05 . drwxr-xr-x 11 root root 260 Feb 6 09:05 .. -rw-r--r-- 1 nobody nogroup 0 Feb 6 09:05 cgroup.clone_children --w--w--w- 1 nobody nogroup 0 Feb 6 09:05 cgroup.event_control -rw-r--r-- 1 nobody nogroup 0 Feb 6 09:05 cgroup.procs -rw-r--r-- 1 nobody nogroup 0 Feb 6 09:05 notify_on_release -rw-r--r-- 1 nobody nogroup 0 Feb 6 09:05 tasks test1:/ # exec /sbin/init systemd 208 running in system mode. (+PAM +LIBWRAP +AUDIT +SELINUX -IMA +SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ) Detected virtualization 'lxc-libvirt'. Welcome to openSUSE 13.1 (Bottle) (x86_64)! Set hostname to <my2ndcontainer>. Failed to install release agent, ignoring: No such file or directory Failed to create root cgroup hierarchy: Permission denied Failed to allocate manager object: Permission denied ---cut--- You can see that systemd stops executing because it was unable to write to /sys/fs/cgroup/systemd. Is this a configuration issue or does libvirt need some changes? [0] http://lists.freedesktop.org/archives/systemd-devel/2014-February/016699.... -- Thanks, //richard