Fix lxc.hook.start not working on cgroup v2 systems#586
Open
mattelacchiato wants to merge 1 commit into
Open
Conversation
On systems using cgroup v2 (unified hierarchy), such as Debian Trixie with LXC 6.0, the lxc.hook.start container hook does not work correctly: 1. The hook's `find /var/* -exec rm` deletes pre-generated files 2. The subsequent `mknod` calls fail due to cgroup v2 device restrictions 3. The hook aborts before writing /var/hm_mode Without /var/hm_mode containing HM_MODE='NORMAL', lighttpd and ReGaHss refuse to start, making the WebUI inaccessible. This commit detects cgroup v2 by checking for /sys/fs/cgroup/cgroup.controllers and, when present: - Removes lxc.hook.start from the generated LXC config - Generates /var/hm_mode and related files from the host side (writing to /tmp/pivccu-var which is bind-mounted as /var) - Creates device nodes via lxc-attach after container start, using full paths (/bin/mknod) since PATH differs in service context On cgroup v1 systems, behavior is unchanged — the hook runs as before. Tested on Raspberry Pi 4, Debian Trixie, LXC 6.0.4, kernel 6.12. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
On systems using cgroup v2 (unified hierarchy), such as Debian Trixie with LXC 6.0, the
lxc.hook.startcontainer hook does not work correctly:find /var/* -exec rmdeletes pre-generated filesmknodcalls fail due to cgroup v2 device restrictions/var/hm_modeWithout
/var/hm_modecontainingHM_MODE='NORMAL', lighttpd and ReGaHss refuse to start (S50lighttpdandS70ReGaHssboth check[[ "${HM_MODE}" != "NORMAL" ]] && exit 0), making the WebUI completely inaccessible.Root Cause
cgroup v2 handles device access control differently from cgroup v1. The
lxc.cgroup.devices.allowdirectives inlxc.configare cgroup v1 specific. On cgroup v2 systems, device node creation viamknodinside the container hook fails silently, leaving the hook in a broken state where it has already deleted/varcontents but cannot complete its setup.Fix
This commit detects cgroup v2 by checking for
/sys/fs/cgroup/cgroup.controllersand, when present:lxc.hook.startfrom the generated LXC config (prevents the hook from deleting files and then failing)/var/hm_modeand related files (board_serial,rf_board_serial, etc.) from the host side, writing to/tmp/pivccu-varwhich is bind-mounted as/varin the container/dev/raw-uart,/dev/mmd_hmip,/dev/eq3loop,/dev/mmd_bidcos) vialxc-attachafter container start, using full paths (/bin/mknod) sincePATHmay not include/sbinin systemd service contextOn cgroup v1 systems, behavior is completely unchanged — the hook runs as before.
Testing
Tested on:
Verified:
/var/hm_modecorrectly populated withHM_MODE='NORMAL'/dev/raw-uart,/dev/mmd_hmip,/dev/eq3loop,/dev/mmd_bidcos)🤖 Generated with Claude Code