LXC simply stands for Linux containers and is a virtualization solution, where another isolated Linux instance is started within your actual running instance. The container Linux instance however is using the same resources and kernel as the host system. LXC is in direct competition to the elder OpenVZ and Linux-VServer solutions but doesn’t require a patched or modified kernel.

I for myself started to migrate all of my OpenVZ Containers to the LXC container virtualization for several reasons.  For e. g. LXC is already integrated in the kernel and OpenVZ development is getting more and more slower (just to name a few). But LXC isn’t free from bugs of course. One of the most annoying bugs is the bash: fork: retry: No child processes error. The following text shows you, how to fix it.

The error in summary

First and foremost, this error is not a problem of LXC. SystemD is causing this and it’s causing this for a good reason. SystemD wants to protect your system that one or multiple processes are able to spawn unlimited other processes. But if you use LXC, LXC as a mother process have to start multiple other processes like the services which are running within the container. This will force SystemD to step in and blocking more processes from being started by your container. This most likely causes the LXC container process to crash and makes your whole container inaccessible.

The Fix

The fix is rather easy and doesn’t even require a restart of your system or of your containers. As root open the file /etc/systemd/system.conf and enable / set the following value:

DefaultTasksMax=infinity

after you’ve done this, simply let the SystemD reload itself:

root@system:~# systemctl daemon-reload

As the word infinity already states, the maximum process count a mother process can have is set to infinity. While this can be an issue (for e.g. a container spwans a lot of processes due to an error), it’s the only useful way to get rid of this message. You could also enter a number which is like 10 times higher than before but even then a container could come to a point where this isn’t enough anymore. However, if you set the value like mentioned and reloaded SystemD, your containers should now run as expected without the error.

Have fun with your containers 🙂

Further links