SUSE Support

Here When You Need Us

'Failed to find cgroup2 mount' warning when running 'ss -le' command in certain network namespace setups

This document (000021771) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 15


Situation

When checking detailed listening socket statistics with the 'ss -le' command inside network namespaces the following warning might prepend the expected output (more than once) :
  Failed to find cgroup2 mount

Example dialog :
15sp6:~ # ip netns exec ns1 ss -le
Failed to find cgroup2 mount
Failed to find cgroup2 mount
Netid   State    Recv-Q   Send-Q   Local Address:Port      Peer Address:Port   Process                                  
nl      UNCONN   0        0              0.0.0.0:4444           0.0.0.0:*      users:(("netcat",pid=3091,fd=3)) 
ino:22823 sk:1 cgroup:unreachable:787 <->rtnl:kernel                *       sk=0 cb=0 groups=0x00000000
...

Resolution

The warning can be ignored.

Cause

The 'ip netns' command is exclusively for network namespace management, thus it "lacks" support for some cgroup functionality - among other the above condition.

The 'ip netns' command is implemented with use of not only network namespace management, thus the environment it prepares "lacks" support for some functionality - among other the above cgroup condition. ('ip netns' utilizes mount namespacing too)

Additional Information

A similar warning (Failed to open cgroup2 by ID) can also be observed without network namespaces, but that is a different issue for which a fix has been developed.
That particular issue is caused by the fact that a socket may survive its creation cgroup or the originating cgroup is not visible to the ss user (cgroup namespace), so the cgroup ID cannot be resolved to a path.  
As an example if the nfs-mountd.service is restarted the sockets may survive, but the hierarchy belonging to the service in /sys/fs/cgroup/unified/ will be replaced. This means there is no malfunction as such, but the link between the socket belonging to a service that has been restarted and the cgroup hierarchy of the service is not resolvable by the ss (diagnostics) tool.
A maintenance update containing the fix for the second (non namespace related) issue targeting SLES 15 SP5 LTSS and newer has been submitted and this document will be updated with information about release information when it has happened.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000021771
  • Creation Date: 04-Apr-2025
  • Modified Date:04-Apr-2025
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

tick icon

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community
tick icon

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

Support FAQ
tick icon

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center