<br><br><div class="gmail_quote">On Fri, Jul 15, 2011 at 8:07 PM, Michael H. Warfield <span dir="ltr"><<a href="mailto:mhw@wittsend.com">mhw@wittsend.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div><div></div><div class="h5">On Fri, 2011-07-15 at 19:41 +0300, Ramez Hanna wrote:<br>
> On Fri, Jul 15, 2011 at 7:28 PM, Michael H. Warfield <<a href="mailto:mhw@wittsend.com">mhw@wittsend.com</a>>wrote:<br>
><br>
> > On Fri, 2011-07-15 at 18:36 +0300, Ramez Hanna wrote:<br>
> > > On Fri, Jul 15, 2011 at 6:04 PM, Michael H. Warfield <<a href="mailto:mhw@wittsend.com">mhw@wittsend.com</a><br>
> > >wrote:<br>
> > ><br>
> > > > On Fri, 2011-07-15 at 17:50 +0300, Ramez Hanna wrote:<br>
> > > > > how can i check if lxc-attach is not working because of the kernel or<br>
> > > > > because of other bug?<br>
> > > > ><br>
> > > > > On Thu, Apr 7, 2011 at 10:09 AM, Cedric Le Goater <<a href="mailto:legoater@free.fr">legoater@free.fr</a>><br>
> > > > wrote:<br>
> > > > ><br>
> > > > > > On 04/07/2011 07:46 AM, Ramez Hanna wrote:<br>
> > > > > > > from a post that i found earlier in the archive<br>
> > > > > > > subject "entering a container" by Daniel Lezcano<br>
> > > > > > ><br>
> > > > > > > i cannot see the differece between lxc-attach and lxc-execute<br>
> > > > > > > could someone explain?<br>
> > > > > ><br>
> > > > > > lxc-execute creates a container and exec's a command/application<br>
> > > > > > inside it (see manual).<br>
> > > > > ><br>
> > > > > > lxc-attach enters a *running* container and exec's a command inside<br>
> > > > > > it (manual soon to come). This ability of creating an exogenous<br>
> > > > > > process inside a container requires a kernel patchset.<br>
> > > ><br>
> > > > Has that patch set even made it into a release? If so, what version is<br>
> > > > it in and what version are you running. It does not work on my F15<br>
> > > > system with a 2.6.38 kernel. If it has not made it into a released<br>
> > > > kernel, have you built a custom kernel with it?<br>
> ><br>
> > > I don't know about that patch, so hence my question if there is anyway to<br>
> > > know from the host if that capability is available<br>
> ><br>
> > From what I can tell, based on some threads from back in March, the<br>
> > patchset has not been merged into the upstream kernel at this time and<br>
> > is almost certainly NOT in 2.6.38.*.<br>
> ><br>
> > I'm currently running Fedora 15 2.6.38.8-32.fc15.x86_64 which does not<br>
> > have the patch and lxc-attach gives this error:<br>
> ><br>
> > [root@forest Alcove]# lxc-attach --name Alcove<br>
> > lxc-attach: Does this kernel version support 'attach' ?<br>
> > lxc-attach: failed to enter the namespace<br>
> ><br>
> > That's probably about the best answer you're going to get.<br>
> ><br>
> > From what I can tell, the last patchset is here:<br>
> ><br>
> > <a href="http://lxc.sourceforge.net/patches/linux/2.6.38/" target="_blank">http://lxc.sourceforge.net/patches/linux/2.6.38/</a><br>
> ><br>
> > If you want it, you're probably going to have to build yourself a custom<br>
> > kernel with it patched in.<br>
> ><br>
> > Some of the patches have been merged into the upstream kernel but it's<br>
> > not clear to me if we'll have to wait for 3.0 to be released to see them<br>
> > but I suspect that to be the case. We're currently sitting at 3.0-rc7<br>
> > on that one. 2.6.39.3 is released and stable nut I have no clue what's<br>
> > in there. 2.6.38 is currently at 2.6.38.8, which is what we see in F15<br>
> > so it is what it is.<br>
> ><br>
> > > > > > C.<br>
> > > > > ><br>
> ><br>
> > Regards,<br>
> > Mike<br>
> > --<br>
> > Michael H. Warfield (AI4NB) | <a href="tel:%28770%29%20985-6132" value="+17709856132">(770) 985-6132</a> | mhw@WittsEnd.com<br>
> > /\/\|=mhw=|\/\/ | <a href="tel:%28678%29%20463-0932" value="+16784630932">(678) 463-0932</a> |<br>
> > <a href="http://www.wittsend.com/mhw/" target="_blank">http://www.wittsend.com/mhw/</a><br>
> > NIC whois: MHW9 | An optimist believes we live in the best of<br>
> > all<br>
> > PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!<br>
> ><br>
<br>
> thanks a lot for the detailed answer<br>
> by the way have you been succesfull in starting a f15 container on your f15?<br>
> I have been debuggin for 2 hours now<br>
> when i start f15 container it screws my host by interfering with my hosts's<br>
> systemd which somehow doesn't make sense<br>
> and when i use systemd-nspawn i get a bunch of errors and the system doesn't<br>
> finish starting<br>
> here is a paste of systemd log from systemd-nspawn session<br>
> <a href="http://pastie.org/2218625" target="_blank">http://pastie.org/2218625</a><br>
<br>
</div></div>I haven't tried it yet. Will see what I can do.<br>
<br>
Couple of quick questions.<br>
<br>
1) You say it screws your host if you don't uses nospawn. What happens?<br></blockquote><div>host console is not useable, random issues around missing characters when i type<br>unable to login on other terminals because i cannot type<br>
and i see so many systemd logs on the console<br></div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<br>
2) Have you disabled the sys_admin cap by dropping it in that container?<br>
I find that causes me all sorts of grief.<br></blockquote><div>i will try that <br></div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<br>
3) Was this a fresh template build or did you upgrade an F14 machine to<br>
F15 (I was going to use "yum --releasever=15 distro-sync" in one of my<br>
running F14 containers).<br></blockquote><div>yes fresh install <br></div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div><div></div><div class="h5"><br>
Regards,<br>
Mike<br>
--<br>
Michael H. Warfield (AI4NB) | <a href="tel:%28770%29%20985-6132" value="+17709856132">(770) 985-6132</a> | mhw@WittsEnd.com<br>
/\/\|=mhw=|\/\/ | <a href="tel:%28678%29%20463-0932" value="+16784630932">(678) 463-0932</a> | <a href="http://www.wittsend.com/mhw/" target="_blank">http://www.wittsend.com/mhw/</a><br>
NIC whois: MHW9 | An optimist believes we live in the best of all<br>
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!<br>
</div></div></blockquote></div><br>