<div dir="ltr">Thanks for that. The <a href="http://lwn.net">lwn.net</a> article is very useful<div>-AK</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Sun, Sep 15, 2013 at 9:08 PM, Fajar A. Nugraha <span dir="ltr"><<a href="mailto:list@fajar.net" target="_blank">list@fajar.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="im">On Sun, Sep 15, 2013 at 4:53 PM, Alex <span dir="ltr"><<a href="mailto:equetts@gmail.com" target="_blank">equetts@gmail.com</a>></span> wrote:<br>
</div><div class="gmail_extra"><div class="gmail_quote"><div class="im"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div dir="ltr"><div><div><div>I'm after a simple example how to configure and run lxc from scratch on Debian Wheezy (e.g. configuring a lxc container manually to run a single process within a container, no networking, would be good).<br>
<br></div></div></div></div></blockquote><div><br></div></div><div>Good luck with that :)</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div dir="ltr"><div><div><div>All suggestions appreciated.<br><br></div></div></div></div></blockquote><div><br></div><div>It depends on what you need.</div><div><br></div><div>A container is a combination of lots of things like chroot and various namespaces. I suggest you start by reading <a href="http://lwn.net/Articles/531114/" target="_blank">http://lwn.net/Articles/531114/</a> . For example, if you have a rogue program that binds to all iP addresses by default and would like to restrict it to only use one IP address, you might find network namespaces most useful. </div>
<div><br></div><div>If you want the least-painful-way to learn about lxc, I'd recommend using ubuntu as the host, create a container using the ubuntu template, and then install "lxc" package inside the container as well (since you need this to be able to run "lxc-execute").</div>
<div><br></div><div>Something that "run a single process within a container" would be lxc-execute, but in my experience it doesn't behave the way you want it to. For example, if you have /usr/lib/x86_64-linux-gnu/lxc/lxc-init inside the container (i.e. you have "lxc" package installed inside the container as well), these commands somewhat work ("ffmpeg" is the name of my container):</div>
<div><br></div><div><div># lxc-execute -n ffmpeg -- ls</div><div>lxc-init: failed to mount /dev/shm : No such file or directory</div><div>bin boot core data dev etc home lib lib64 media mnt opt proc root<span style="white-space:pre-wrap"> </span>run sbin selinux srv sys tmp usr<span style="white-space:pre-wrap"> </span>var</div>
</div><div><br></div><div><div># lxc-execute -n ffmpeg -- ps -efa</div><div>lxc-init: failed to mount /dev/shm : No such file or directory</div><div>UID PID PPID C STIME TTY TIME CMD</div><div>root 1 0 2 11:03 ? 00:00:00 /usr/lib/lxc/lxc-init -- ps -efa</div>
<div>root 2 1 0 11:03 ? 00:00:00 ps -efa</div></div><div><br></div><div><br></div><div>... while an interactive shell doesn't work the way I want it to</div><div><div><br></div><div># lxc-execute -n ffmpeg -- bash</div>
<div>lxc-init: failed to mount /dev/shm : No such file or directory</div><div>root@ffmpeg:/# root@ffmpeg:/# root@ffmpeg:/# lxc-execute: Input/output error - failed to read</div><div>bin boot core data dev etc home lib lib64 media mnt opt proc root run sbin selinux srv sys tmp usr var</div>
<div>root@ffmpeg:/# exit</div><div><br></div><div>[1]+ Stopped lxc-execute -n ffmpeg -- bash</div><div>A ~ # fg</div><div>lxc-execute -n ffmpeg -- bash</div></div><div><br></div><div>(note that I needed to run "fg" at the end to get lxc-execute to stop completely at the end).</div>
<span class="HOEnZb"><font color="#888888">
<div><br></div><div>-- </div><div>Fajar</div></font></span></div></div></div>
</blockquote></div><br></div></div>