[lxc-devel] lxc-debian creates containers that mess with real ttys
Nigel McNie
nigel at mcnie.name
Thu Jan 7 00:02:36 UTC 2010
Hi,
I've been playing with containers quite a bit over the last few weeks,
and have become a bit stumped by a strange behaviour I'm seeing. Every
now and then, one of my ttys (tty1-6) will randomly switch to being a
tty for a running container. This can happen when I'm logged in, and
even in the middle of typing commands at them. It's kinda spooky
actually :)
I'm building containers with a modified version of the lxc-debian
script in your userspace utilities - though I haven't touched the
lxc.conf other than to move where the rootfs is generated. Here is an
example config from a container that takes over a tty:
lxc.utsname = test
lxc.tty = 4
lxc.pts = 1024
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br0
lxc.network.name = eth0
lxc.network.mtu = 1500
lxc.mount = /tmp/lxc.F9K9tT5JbS
lxc.cgroup.devices.deny = a
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 254:0 rwm
I have noticed many people running into problems that seem to point to
the isolation of containers not being as good as, say, vserver (e.g.
host machine halting when they halt a container). Is this simply a
case of not denying/allowing the right devices, or is there more to
it?
BTW: my git server at http://git.nigel.mcnie.name/ holds an lxc-debian
repo with a different lxc-debian script as well as some helpers (like
an init.d script). You might be interested to have a look through it,
maybe there are some ideas you'd like to take (e.g. mine automatically
answers the debconf question for locales and sets the timezone to be
that of the host too).
--
Regards,
Nigel McNie
More information about the lxc-devel
mailing list