[lxc-devel] [PATCH 1/1] templates/lxc-fedora Rework for distro independence.
Serge Hallyn
serge.hallyn at ubuntu.com
Fri Oct 4 15:56:43 UTC 2013
Quoting Michael H. Warfield (mhw at WittsEnd.com):
> Hey Serge,
>
> On Wed, 2013-10-02 at 23:39 -0500, Serge Hallyn wrote:
> > Quoting Michael H. Warfield (mhw at WittsEnd.com):
> > > + mount -o loop ../LiveOS/squashfs.img squashfs
>
> > Heh, this is unfortunate - since I test things inside containers, now I
> > have to face the loop device in containers issue :)
>
> > For now I just added b 7:0 to my devices whitelist and loosened the
> > apparmor policy. Fedora build did its thing. Then I removed those
> > exceptions.
> >
> > I did have to remove the devices whitelist entries for 4:0 and 4:1.
>
> I swear, I thought you meant you had to remove them in the container
> config of the Ubuntu container you were running this in, just as you had
> to add the b 7:0 for the loop device. :-P Oh well.
>
> > They are for /dev/tty{0,1} - the real ones, which we don't use
> > in containers. Since the ubuntu container in which I was testing
> > didn't have that, I couldn't grant it to the fedora container, but
> > it doesn't need it.
>
> > Other than that, it looks good!
>
> > There is a weird glitch, when i first start the container, i type
> > in username root, then have to hit return again before it shows
> > me the password prompt. It doesn't accept the password. Second
> > login attempt works fine.
>
> I've looked at this some more and it's only happening on the console
> device that is connected with lxc-start. It's not happening with any of
That's interesting. Note that when I start an ubuntu container in a
private user namespace, the lxc-start console also acts differently
from the other consoles. The shell says there's no job control, and
sudo refuses to run.
So there appears to be *something* that is happening differently
there. It could be as simple as the distro init is mucking with the
console in a way it shouldn't, or setsid() is doing something...
But it would be great if we could get to the bottom of it.
-serge
More information about the lxc-devel
mailing list