[Lxc-users] fedora template
Justin Cormack
justin at specialbusservice.com
Wed Mar 30 14:09:11 UTC 2011
On Wed, 2011-03-30 at 08:20 -0500, Serge E. Hallyn wrote:
> Quoting Justin Cormack (justin at specialbusservice.com):
> > On Tue, 2011-03-29 at 18:19 -0500, Serge E. Hallyn wrote:
> >
> > > As for trouble with init - is your fedora using systemd? How does it
> > > actually start runlevel changes? Upstart uses dbus over abstract unix
> > > socket (which is containerized with netns), sysvinit uses ioctl over
> > > /dev/init which is a distinct file from the one in the container...
> > > Does systemd do something we're not containerizing right now?
> >
> > When I tried Ubuntu on Ubuntu (using upstart), the abstract socket was
> > not containerized, and it was changing runlevels on the host, which was
> > a complete pain. How do I make sure that it is? Is it an lxc version
> > issue (I was using the lxc that ships with Ubuntu 10.10, 0.7.2)?
>
> No, you must have created a container without private network namespace.
> Since upstart uses an abstact unix domain socket, you can only keep
> root in a container from being able to reboot by either (1) starting
> the container as a user who is not root and having a private user
> namespace (which is not currently recommended since userns is going
> through churn), or (2) having a private network namespace.
How do I make sure my container does have a private network namespace?
Network namespaces are enabled on my system, but I cant find the
documentation anywhere about how to turn this on when I create a
container (only the clone flags documentation...)
Sorry to be dumb about this....
Justin
More information about the lxc-users
mailing list