[Lxc-users] containers always seem to lock the host's X session

Ramez Hanna rhanna at informatiq.org
Fri Jun 15 21:01:53 UTC 2012


On Fri, Jun 15, 2012 at 5:50 PM, Fajar A. Nugraha <list at fajar.net> wrote:

> On Fri, Jun 15, 2012 at 7:26 PM, John Maclean <jayeola at gmail.com> wrote:
> > Hello all,
> >
> > I have built lxc from the git hub repo and have been able to create
> > containers using the stock templates for fedora. However, whenever I
> > start a container it always locks the hosts, X session.
> >
> > a - How can i diagnose this?
> > b - How can i prevent this?
>
> The easy way would be just to use ubuntu precise for your host. Seriously
> :)
>
> The hard way, I think your guest is accessing your hosts's tty. You
> can probably prevent that by something like this on your guests'
> config file:
>
> #==========
> lxc.cgroup.devices.deny = a
> # Allow any mknod (but not using the node)
> lxc.cgroup.devices.allow = c *:* m
> lxc.cgroup.devices.allow = b *:* m
> # /dev/null and zero
> lxc.cgroup.devices.allow = c 1:3 rwm
> lxc.cgroup.devices.allow = c 1:5 rwm
> # consoles
> lxc.cgroup.devices.allow = c 5:1 rwm
> lxc.cgroup.devices.allow = c 5:0 rwm
> #lxc.cgroup.devices.allow = c 4:0 rwm
> #lxc.cgroup.devices.allow = c 4:1 rwm
> # /dev/{,u}random
> lxc.cgroup.devices.allow = c 1:9 rwm
> lxc.cgroup.devices.allow = c 1:8 rwm
> lxc.cgroup.devices.allow = c 136:* rwm
> lxc.cgroup.devices.allow = c 5:2 rwm
> # rtc
> lxc.cgroup.devices.allow = c 254:0 rwm
> #fuse
> lxc.cgroup.devices.allow = c 10:229 rwm
> #tun
> lxc.cgroup.devices.allow = c 10:200 rwm
> #full
> lxc.cgroup.devices.allow = c 1:7 rwm
> #hpet
> lxc.cgroup.devices.allow = c 10:228 rwm
> #kvm
> lxc.cgroup.devices.allow = c 10:232 rwm
> #==================
>
> --
> Fajar
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Lxc-users mailing list
> Lxc-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-users
>


here is what i do

i always start the container form a terminalnot frommy x session
i also use the following script to start the container this fixes all
problem

====
# cat /home/rhanna/bin/lxc-start-fedora
#! /bin/bash
options=$(getopt -o n: -l name: -- "$@")
eval set -- "$options"
while true
do
case "$1" in
-n|--name) name=$2; shift 2;;
--) shift
break;;
*) break ;;
esac
done

if [ -z $name ]; then
echo "container name must be set, use -n|--name"
exit 1
fi
lxc-ls |grep $name >/dev/null 2>&1
if [ $? -ne 0 ]; then
echo "Container does not exist"
exit 1
fi
lxc-info -s -n$name|grep RUNNING >/dev/null 2>&1
if [ $? -eq 0 ]; then
echo "container already started"
exit 1
fi
mount |grep /tmp/lxc/$name > /dev/null 2>&1
if [ $? -eq 0 ]; then
umount /tmp/lxc/$name
fi
rm -rf /tmp/lxc/$name
mkdir -p /tmp/lxc/$name
mount none /tmp/lxc/$name -t tmpfs
rsync -a /var/lib/lxc/$name/rootfs/dev/ /tmp/lxc/$name
mount /tmp/lxc/$name /var/lib/lxc/$name/rootfs/dev/ -obind
lxc-start $* -n $name
=====
-- 
BR
RH
http://informatiq.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20120616/c16f2325/attachment.html>


More information about the lxc-users mailing list