[Lxc-users] f16 update

Serge Hallyn serge.hallyn at canonical.com
Fri Mar 2 14:21:44 UTC 2012


Quoting Ramez Hanna (rhanna at informatiq.org):
> hi,
> 
> here is is how o got f16 to work
> * use the shipped fedora template to create the container
> * chroot into the container rootfs
> * touch /etc/fstab
> * ln -s /dev/null /etc/systemd/system/udev.service
> * unlink /etc/systemd/system/default.target
> * ln -s  /lib/systemd/system/multi-user.taget /etc/systemd/system/default.target
> if you want to setup a getty
> * ln -s /lib/systemd/system/getty at .service
> /etc/systemd/system/getty.target.wants/getty at tty1.service
> * exit the chroot
> 
> if you had installed sshd in the rootfs then ssh is ready you can just ssh in
> 
> the problem i am facing right now is that i am unable to stop systemd
> from mounting /dev
> which leads to not possible to access the lxc-console because the
> container is using tty* from the host and not the ones created by lxc
> which also means that if you pick a higher tty (above the ones used by
> your host and allow it in the cgroup conf) then you can access your
> container's tty using the ctrl-alt-Fx keys
> 
> any one wants to contribute or comment please do
> i will start working on the template now and soon send patches

I've looked at that.  It does it, unconditionally, during early startup
while setting up selinux.  There is no way you can ask systemd not to
do it.

I actually had an item in my todo list to ask you if you wanted to
write a patch to fix that (preferably allowing a systemd.nodevmount
or somesuch argument) and send it to the systemd list.

Fortunately it doesn't check the return value, so until that patch gets
written and sent to systemd, my plan is to have apparmor refuse the
container's permission to mount /dev and /dev/pts.  I should be able to
test that in the next few days.

-serge




More information about the lxc-users mailing list