[Lxc-users] f16 update
Ramez Hanna
rhanna at informatiq.org
Sat Mar 3 20:35:09 UTC 2012
On Fri, Mar 2, 2012 at 9:38 PM, Serge Hallyn <serge.hallyn at canonical.com> wrote:
> Quoting Ramez Hanna (rhanna at informatiq.org):
>> On Fri, Mar 2, 2012 at 4:21 PM, Serge Hallyn <serge.hallyn at canonical.com> wrote:
>> > Quoting Ramez Hanna (rhanna at informatiq.org):
>> >> hi,
>> >>
>> >> here is is how o got f16 to work
>> >> * use the shipped fedora template to create the container
>> >> * chroot into the container rootfs
>> >> * touch /etc/fstab
>> >> * ln -s /dev/null /etc/systemd/system/udev.service
>> >> * unlink /etc/systemd/system/default.target
>> >> * ln -s /lib/systemd/system/multi-user.taget /etc/systemd/system/default.target
>> >> if you want to setup a getty
>> >> * ln -s /lib/systemd/system/getty at .service
>> >> /etc/systemd/system/getty.target.wants/getty at tty1.service
>> >> * exit the chroot
>> >>
>> >> if you had installed sshd in the rootfs then ssh is ready you can just ssh in
>> >>
>> >> the problem i am facing right now is that i am unable to stop systemd
>> >> from mounting /dev
>> >> which leads to not possible to access the lxc-console because the
>> >> container is using tty* from the host and not the ones created by lxc
>> >> which also means that if you pick a higher tty (above the ones used by
>> >> your host and allow it in the cgroup conf) then you can access your
>> >> container's tty using the ctrl-alt-Fx keys
>> >>
>> >> any one wants to contribute or comment please do
>> >> i will start working on the template now and soon send patches
>> >
>> > I've looked at that. It does it, unconditionally, during early startup
>> > while setting up selinux. There is no way you can ask systemd not to
>> > do it.
>> >
>> > I actually had an item in my todo list to ask you if you wanted to
>> > write a patch to fix that (preferably allowing a systemd.nodevmount
>> > or somesuch argument) and send it to the systemd list.
>> >
>> > Fortunately it doesn't check the return value, so until that patch gets
>> > written and sent to systemd, my plan is to have apparmor refuse the
>> > container's permission to mount /dev and /dev/pts. I should be able to
>> > test that in the next few days.
>> >
>> > -serge
>>
>> what if the /dev is mounted in lxc.mount as a bind mount won't that
>> deny systemd from mounting it!
>
> Hmm, what you literally said isn't true (it won't *deny* systemd
> from mounting it if it wanted to), but what I think you meant, to
> my surprise, is true :)
>
> src/mount-setup.c:mount_one() won't mount a filesystem if its
> stat.st_dev != its parent dir's stat.st_dev. So yeah, mounting it from
> lxc.mount should prevent that from happening. Excellent! That was the
> only thing keeping me from pushing an updated fedora template that works
> for f16. Your list however looks a lot shorter than mine, so better I
> wait and try out yours.
>
> Looking forward to testing your new template!
>
> thanks,
> -serge
i tried to do the following
in /var/lib/lxc/$container/fstab i added a line
/var/lib/lxc/$container/ddd
/var/lib/lxc/$container/rootfs/dev ext4 defaults,bind 0 0
where ddd is a dir that has the /dev needed files (pts/, tty*, nul, etc...)
started the container still /dev is mounted for devtmpfs
did i do it wrong?
--
BR
RH
http://informatiq.org
More information about the lxc-users
mailing list