[Lxc-users] systemd inside LXC
Michael H. Warfield
mhw at WittsEnd.com
Mon Oct 22 03:29:46 UTC 2012
Serge,
On Sun, 2012-10-21 at 22:21 -0400, Michael H. Warfield wrote:
> On Sun, 2012-10-21 at 14:49 -0500, Serge Hallyn wrote:
> > Quoting Michael H. Warfield (mhw at WittsEnd.com):
> > > Serge,
> > >
>
> ...
>
> > > Short of building a custom systemd, I don't know how to fix that problem
> > > and I suspect this OP is going to run into this same thing (container
> > > taking over host's console) and might explain some of what he's seeing.
> > > Several of these look like they could cause problems (like /dev/pts in
> > > there). I've really reached an impasse at getting systemd (at least
> > > Fedora 16 and 17) to work in a container without screwing up the host.
> > > Prohibiting mounts entirely in the container might work but I suspect
> > > (having read some systemd error messages) systemd is going to have some
> > > serious heartburn there.
> > >
> > > Thoughts?
> >
> > IIRC, simply having apparmor(/selinux) refuse the mount of /dev by the
> > container should work, i.e. systemd was not going to fail as a result.
> Hopefully, you've seen the message from Kay Sievers cc'ed to this list
> from my post to the systemd-devel list. Looks like they have a
> mechanism in place to do this...
> http://www.freedesktop.org/wiki/Software/systemd/ContainerInterface
> First step appears to be to set a container=LXC (or some other short
> string) before invoking init in the container. Is there a mechanism to
> do this?
> Might look over the rest of their recommendation and see if there's
> anything else we need to do. Looks like there might be some additional
> mounts (some read-only) in there that need to be handled in lxc-start as
> well.
Tried simply exporting the container=LXC variable, the HOSTNAME and a
couple of others in there. Confirmed in upstart mode that the variables
did propagate but in systemd mode it just hung with 0 processes and left
an unremovable "busy" cgroup directory when I tried to "lxc-stop" it.
BUT... Something obviously behaved differently. It didn't try to grab
the console and commit other heinous on the system like it did before
with systemd. Maybe need to look closer at those mount requirements.
> > -serge
> > ------------------------------------------------------------------------------
> > Everyone hates slow websites. So do we.
> > Make your web apps faster with AppDynamics
> > Download AppDynamics Lite for free today:
> > http://p.sf.net/sfu/appdyn_sfd2d_oct
> > _______________________________________________
> > Lxc-users mailing list
> > Lxc-users at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/lxc-users
>
> Regards,
> Mike
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_sfd2d_oct
> _______________________________________________ Lxc-users mailing list Lxc-users at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
--
Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20121021/c1d09b95/attachment.pgp>
More information about the lxc-users
mailing list