[Lxc-users] [lxc-devel] [systemd-devel] Unable to run systemd in an LXC / cgroup container.

Serge Hallyn serge.hallyn at canonical.com
Mon Oct 29 09:18:45 UTC 2012 

Quoting Michael H. Warfield (mhw at WittsEnd.com):
...
> Yeah, I don't think I "need to play a game like this" anymore.  I'd have
> to go back through some old old E-Mails to see why I did that before.  I
> seem to recall we were playing with all sorts of bind mount options for
> some PRIVATE thing or another.  It may not be necessary at all any
> longer.  IAC, it's minor to switch it back.  I seem to recall switching
> back and forth using bind mounts several times back when that got done
> that way.
> 
> I may play with the pre-mount hook just for giggles and see how that
> might work as well.  Any idea why I was experiencing the problem with
> the mount hook when trying to populate /dev?  I know it wouldn't have

The only idea I have is that perhaps your root is MS_SHARED by default?
Can you post the script you were using and the container config?

> worked because of the /dev/pts mount but I have more heartburn in that
> it looks like it ran too early and the mount on /dev had not even taken
> place at that time.
> 
> > > I believe I can see why...  You're doing the autodev populate prior to
> > > any of the mounts being performed, so that "private" root file system is
> > > not bound to the directory at that time.
> > > 
> > > Drop that bind mount for the rootfs and this then worked like a charm:
> > > 
> > > -- 
> > > lxc.rootfs = /srv/lxc/private/Alcove
> > > lxc.mount.entry=/home/shared /srv/lxc/private/Alcove/srv/shared none ro,bind 0 0
> > > 
> > > lxc.autodev = 1
> > > -- 
> > > 
> > > I think that rootfs directory bind was an effort to more fully match the
> > > OpenVZ behavior but also trying to deal with some of the read-only
> > > problems were where having in the past with shutdowns.  If it won't
> > > work, it won't work and I won't miss it.
> > > 
> > > I did see some errors setting up that dev...
> > > 
> > > -- 
> > > [root at forest mhw]# lxc-start -n Alcove
> > > lxc-start: No such file or directory - failed to mount '/dev/pts/59'->'/usr/lib64/lxc/rootfs/dev/tty1'
> > > lxc-start: No such file or directory - failed to mount '/dev/pts/60'->'/usr/lib64/lxc/rootfs/dev/tty2'
> > > lxc-start: No such file or directory - failed to mount '/dev/pts/61'->'/usr/lib64/lxc/rootfs/dev/tty3'
> > > lxc-start: No such file or directory - failed to mount '/dev/pts/62'->'/usr/lib64/lxc/rootfs/dev/tty4'
> > > lxc-start: No such file or directory - failed to mount '/dev/pts/63'->'/usr/lib64/lxc/rootfs/dev/tty5'
> > > lxc-start: No such file or directory - failed to mount '/dev/pts/64'->'/usr/lib64/lxc/rootfs/dev/tty6'
> > > systemd 44 running in system mode. (+PAM +LIBWRAP +AUDIT +SELINUX +IMA +SYSVINIT +LIBCRYPTSETUP; fedora)
> > > 
> > > Welcome to Fedora 17 (Beefy Miracle)!
> > > 
> > > -- 
> > > 
> > > Not sure what that's all about but, since systemd isn't going to start
> > > getty's on the tty? interfaces anyways, it probably doesn't make much
> > > difference.
> 
> > Oh, I see.  Yeah, in the !lxc.ttydir case, when we created our own /dev
> > we should create the tty files.  I need to fix that.
> 
> Cool.  Once again...  Looks like we got some real progress here with
> this one.  I've still got more testing to do, undoing some of my changes
> in the container itself and making sure it all still works.
> 
> Also looks like I can stop and restart one of these containers now
> without the hung cgroup directory.  I suspected it was some stray
> devices behind that.  This is good.
> 
> > Of course in your case since systemd isn't going to start getty's on
> > them, you should not have the lxc.tty = 6 in your container config,
> > which it looks like you still do?
> 
> Yeah.  I was taking it one step at a time.  I wish they WOULD fire up
> some getty's on those tty's since that basically makes lxc-console kinda

As I recall, you can specify gettys to start on any tty by creating a
magical symlink, something like

 $ETC/getty.target.wants/getty\@tty{1,2,3,4,5,6}.service

> useless and the one on /dev/console is kinda useless in disconnected
> mode with the console redirected to a file.  Maybe we need some what for
> lxc-console to be able to grab that?  I'll have to look deeper at
> systemd and figure out if it can be parameterized or conditionalized in
> some way.  ITMT, I probably will just turn them off.
> 
> Many thanks!
> 
> Regards,
> Mike
> -- 
> Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
>    /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
>    NIC whois: MHW9          | An optimist believes we live in the best of all
>  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!

More information about the lxc-users mailing list