[Lxc-users] mknod inside systemd container

John lxc at jelmail.com
Wed Apr 3 22:03:56 UTC 2013 

On 02/04/13 23:59, Michael H. Warfield wrote:
> On Tue, 2013-04-02 at 16:02 +0100, John wrote:
>> If my understanding is correctl, to stop systemd trying to launch udev
>> and generally make a mess of everything inside a container, you need to
>> remove the mknod capability from the container.
> Ah...  That's kind of old information and not really effective.
>
>> But what if I want
>> (need) to be able to use mknod inside a container, how can I do that
>> with a systemd container?
> 1) Get the latest lxc.  lxc 0.8 might suffice for systemd in a container
> but not with systemd in the host and I wouldn't recommend it.  0.9.0 is
> being pulled and bundled now.  It's not up yet but 0.9.0.rc1 is.
>
> 2) You'll have to add "lxc.autodev = 1" to your configuration file.

I already do that. I am running "lxc version: 0.9.0.alpha3"

I found that, without the removal of mknod capability, everything went 
crazy. I have working containers with systemd both on host and inside 
the container (I even run my full desktop inside a container). To get a 
systemd container working I found I needed three things:

lxc.autodev = 1
lxc.cap.drop = mknod
lxc.pts = 1024

It's alll working well except for the fact that I might need to allow a 
container to have mknod capability. Are you saying that with 0.9.0 there 
are changes that negate the requirement for "lxc.cap.drop = mknod"? The 
way I understood it was that it was systemd that behaved differently 
based on the availability of that capability...


> I have found that this works to get recent systemd containers (Fedora
> 17) to work but Fedora 15 and Fedora 16 (neither of which are supported
> any longer) work due to udev / systemd interaction.
>
> I would recommend waiting a couple of days until 0.9.0 is up and then
> pulling it down and building it.  That's your best shot with systemd.
>
>> I have this container that is a builder of system images for other nodes
>> (containers and/or metal boxes). In order to correctly do this it needs
>> to execute mknod inside the image as it builds it. (note, device nodes
>> created doesn't need to be usable in the context of the image being
>> built - the builder just needs to be able to create it).
>>
>> I've been doing this for ages under sysvinit and it's been fine. I have
>> just migrated this builder container to systemd and hit this problem...
>> Is there another way to keep systemd in line other than removing the
>> mknod capability ?
>>
>> Thanks,
>> John
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Own the Future-Intel(R) Level Up Game Demo Contest 2013
>> Rise to greatness in Intel's independent game demo contest. Compete
>> for recognition, cash, and the chance to get your game on Steam.
>> $5K grand prize plus 10 genre and skill prizes. Submit your demo
>> by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2
>> _______________________________________________
>> Lxc-users mailing list
>> Lxc-users at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/lxc-users
>>

More information about the lxc-users mailing list