[Lxc-users] mknod inside systemd container

John lxc at jelmail.com
Fri Apr 5 15:16:13 UTC 2013 

>
> But...  A hint may be in the lxc-fedora template where there is
> specifically a "configure_systemd_fedora" function that does this:
>
> configure_fedora_systemd()
> {
>      unlink ${rootfs_path}/etc/systemd/system/default.target
>      touch ${rootfs_path}/etc/fstab
>      chroot ${rootfs_path} ln
> -s /dev/null //etc/systemd/system/udev.service chroot ${rootfs_path}
> ln
> -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
> #dependency on a device unit fails it specially that we disabled udev
> sed -i 's/After=dev-%i.device/After=/'
> ${rootfs_path}/lib/systemd/system/getty\@.service }
>
>
> Something similar does exist in the lxc-archlinux template:
>
> # disable services unavailable for container
> ln -s /dev/null /etc/systemd/system/systemd-udevd.service
> ln -s /dev/null /etc/systemd/system/systemd-udevd-control.socket
> ln -s /dev/null /etc/systemd/system/systemd-udevd-kernel.socket
> ln -s /dev/null /etc/systemd/system/proc-sys-fs-binfmt_misc.automount
> # set default systemd target
> ln
> -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
>
> The lxc-archlinux template script seems very badly broken for me,
> expecting an fixed bridge name of br0 and not using the defaults
> from /etc/lxc/default.conf and looking for things that are not present
> on my Fedora host.  So I haven't been able to build an archlinux
> container on my host systems.
>
> Did you build yours from lxc-create or did you roll your own?  Maybe
> you might want to check those /dev/null links in that container.
> Looks like udevd should not even start if those have been set
> correctly.

Thanks Mike. I roll my own template as I've been doing it since before 
an Arch template existed for lxc-create. I have just added the /dev/null 
links and removed the cap drop for mknod from the lxc config. A quick 
test looks positive so I think that's the answer.

The next problem that I was going to tackle was why 
"proc-sys-fs-binfmt_misc.automount" failed. But you've answered that also.

> With mask method (ln -s /dev/null ...) for systemd above, I had success
> with lxc from git on 20130402, systemd 198 on (manual build
> archlinux) container on a sysvinit/initscripts host.
>
> I run openvpn in this container with following service script:
>
> cat /etc/systemd/system/tundev.service
> [Unit]
> Description=Add tun device workaround
> Wants=network.target
> Before=openvpn at .service
>
> [Service]
> Type=oneshot
> RemainAfterExit=yes
> ExecStart=/usr/bin/mkdir /dev/net
> ExecStart=/usr/bin/mknod -m 666 /dev/net/tun c 10 200
>
> [Install]
> WantedBy=multi-user.target
>
> Hope that helps.
> With best regards Joerg
>
Yes, good to know someone else has it working too :)

More information about the lxc-users mailing list