[Lxc-users] Confusing behaviour using LXC container with systemd

[John]

On 12/03/13 23:21, Serge Hallyn wrote:
> Quoting John (lxc at jelmail.com):
>> On 12/03/13 22:25, Serge Hallyn wrote:
>>> Quoting John (lxc at jelmail.com):
> ...
>> [root at boron ~]# mount
>> none on /dev type tmpfs (rw,relatime,size=100k)
>> devpts on /dev/console type devpts (rw,relatime,gid=5,mode=620,ptmxmode=000)
>> devpts on /dev/tty1 type devpts (rw,relatime,gid=5,mode=620,ptmxmode=000)
>> proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
>> sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
>> tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
>> devpts on /dev/pts type devpts
>> (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
> Note there is no 'newinstance' on the devpts mount here.  I suspect
> that's the problem.  Note that lxc starts up and gives you a
> newinstance devpts mount, so this one was done by systemd.
>
> Next step (unless I'm misreading) is to look through systemd code
> to see what you can do to make it not mount that.
>
> -serge
>
I have made one step forward... I read here 
(http://www.freedesktop.org/wiki/Software/systemd/ContainerInterface) 
that "the udev unit files will check for CAP_SYS_MKNOD, and skip udev if 
that is not available". So I added "lxc.cap.drop = mknod" to the 
container configuration and this has stopped devices getting messed up 
(well, at least it allows the dvb tuner I mentioned earlier to work). I 
still have the problem with character output on the terminal - I've 
asked the systemd people and they've said that it is lxc that mounts 
devpts and, to get that done properly (with newinstance), needs a 
confiiguration change in the container configuration.

I have gone back and checked my old init-based container and its mounts 
were without newinstance as well so I guess I am missing something in my 
configuration to make it mount that way?