[Lxc-users] Confusing behaviour using LXC container with systemd

John lxc at jelmail.com
Wed Mar 13 19:51:32 UTC 2013 

On 13/03/13 18:42, Serge Hallyn wrote:
> Quoting John (lxc at jelmail.com):
>> On 12/03/13 23:21, Serge Hallyn wrote:
>>> Quoting John (lxc at jelmail.com):
>>>> On 12/03/13 22:25, Serge Hallyn wrote:
>>>>> Quoting John (lxc at jelmail.com):
>>> ...
>>>> [root at boron ~]# mount
>>>> none on /dev type tmpfs (rw,relatime,size=100k)
>>>> devpts on /dev/console type devpts (rw,relatime,gid=5,mode=620,ptmxmode=000)
>>>> devpts on /dev/tty1 type devpts (rw,relatime,gid=5,mode=620,ptmxmode=000)
>>>> proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
>>>> sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
>>>> tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
>>>> devpts on /dev/pts type devpts
>>>> (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
>>> Note there is no 'newinstance' on the devpts mount here.  I suspect
>>> that's the problem.  Note that lxc starts up and gives you a
>>> newinstance devpts mount, so this one was done by systemd.
>>>
>>> Next step (unless I'm misreading) is to look through systemd code
>>> to see what you can do to make it not mount that.
>>>
>>> -serge
>>>
>> I have made one step forward... I read here
>> (http://www.freedesktop.org/wiki/Software/systemd/ContainerInterface)
>> that "the udev unit files will check for CAP_SYS_MKNOD, and skip
>> udev if that is not available". So I added "lxc.cap.drop = mknod" to
>> the container configuration and this has stopped devices getting
>> messed up (well, at least it allows the dvb tuner I mentioned
>> earlier to work). I still have the problem with character output on
>> the terminal - I've asked the systemd people and they've said that
>> it is lxc that mounts devpts and, to get that done properly (with
>> newinstance), needs a confiiguration change in the container
>> configuration.
>>
>> I have gone back and checked my old init-based container and its
>> mounts were without newinstance as well so I guess I am missing
>> something in my configuration to make it mount that way?
> You shouldn't to specify a devpts mount in your conatiner at all, lxc
> does it for you regardless.
>
> -serge
>
I haven't specified any such mount in the container configuration file 
and the /etc/fstab inside the container is empty. I am not doing 
anything to explicitly mount devpts. (previously, my init-based 
container configuration did but I removed that line when I switched it 
to autodev and systemd). I used to have the following in the config but 
these have all since been removed:

lxc.mount.entry = none /srv/lxc/lithium.x86_64/dev/pts devpts defaults 0 0
lxc.mount.entry = none /srv/lxc/lithium.x86_64/dev/shm tmpfs defaults 0 0
lxc.mount.entry = none /srv/lxc/lithium.x86_64/proc proc defaults 0 0
lxc.mount.entry = none /srv/lxc/lithium.x86_64/sys sysfs defaults 0 0

Other info in case it's relevant: I've checked lxc-checkconfig and it 
shows "Multiple /dev/pts instances: enabled" (everything lists as 
enabled except "User namespace: missing" but I've done some checking and 
believe that's ok. My lxc version is reported as "lxc version: 
0.9.0.alpha3". I built it from git from 
git://lxc.git.sourceforge.net/gitroot/lxc/lxc on March 10th using the 
lxc-git archlinux pkgbuild.

thanks for the help as always.

More information about the lxc-users mailing list