[Lxc-users] Confusing behaviour using LXC container with systemd

John lxc at jelmail.com
Wed Mar 13 22:38:03 UTC 2013


On 13/03/13 19:51, John wrote:
> On 13/03/13 18:42, Serge Hallyn wrote:
>> Quoting John (lxc at jelmail.com):
>>> On 12/03/13 23:21, Serge Hallyn wrote:
>>>> Quoting John (lxc at jelmail.com):
>>>>> On 12/03/13 22:25, Serge Hallyn wrote:
>>>>>> Quoting John (lxc at jelmail.com):
>>>> ...
>>>>> [root at boron ~]# mount
>>>>> none on /dev type tmpfs (rw,relatime,size=100k)
>>>>> devpts on /dev/console type devpts (rw,relatime,gid=5,mode=620,ptmxmode=000)
>>>>> devpts on /dev/tty1 type devpts (rw,relatime,gid=5,mode=620,ptmxmode=000)
>>>>> proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
>>>>> sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
>>>>> tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
>>>>> devpts on /dev/pts type devpts
>>>>> (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
>>>> Note there is no 'newinstance' on the devpts mount here.  I suspect
>>>> that's the problem.  Note that lxc starts up and gives you a
>>>> newinstance devpts mount, so this one was done by systemd.
>>>>
>>>> Next step (unless I'm misreading) is to look through systemd code
>>>> to see what you can do to make it not mount that.
>>>>
>>>> -serge
>>>>
>>> I have made one step forward... I read here
>>> (http://www.freedesktop.org/wiki/Software/systemd/ContainerInterface)
>>> that "the udev unit files will check for CAP_SYS_MKNOD, and skip
>>> udev if that is not available". So I added "lxc.cap.drop = mknod" to
>>> the container configuration and this has stopped devices getting
>>> messed up (well, at least it allows the dvb tuner I mentioned
>>> earlier to work). I still have the problem with character output on
>>> the terminal - I've asked the systemd people and they've said that
>>> it is lxc that mounts devpts and, to get that done properly (with
>>> newinstance), needs a confiiguration change in the container
>>> configuration.
>>>
>>> I have gone back and checked my old init-based container and its
>>> mounts were without newinstance as well so I guess I am missing
>>> something in my configuration to make it mount that way?
>> You shouldn't to specify a devpts mount in your conatiner at all, lxc
>> does it for you regardless.
>>
>> -serge
>>
> I haven't specified any such mount in the container configuration file
> and the /etc/fstab inside the container is empty. I am not doing
> anything to explicitly mount devpts. (previously, my init-based
> container configuration did but I removed that line when I switched it
> to autodev and systemd). I used to have the following in the config but
> these have all since been removed:
>
> lxc.mount.entry = none /srv/lxc/lithium.x86_64/dev/pts devpts defaults 0 0
> lxc.mount.entry = none /srv/lxc/lithium.x86_64/dev/shm tmpfs defaults 0 0
> lxc.mount.entry = none /srv/lxc/lithium.x86_64/proc proc defaults 0 0
> lxc.mount.entry = none /srv/lxc/lithium.x86_64/sys sysfs defaults 0 0
>
> Other info in case it's relevant: I've checked lxc-checkconfig and it
> shows "Multiple /dev/pts instances: enabled" (everything lists as
> enabled except "User namespace: missing" but I've done some checking and
> believe that's ok. My lxc version is reported as "lxc version:
> 0.9.0.alpha3". I built it from git from
> git://lxc.git.sourceforge.net/gitroot/lxc/lxc on March 10th using the
> lxc-git archlinux pkgbuild.
>
> thanks for the help as always.
>
>
I added "lxc.pts = 1024" to my config after reading somewhere that this 
is what causes the "newinstance" mount of devpts to happen. Now the 
difference in the mounts are as follows:

now:
devpts on /dev/pts type devpts (rw,relatime,mode=600,ptmxmode=666)

previously:
devpts on /dev/pts type devpts 
(rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)

and /dev/ptmx is now a symlink to /dev/pts/ptmx (I have removed the 
creation of /dev/pts that I had in my autodev hook).

it looks like it is a separate instance (the contents of /dev/pts differ 
between host and guest).

however the problem of character output on the terminal was still there. 
But I think I have solved that too...

In my autodev hook I had created the device node for tty0 because it was 
missing from the list of device nodes that I had previously in my 
init-based container. After deleting this from the hook I no longer get 
the spurious character output and things appear to be a bit more "normal".

So, to summarise, for systemd I think the following are necessary:

lxc.autodev = 1
lxc.cap.drop = mknod
lxc.pts = 1024

If additional devices required then add

lxc.hook.autodev = /path/to/script

where script is similar to:
#!/bin/bash
# LXC Autodev hook.
cd ${LXC_ROOTFS_MOUNT}/dev
mknod .....







More information about the lxc-users mailing list