[lxc-users] (Semi) Unprivileged Linux Containers on Debian 7 Stable

Rami Rosen roszenrami at gmail.com
Mon Apr 28 10:29:15 UTC 2014


Hi, Assaf,
Thanks for this great tutorial!

Two short comments:

1) You can disable the udhcpc error by commenting the
/bin/udhcpc line in the container configuration file; for example, if
the container name is busyboxCT and it is installed under
/var/lib/lxc,
simply open  /var/lib/lxc/busyboxCT/rootfs/etc/init.d/rcS and comment
the /bin/udhcpc line inside it.

2) Did "lxc-stop -n containerName" work for you with the busybox container?
When I last tried it, it did not work. The reason was that the
lxc-stop sends a SIGPWR signal, and the busybox version I used did not
stop the container when getting a SIGPWR.
The workarounds that worked for me were:
-   call "lxc-stop containerName -k"  (this sends a SIGKILL, which
kills the container)
- Use most recent busybox from git. There is a patch,
"init: halt on SIGPWR too", which makes the busybox init process halt
when receiving SIGPWR.
see:
http://lists.busybox.net/pipermail/busybox-cvs/2013-November/034290.html

BTW, there is a third way, which I did not try with busybox: define
lxc.stopsignal to be SIGKILL in the config file of the container.

Best regards,
Rami Rosen
http://ramirose.wix.com/ramirosen

On Sun, Apr 27, 2014 at 8:59 PM, Assaf Gordon <assafgordon at gmail.com> wrote:
> Hello,
>
> I got semi-unprivileged containers to work on Debian 7 stable (with only a
> kernel upgrade to 3.12 from Debian Backports).
> It requires "sudo" to start the container, but inside it runs as a non-root
> user.
>
> If anyone is interested, I summarized it here:
>   http://crashcourse.housegordon.org/LXC-semi-unprivileged-containers.html
>
> Comments are welcomed,
>  -gordon
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users


More information about the lxc-users mailing list