[lxc-users] "working" unprivileged centos 7 container under ubuntu

Fajar A. Nugraha list at fajar.net
Mon Aug 10 11:44:31 UTC 2015


On Mon, Aug 10, 2015 at 5:13 PM, Fajar A. Nugraha <list at fajar.net> wrote:
> As a follow up to
> https://lists.linuxcontainers.org/pipermail/lxc-users/2015-March/008658.html
> , I've tested similar setup but with systemd-224. My build is
> available on https://goo.gl/XpKFxS
>
> Tested and works:
> - container start & stop
> - lxc-console
> - lxc-attach
> - login via ssh
>
> What DOESN'T work:
> - systemd-journald. This means (among others) you won't have any
> additional output from "systemctl status"

Correction: apparently systemd-journald WORKS, it's
systemd-journald-audit.socket that's failing:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1457054

So you don't need this step:

> [root at c7-test /]# ln -s /dev/null /etc/systemd/system/systemd-journald.service

If you've already run that, just "rm
/etc/systemd/system/systemd-journald.service" and then reboot the
container.

Another thing, I notice that sometimes sshd (either service or socket)
doesn't start when container is started in background (without "-F").
A workaround that seems to work:

[root at c7-test ~]# cp /usr/lib/systemd/system/sshd.service
/etc/systemd/system/sshd.service

[root at c7-test ~]# vi /etc/systemd/system/sshd.service

Replace
After=network.target sshd-keygen.service
with
After=local-fs.target sshd-keygen.service

and
WantedBy=multi-user.target
with
WantedBy=network.target

[root at c7-test ~]# systemctl disable sshd

[root at c7-test ~]# systemctl enable sshd

poweroff, then start the container again. Either sshd.service or
sshd.socket should always be started now (check with "systemctl -a |
grep ssh").

-- 
Fajar


More information about the lxc-users mailing list