[lxc-users] Converting from libvirt lxc

[Serge Hallyn]

Quoting Peter Steele (pwsteele at gmail.com):
> This message is a bit long and I apologize for that, although the
> bulk is cut-and-paste output. I'm migrating our container project
> from libvirt-lxc under CentOS 7.1 to LXC and I'm seeing some errors
> in /var/log/messages that I don't see in libvirt-lxc. The LXC
> containers I am creating are based on the same custom CentOS image
> that I've been using with libvirt-lxc. My assumption is that this
> image should be able to be used without any significant changes as
> long as I have the appropriate config file defined for this image
> when an LXC container is installed.
> 
> The lxc-create command I'm using looks generally like this:
> 
> # lxc-create -f /hf/cs/vm-03/config -t /bin/true -n vm-03
> --dir=/hf/cs/vm-03/rootfs
> 
> where the config file has the following options defined:
> 
>     lxc.tty = 4
>     lxc.pts = 1024
>     lxc.kmsg = 0
>     lxc.utsname = vm-03
>     lxc.network.type = veth
>     lxc.network.flags = up
>     lxc.network.link = br0
>     lxc.network.veth.pair = vm-03
>     lxc.network.hwaddr = fe:d6:e8:f2:aa:e6
>     lxc.rootfs = /hf/cs/vm-03/rootfs

Hi Peter,

my guess is that udev is starting because the container has
the capabilities to start.  If you look at stock containers
created using the lxc templates, the tend to include files
like /usr/share/lxc/config/common.conf, which has

lxc.cap.drop = mac_admin mac_override sys_time sys_module

Likewise, libvirt-lxc by default drops several capabilities,
but your config file isn't doing that.  (You also should probably
configure the devices cgroup.)

-serge