[lxc-users] lxc-console not working on centos 7 container
Fajar A. Nugraha
list at fajar.net
Fri Feb 6 09:30:44 UTC 2015
On Fri, Feb 6, 2015 at 3:25 AM, CDR <venefax at gmail.com> wrote:
> In Ubuntu 14.04 fully updated and lxc latest.1.1, a container with Centos 7
> never allows connection via lxc-console. It stays as below.
> If you start the container with -F, you can see how it boots and indeed you
> can log in via the console.
>
> lxc-console -n centos7
>
> Connected to tty 1
> Type <Ctrl+a q> to exit the console, <Ctrl+a Ctrl+a> to enter Ctrl+a itself
>
> Is there possible workaround?
Probably not.
Thanks to systemd, the only way you could start a c7 container under
ubuntu should be if you use
lxc.aa_profile = unconfined
lxc.mount.auto =
lxc.cap.drop =
(or don't specify the last two lines while using your own config file,
not using centos.common.conf). That would pretty much mean the
container could access everything on the host, and my simple test of
running "agetty tty1" inside the container pretty much screwed the
host.
If you exclusively need c7, it would probably easier to just use a c7
host as well, and use their "supported" method (i.e. docker). That way
you'd at least get selinux protection on the container as well, which
should prevent it from doing "bad stuff" to the host. Plus you don't
have to deal with the mess that is systemd (since they remove it and
replace with fakesystemd). You won't be able to get a login prompt
either, but at least it's a "safer" and supported way to run c7 inside
a container.
--
Fajar
More information about the lxc-users
mailing list