[lxc-users] lxc-console not working on centos 7 container

CDR venefax at gmail.com
Fri Feb 6 13:15:34 UTC 2015


Thanks for the response.
I disable selinux and a apparmor routinely. My containers are just a way to
separate applications, there are no users accessing them, nothing bad can
happen.
So basically you are saying that there is no way to run Centos 7 under an
Ubuntu host.
Pretty amazing, if I may say.
I think somebody dropped the ball.


On Fri, Feb 6, 2015 at 4:30 AM, Fajar A. Nugraha <list at fajar.net> wrote:

> On Fri, Feb 6, 2015 at 3:25 AM, CDR <venefax at gmail.com> wrote:
> > In Ubuntu 14.04 fully updated and lxc latest.1.1, a container with
> Centos 7
> > never allows connection via lxc-console. It stays as below.
> > If you start the container with -F, you can see how it boots and indeed
> you
> > can log in via the console.
> >
> > lxc-console -n centos7
> >
> > Connected to tty 1
> > Type <Ctrl+a q> to exit the console, <Ctrl+a Ctrl+a> to enter Ctrl+a
> itself
> >
> > Is there possible workaround?
>
> Probably not.
>
> Thanks to systemd, the only way you could start a c7 container under
> ubuntu should be if you use
>
> lxc.aa_profile = unconfined
> lxc.mount.auto =
> lxc.cap.drop =
>
> (or don't specify the last two lines while using your own config file,
> not using centos.common.conf). That would pretty much mean the
> container could access everything on the host, and my simple test of
> running "agetty tty1" inside the container pretty much screwed the
> host.
>
> If you exclusively need c7, it would probably easier to just use a c7
> host as well, and use their "supported" method (i.e. docker). That way
> you'd at least get selinux protection on the container as well, which
> should prevent it from doing "bad stuff" to the host. Plus you don't
> have to deal with the mess that is systemd (since they remove it and
> replace with fakesystemd). You won't be able to get a login prompt
> either, but at least it's a "safer" and supported way to run c7 inside
> a container.
>
> --
> Fajar
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20150206/7b2152df/attachment.html>


More information about the lxc-users mailing list