[lxc-users] lxc-console not working on centos 7 container
CDR
venefax at gmail.com
Thu Feb 12 07:41:44 UTC 2015
I cannot make this solution work.
There are a lot of errors.
On Thu, Feb 12, 2015 at 1:19 AM, CDR <venefax at gmail.com> wrote:
> Thanks. I think Serge may want to change permanently the config and other
> in the on-line template so Centos 7 does work right away.
>
>
> On Thu, Feb 12, 2015 at 1:08 AM, Fajar A. Nugraha <list at fajar.net> wrote:
>
>> So after some expmeriments, this is what I have: http://goo.gl/7p3nUI
>> - create c7 container, e.g.
>> lxc-create -n c7v -t download -B zfs --zfsroot rpool/lxc -- -d centos
>> -r 7 -a amd64
>>
>> - edit config file. See "config" on that gdrive link, look for
>> "Manual additions"
>>
>> - place script/systemd_create_cgroup in the correct path (whatever you
>> use the config file), chmod 700
>>
>> - start the container.
>>
>> This is similar with what I did for fedora20, on
>> https://lists.linuxcontainers.org/pipermail/lxc-users/2014-May/007069.html
>>
>> What works that previously doesn't:
>> - lxc-console
>> - default apparmor container profile (so, for example, you can't mess
>> up host's cgroup allocation)
>> - default lxc.cap.drop (although you might want to remove sys_nice if
>> you have apps that depend on it)
>> - rsyslogd now always start correctly (previously there could be stale
>> PIDs on /var/run)
>>
>> What still does NOT work: unpriviledged container
>> I tried backporting F22's systemd-218 plus ubuntu vivid's changes
>> (RPMS and SPECS folder), but it wasn't enough to run unpriviledged
>> container.
>>
>> It should be reasonably safer than allow-the-container-to-do-anything
>> approach previously needed for c7.
>>
>> --
>> Fajar
>>
>> On Fri, Feb 6, 2015 at 9:35 PM, CDR <venefax at gmail.com> wrote:
>> > Thanks.
>> > I love Ubuntu as a host for LXC. I just got addicted to systemctl and
>> > writing *.service files. It is much more sophisticated than the older
>> way of
>> > starting and stopping applications.
>> >
>> > On Fri, Feb 6, 2015 at 8:40 AM, Fajar A. Nugraha <list at fajar.net>
>> wrote:
>> >>
>> >> On Fri, Feb 6, 2015 at 8:15 PM, CDR <venefax at gmail.com> wrote:
>> >> > Thanks for the response.
>> >> > I disable selinux and a apparmor routinely. My containers are just a
>> way
>> >> > to
>> >> > separate applications, there are no users accessing them, nothing bad
>> >> > can
>> >> > happen.
>> >> > So basically you are saying that there is no way to run Centos 7
>> under
>> >> > an
>> >> > Ubuntu host.
>> >>
>> >> No. What I'm saying is when you use c7 container (and possible most
>> >> newer-systemd-based distros) under ubuntu host:
>> >> - you can't use lxc-console
>> >> - root on your container can mess up the host
>> >>
>> >> It shouldn't really matter for your use case, since "lxc-attach" works
>> >> just fine (you DO know about lxc-attach?), and you don't really care
>> >> about user access anyway.
>> >>
>> >> This should improve in the future as debian/ubuntu is also moving
>> >> towards systemd (lxcfs is supposed to help), however currently the
>> >> required level of support/integration is just not there yet.
>> >>
>> >> Since your main use case is "separate applications", docker might be a
>> >> better candidate. And when you use c7-based docker container under c7
>> >> host, you might even get better protection since they integrate
>> >> selinux.
>> >>
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20150212/1c5df688/attachment.html>
More information about the lxc-users
mailing list