[lxc-users] lxc-console not working on centos 7 container

Thu Feb 12 07:50:08 UTC 2015

I cannot get past this
root at ubuserver:/var/lib/lxc/c7v# lxc-console -n c7v

Connected to tty 1
Type <Ctrl+a q> to exit the console, <Ctrl+a Ctrl+a> to enter Ctrl+a itself

On Thu, Feb 12, 2015 at 2:41 AM, CDR <venefax at gmail.com> wrote:

> I cannot make this solution work.
> There are a lot of errors.
>
>
> On Thu, Feb 12, 2015 at 1:19 AM, CDR <venefax at gmail.com> wrote:
>
>> Thanks. I think Serge  may want to change permanently the config and
>> other in the on-line template so Centos 7 does work right away.
>>
>>
>> On Thu, Feb 12, 2015 at 1:08 AM, Fajar A. Nugraha <list at fajar.net> wrote:
>>
>>> So after some expmeriments, this is what I have: http://goo.gl/7p3nUI
>>> - create c7 container, e.g.
>>> lxc-create -n c7v -t download -B zfs --zfsroot rpool/lxc -- -d centos
>>> -r 7 -a amd64
>>>
>>> - edit config file. See "config" on that gdrive link,  look for
>>> "Manual additions"
>>>
>>> - place script/systemd_create_cgroup in the correct path (whatever you
>>> use the config file), chmod 700
>>>
>>> - start the container.
>>>
>>> This is similar with what I did for fedora20, on
>>>
>>> https://lists.linuxcontainers.org/pipermail/lxc-users/2014-May/007069.html
>>>
>>> What works that previously doesn't:
>>> - lxc-console
>>> - default apparmor container profile (so, for example, you can't mess
>>> up host's cgroup allocation)
>>> - default lxc.cap.drop (although you might want to remove sys_nice if
>>> you have apps that depend on it)
>>> - rsyslogd now always start correctly (previously there could be stale
>>> PIDs on /var/run)
>>>
>>> What still does NOT work: unpriviledged container
>>> I tried backporting F22's systemd-218 plus ubuntu vivid's changes
>>> (RPMS and SPECS folder), but it wasn't enough to run unpriviledged
>>> container.
>>>
>>> It should be reasonably safer than allow-the-container-to-do-anything
>>> approach previously needed for c7.
>>>
>>> --
>>> Fajar
>>>
>>> On Fri, Feb 6, 2015 at 9:35 PM, CDR <venefax at gmail.com> wrote:
>>> > Thanks.
>>> > I love Ubuntu as a host for LXC. I just got addicted to systemctl and
>>> > writing *.service files. It is much more sophisticated than the older
>>> way of
>>> > starting and stopping applications.
>>> >
>>> > On Fri, Feb 6, 2015 at 8:40 AM, Fajar A. Nugraha <list at fajar.net>
>>> wrote:
>>> >>
>>> >> On Fri, Feb 6, 2015 at 8:15 PM, CDR <venefax at gmail.com> wrote:
>>> >> > Thanks for the response.
>>> >> > I disable selinux and a apparmor routinely. My containers are just
>>> a way
>>> >> > to
>>> >> > separate applications, there are no users accessing them, nothing
>>> bad
>>> >> > can
>>> >> > happen.
>>> >> > So basically you are saying that there is no way to run Centos 7
>>> under
>>> >> > an
>>> >> > Ubuntu host.
>>> >>
>>> >> No. What I'm saying is when you use c7 container (and possible most
>>> >> newer-systemd-based distros) under ubuntu host:
>>> >> - you can't use lxc-console
>>> >> - root on your container can mess up the host
>>> >>
>>> >> It shouldn't really matter for your use case, since "lxc-attach" works
>>> >> just fine (you DO know about lxc-attach?), and you don't really care
>>> >> about user access anyway.
>>> >>
>>> >> This should improve in the future as debian/ubuntu is also moving
>>> >> towards systemd (lxcfs is supposed to help), however currently the
>>> >> required level of support/integration is just not there yet.
>>> >>
>>> >> Since your main use case is "separate applications", docker might be a
>>> >> better candidate. And when you use c7-based docker container under c7
>>> >> host, you might even get better protection since they integrate
>>> >> selinux.
>>> >>
>>> _______________________________________________
>>> lxc-users mailing list
>>> lxc-users at lists.linuxcontainers.org
>>> http://lists.linuxcontainers.org/listinfo/lxc-users
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20150212/9f428148/attachment.html>