[lxc-users] Booting a Freebsd VM inside a container

Serge Hallyn serge.hallyn at ubuntu.com
Fri Feb 20 16:48:59 UTC 2015 

I've run kvm inside containers many times (mainly to test new qemu
packages from different releases).  You just need to make sure to
create /dev/kvm in the container, give it the right ownership+perms,
perhaps create /dev/net/tun, and give the needed cgroup.devices access.

-serge

Quoting Anjali Kulkarni (anjali at juniper.net):
> There is a reason for it, but I can’t discuss that. There is enough
> reason, and I know you would need some funky stuff (access stuff on host)
> to get it working, but that’s what I was looking at to see if it is
> feasible or if anyone has done it.
> 
> Anjali
> 
> On 2/20/15, 5:37 AM, "Fajar A. Nugraha" <list at fajar.net> wrote:
> 
> >On Fri, Feb 20, 2015 at 8:16 PM, Anjali Kulkarni <anjali at juniper.net>
> >wrote:
> >> Thanks, so for networking to work, all you need to do is add the
> >> networking links to the config file in /var/lib/lxc/<lxc_name> and then
> >> networking should work in the VM as it would in a normal LXC.
> >
> >Not if by "VM" you mean a qemu instance.
> >
> >> Regarding the freebsd VM, I understand that the host OS has to be the
> >>same
> >> as a container OS, but what I am looking for is a way to run the freebsd
> >> VM in emulated mode via qemu. Theoretically, if I can run a freebsd VM
> >>on
> >> the host OS via qemu/kvm, I should be able to run it inside the
> >>container
> >> via qemu as well right?
> >
> >No.
> >
> >Containers on lxc are not designed to run qemu (or virtualbox, or
> >name-your-fancy-software-that-access-devices directly) in it. In fact,
> >the default config on ubuntu would prevent that (via cap.drop and
> >selinux) to keep the containers from harming the host.
> >
> >You could PROBABLY work around it by creating an unsafe container
> >(e.g. using "lxc.cap.drop=" and "lxc.aa_profile=unconfined"), but then
> >what's the point of using containers then?
> >
> >> I don¹t want to map the VM¹s OS to the underlying
> >> OS, but just use qemu for the emulation part. Does that make sense?
> >
> >Not really. Is there any particular use case why you want to run
> >qemu/kvm instead the container, instead of on the host? Just because
> >it's cool? Because you rent a container from a VPS and want to run
> >something else on it?
> >
> >-- 
> >Fajar
> >_______________________________________________
> >lxc-users mailing list
> >lxc-users at lists.linuxcontainers.org
> >http://lists.linuxcontainers.org/listinfo/lxc-users
> 
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users

More information about the lxc-users mailing list