[lxc-users] Unprivileged Systemd-based Containers

Christian Brauner christianvanbrauner at gmail.com
Mon Jan 26 11:08:56 UTC 2015


Hello,

questions like this have been asked here before but none of them has
received a reply. See:

    https://lists.linuxcontainers.org/pipermail/lxc-users/2014-November/008082.htmlA

and

    https://lists.linuxcontainers.org/pipermail/lxc-users/2014-December/008155.html

(1) Is it possible to run systemd-based distros as unprivileged containers?

(2) When I try to use

        lxc-create -t download

    no fully systemd-based distros seem to come up (Fedora, Archlinux, OpenSuse
    etc.; Ubuntu Vivid provides upstart and systemd I think). See:

        [chb at conventiont ~]$ lxc-create -t download -n any
        Setting up the GPG keyring
        Downloading the image index
        
        ---
        DIST    RELEASE ARCH    VARIANT BUILD
        ---
        centos  6       amd64   default 20150126_02:16
        centos  6       i386    default 20150126_02:16
        debian  wheezy  amd64   default 20150125_22:42
        debian  wheezy  armel   default 20150120_22:42
        debian  wheezy  armhf   default 20150125_22:42
        debian  wheezy  i386    default 20150125_22:42
        oracle  6.5     amd64   default 20150125_11:40
        oracle  6.5     i386    default 20150125_11:40
        plamo   5.x     amd64   default 20150125_21:36
        plamo   5.x     i386    default 20150125_21:36
        ubuntu  lucid   amd64   default 20150126_03:49
        ubuntu  lucid   i386    default 20150126_03:49
        ubuntu  precise amd64   default 20150126_03:49
        ubuntu  precise armel   default 20150124_03:49
        ubuntu  precise armhf   default 20150126_03:49
        ubuntu  precise i386    default 20150126_03:49
        ubuntu  trusty  amd64   default 20150126_03:49
        ubuntu  trusty  arm64   default 20150126_03:49
        ubuntu  trusty  armhf   default 20150126_03:49
        ubuntu  trusty  i386    default 20150126_03:49
        ubuntu  trusty  ppc64el default 20150126_03:49
        ubuntu  utopic  amd64   default 20150126_03:49
        ubuntu  utopic  arm64   default 20150126_03:49
        ubuntu  utopic  armhf   default 20150126_03:49
        ubuntu  utopic  i386    default 20150126_03:49
        ubuntu  utopic  ppc64el default 20150126_03:49
        ubuntu  vivid   amd64   default 20150126_03:49
        ubuntu  vivid   arm64   default 20150126_03:49
        ubuntu  vivid   armhf   default 20150126_03:49
        ubuntu  vivid   i386    default 20150126_03:49
        ubuntu  vivid   ppc64el default 20150126_03:49
        ---
        
        Distribution: 

    How can I get hold of systemd-based distros like Fedora, Archlinux
    and OpenSuse if downloading them is not an option and the templates
    do not work with unprivileged containers?

(3) With the current git version (build today 2015-01-26T11:55:36+0100)
    the command

        lxc-start -n CONTAINER

    does not show a boot screen like it used to do but rather starts the
    container in daemon mode and I have to use

        lxc-attach -n CONTAINER -- /bin/bash

    to enter it.
    Is this expected behaviour?

(4) By chance I had a Debian Jessie container left from a long time ago
    which I downloaded as an unprivileged container. If I start it with

        lxc-start -n jessie

    it starts but it only show

        /sbin/init

    in its process tree and systemd is pretty much unusable.

    If I start it with

        lxc-start -n jessie -F

    to restore the old boot process (see (3)) it hangs with the error message
    that it failed to mount

        /sys/fs/cgroup
    
    Presupposing that your answer to (1) is "yes", how can I get it to boot
    correctly and have a usable systemd?

System Info:

--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled
Multiple /dev/pts instances: enabled

--- Control groups ---
Cgroup: enabled
Cgroup clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled

--- Misc ---
Veth pair device: enabled
Macvlan: enabled
Vlan: enabled
File capabilities: enabled

Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig

Distro:
Arch Linux \r (\l)

Kernel:
Linux conventiont 3.18.3-ChB #1 SMP PREEMPT Mon Jan 19 21:12:11 UTC 2015 x86_64 GNU/Linux



More information about the lxc-users mailing list