[lxc-users] Unprivileged Systemd-based Containers
Dirk Geschke
dirk at lug-erding.de
Mon Jan 26 11:13:38 UTC 2015
Hi Christian,
> questions like this have been asked here before but none of them has
> received a reply. See:
>
> https://lists.linuxcontainers.org/pipermail/lxc-users/2014-November/008082.htmlA
>
> and
>
> https://lists.linuxcontainers.org/pipermail/lxc-users/2014-December/008155.html
>
> (1) Is it possible to run systemd-based distros as unprivileged containers?
with the "normal" LXC it is not possible, you aren't able to mount
the cgroup directory as a normal user and hence can't bind-mount it
in an unprivileged container.
It might work, if cgroup namespaces make it into the kernel. The
patch seems to be already there, needs only to be integrated, I think.
But there seems to be another solution with LXFS:
https://linuxcontainers.org/lxcfs/introduction/
This is what it says:
+ A cgroupfs-like tree which is container aware and works
using CGManager.
+ A set of files which can be bind-mounted over their /proc
originals to provide CGroup-aware values.
With this trick it should be possible to run systemd in an
unprivileged container. But I have to admint, I didn't tested
it so far. It's on my agenda, though.
Best regards
Dirk
--
+----------------------------------------------------------------------+
| Dr. Dirk Geschke / Plankensteinweg 61 / 85435 Erding |
| Telefon: 08122-559448 / Mobil: 0176-96906350 / Fax: 08122-9818106 |
| dirk at geschke-online.de / dirk at lug-erding.de / kontakt at lug-erding.de |
+----------------------------------------------------------------------+
More information about the lxc-users
mailing list