[lxc-users] Unprivileged Systemd-based Containers

Dirk Geschke dirk at lug-erding.de
Mon Jan 26 11:13:38 UTC 2015


Hi Christian,

> questions like this have been asked here before but none of them has
> received a reply. See:
> 
>     https://lists.linuxcontainers.org/pipermail/lxc-users/2014-November/008082.htmlA
> 
> and
> 
>     https://lists.linuxcontainers.org/pipermail/lxc-users/2014-December/008155.html
> 
> (1) Is it possible to run systemd-based distros as unprivileged containers?

with the "normal" LXC it is not possible, you aren't able to mount
the cgroup directory as a normal user and hence can't bind-mount it
in an unprivileged container. 

It might work, if cgroup namespaces make it into the kernel. The 
patch seems to be already there, needs only to be integrated, I think.

But there seems to be another solution with LXFS:

   https://linuxcontainers.org/lxcfs/introduction/

This is what it says:

 + A cgroupfs-like tree which is container aware and works 
   using CGManager.
 
 + A set of files which can be bind-mounted over their /proc 
   originals to provide CGroup-aware values.

With this trick it should be possible to run systemd in an 
unprivileged container. But I have to admint, I didn't tested
it so far. It's on my agenda, though.

Best regards

Dirk

-- 
+----------------------------------------------------------------------+
| Dr. Dirk Geschke       / Plankensteinweg 61    / 85435 Erding        |
| Telefon: 08122-559448  / Mobil: 0176-96906350 / Fax: 08122-9818106   |
| dirk at geschke-online.de / dirk at lug-erding.de  / kontakt at lug-erding.de |
+----------------------------------------------------------------------+


More information about the lxc-users mailing list