[lxc-users] LXC 1.1 has been released!

Stéphane Graber stgraber at ubuntu.com
Sat Jan 31 17:32:53 UTC 2015 

On Sat, Jan 31, 2015 at 05:59:09PM +0100, Dirk Geschke wrote:
> Hi Stephane,
> 
> > The LXC team is pleased to announce the release of LXC 1.1!
> 
> fine :-)
> 
> >  - Support for running systemd as the init system inside the container
> >    was also greatly improved and should now work by default both for
> >    privileged and unprivileged containers when combined with lxcfs and a
> >    recent systemd.
> 
> Can you lose some words on this: How can systemd work within an
> unprivileged container? Do we need lxcfs to get it work?
> 
> Best regards
> 
> Dirk

As the text says, yes you need lxcfs (the full announcement states lxcfs
0.5 or higher and cgmanager 0.35 or higher). Once lxcfs is installed on
your system and running with the LXC config and hooks in place, LXC
should work fine for unprivileged containers at least with Ubuntu vivid
and Debian unstable, other distros typically have an older systemd which
hangs during the boot sequence.

Privileged containers using systemd don't have as many issues though if
you want to run them under apparmor, lxcfs is also required there to
make it possible.


Basically what we had to do is:
 - Provide a user mountable and writable /sys/fs/cgroup (done by lxcfs)
 - Provide a pre-populated tmpfs for /dev (done by lxc)
 - Don't alias /dev/kmsg to /dev/console (done by lxc)
 - Drop some capabilities (done by lxc)
 - Fix systemd not to hang in loopback config (done in systemd)
 - Fix systemd not to unmount /dev/console and /dev/urandom (done in systemd)
 - Fix systemd not to fail when setting oom_adj in a userns (done in systemd)

While all of those (which you all get with Ubuntu vivid), then you can
start unprivileged containers using systemd.
I expect that within the next year, most distros should get the fixed
systemd in their releases and so we'll be able to run them all in LXC.

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20150131/2e46d98e/attachment.sig>

More information about the lxc-users mailing list