[lxc-users] Status: Debian Jessie support for unprivileged containers?
Christian Benke
benkokakao at gmail.com
Wed Oct 14 15:07:07 UTC 2015
On 13 October 2015 at 12:11, Xavier Gendre <gendre.reivax at gmail.com> wrote:
> You can run unprivileged Jessie container in a Jessie host. The point is
> that the container fails to start mainly because of systemd in the Jessie
> container.
>
> To tackle that problem, i create a custom image of Jessie without systemd
> and it runs perfectly. I give the details to create the image and the
> container in my blog (in french, sorry):
>
> https://www.meseira.fr/blog/post/2015/08/02/unprivileged-jessie-container/
>
> It consists in using the tools of lxc-ci and modifying the script devoted to
> Jessie image to replace systemd by sysvinit. After, you just have to set
> your cache directory to provide the custom Jessie image to lxc-create.
Xavier, thanks for your the link to your blog and your contribution.
Apparently that's the most simple way to get this done - I hope
there's an upgrade-path to systemd in the future.
Although setting it up was not as straightforward as your tutorial:
- Package "python3-all-dev" currently has dependency issues
(https://bugs.launchpad.net/ubuntu/+source/python3.4/+bug/1503382,
http://askubuntu.com/a/683604/331398)
I was able to solve this by adding a time.sleep(120) in
lxc-ci/__init__.py before self.update(), attaching to the new
temporary container while the timer was running and downgrading the
python3-packages (See askubuntu-answer)
- cgroups caused some trouble. Setting them with cgmanager/cgm for the
specific user helped (See http://unix.stackexchange.com/a/171478/88252
and http://bit.ly/1jokrFl)
If anyone knows a good way to make this permanent, let me know!
Basically it's:
sudo service cgmanager start
sudo cgm create all $USER
sudo cgm chown all $USER $(id -u) $(id -g)
sudo cgm movepid all $USER $$
- "lxc-attach -n $jessiecontainer" does not set the full
$PATH-environment-variable which is quite inconvenient when
unexpected, "export
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
helps
- The Jessie-template does not include man-db, iputils-ping,
apt-utils, rsyslog - I found it easier to configure the container with
these installed, could be added to the debian.json-file (But they
where probably left out to make the template slimmer)
But it looks like this is otherwise working quite ok, thanks a lot!
More information about the lxc-users
mailing list