[lxc-users] Yum hangs on CentOS 7 [Host] -> CentOS [Guest] privileged container

Fajar A. Nugraha list at fajar.net
Tue Feb 9 21:46:00 UTC 2016


On Wed, Feb 10, 2016 at 12:10 AM, Rahul Rege <rahul.rege at sungardas.com>
wrote:

> Thanks Fajar, I was unaware of the lxcfs. I will install it on my host.
>
> I would love to move back to Ubuntu since I had used it with LXC about a
> year back and I was happy with it, although that time it was just a basic
> app and a db that I was using it for and it didn't complain about anything.
>
> I am revisiting LXC again and this time the guest had to be a CentOS with
> following tasks in my mind :
> - Guest should be able to run a full KVM inside it, I don't intend to run
> it heavy but need it for some compute experiments.
> - Guest should be able to run openVSwitch, be able to create veth pairs,
> bridges and do all advanced networking.
>
>

you do know that in that setup, you allow guest to do anything, including
things that can potentially harm the host?

shoudn't be an issue if the guest root is trusted (i.e. yourself) though.
you need to do some modification yourself (e.g. lxc.aa_profile=unconfined,
add necessary cgroup device allows, etc)



> So I started with priviledged Centos 7 containers on Ubu 14.04, I faced
> some issues and moved to having CentOS 7 host, probably I should revisit
> using Ubuntu.
>
>

use ppa:ubuntu-lxc/lxc-stable with ubuntu. That should give you a working
lxcfs easily.



> I am currently using Centos 7 host with lxc and lxc-template packages from
> EPEL
>


AFAIK it's old, and only suitable for sysvinit/upstart-based containers


>
> So in general, running priviledged CentOS guest on Ubuntu for above
> objectives should be OK and recommended right ? sorry its bit offtopic.
>
>
It should be easier in ubuntu host. I've only used virtualbox inside an
ubuntu container, not kvm inside centos, but it should be similar.


-- 
Fajar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20160210/6954500c/attachment.html>


More information about the lxc-users mailing list