[lxc-users] lxc 2.0.6 breaks lxc-start
Detlef Vollmann
dv at vollmann.ch
Thu Jan 5 12:31:28 UTC 2017
On 01/01/17 14:14, Christian Brauner wrote:
> Hm, works for me. I can just start containers fine where the
> configuration file is located somewhere else. Can you please
> append/copy the containers configuration file here and note any
> special tweaks to your setup as well?
Here's my test case:
$ sudo lxc-ls
rlx3-test1 trusty-dev
# note: no 'test' here
$ sudo lxc-start -F -n test -f /images/lxc/test.conf
Error: container test is not defined
$ sudo lxc-create -n test -f /images/lxc/test.conf -t none
$ sudo lxc-ls
rlx3-test1 test trusty-dev
# no we have 'test'
$ sudo lxc-start -F -n test -f /images/lxc/test.conf
INIT: version 2.88 booting
...
I.e. without 'lxc-create', 'lxc-start' doesn't work anymore, though it
used to work this way.
The root fs is a pretty minimal Debian (wheezy), the config is simple
and attached.
Detlef
-------------- next part --------------
# test configuration
# based on debian.common.conf
# I found no documentation what happens on double entries...
lxc.arch = x86_64
# Default pivot location
lxc.pivotdir = lxc_putold
# Default mount entries
lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
lxc.mount.entry = sysfs sys sysfs defaults 0 0
lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none bind,optional 0 0
# Default console settings
lxc.tty = 4
lxc.pts = 1024
# Default capabilities
lxc.cap.drop = sys_module mac_admin mac_override sys_time
# When using LXC with apparmor, the container will be confined by default.
# If you wish for it to instead run unconfined, copy the following line
# (uncommented) to the container's configuration file.
lxc.aa_profile = unconfined
# Default cgroup limits
lxc.cgroup.devices.deny = a
## Allow any mknod (but not using the node)
lxc.cgroup.devices.allow = c *:* m
lxc.cgroup.devices.allow = b *:* m
## /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
## consoles
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 5:1 rwm
## /dev/{,u}random
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 1:9 rwm
## /dev/pts/*
lxc.cgroup.devices.allow = c 5:2 rwm
lxc.cgroup.devices.allow = c 136:* rwm
## rtc
lxc.cgroup.devices.allow = c 254:0 rm
## fuse
lxc.cgroup.devices.allow = c 10:229 rwm
## tun
lxc.cgroup.devices.allow = c 10:200 rwm
## full
lxc.cgroup.devices.allow = c 1:7 rwm
## hpet
lxc.cgroup.devices.allow = c 10:228 rwm
## kvm
lxc.cgroup.devices.allow = c 10:232 rwm
## To use loop devices, copy the following line to the container's
## configuration file (uncommented).
#lxc.cgroup.devices.allow = b 7:* rwm
# Blacklist some syscalls which are not safe in privileged
# containers
lxc.seccomp = /usr/share/lxc/config/common.seccomp
# dir:
lxc.rootfs = /images/lxc/test
# name:
lxc.utsname = test
# network
lxc.network.type = veth
lxc.network.link = lxcbr0
lxc.network.flags = up
lxc.network.name = eth0
lxc.network.hwaddr = 00:16:3e:02:02:01
More information about the lxc-users
mailing list