Talk:Linux Containers

From ArchWiki
Revision as of 00:06, 17 June 2013 by Kolewu (talk | contribs) (systemd support)
Jump to: navigation, search

systemd support

LXC support for containers using systemd appears to be broken currently.

I found this thread to contain both solutions and caveats/issues relating to systemd in LXC.

First step appears to be to set a container=LXC (or some other short string) before invoking init in the container. Is there a mechanism to do this?
Because of doing the devtmpfs thing, the guest can immediately see things like removable drives coming and going and might, presumably, be able to mount them. Not thrilled with that from a security standpoint. Would also mean the guests could access things like my permanent forensic CDs that are in the CD drives. I guess that can be restricted in the config but still makes me a bit uncomfortable that the guest has complete visibility into the hosts dev system.

Another gotcha, albeit a much more minor one... When systemd drops into this mode, you no longer have vty consoles available so lxc-console won't work. That's actually on their page.

I remember seeing this:

If systemd detects it is run in a container it will spawn a single shell on /dev/console, and not care about VTs or multiple gettys on VTs
Forgot to include the entry I added to the config file to make it all workie...
   lxc.mount.entry=devtmpfs /srv/lxc/rootfs/dev devtmpfs defaults 0 0
Container seems to hang if lxc-start is run in disconnected mode (lxc-start -d -o {log}). Starts up fine with a console that's connected to pty's but not to a log it seems...

Takeshita kenji (talk) 04:26, 20 January 2013 (UTC)

The Gentoo Wiki page about LXC says to just go back to the systemd+sysvinit script setup:

   pacman -S systemd systemd-sysvcompat initscripts


Further steps are needed to set-up a working archlinux container in gentoo.

Takeshita kenji (talk) 04:29, 20 January 2013 (UTC)

One last note: systemd support is a topic under active discussion on the lxc-devel mailing list. This thread, for example.

Takeshita kenji (talk) 04:37, 20 January 2013 (UTC)

User:starfry 21:47, 27 March 2013 (UTC)

I have a fully operational implementation of LXC inside a container that runs systemd. I have started a sub-page off the LXC wiki page to record my notes Lxc-systemd. It has been a hard slog with lots of disussion with both the lxc and systemd folks but I have it working now. Let me know if I can provide any more information.

I'm not really sure, how to change this page since container creation and using is really flawless now.

Create a current container with additional software

# lxc-create -n containername -t archlinux -- -P vim,dhclient

Fix the console and shutdown.

If needed install more software packages from outside the container

# pacman -r /var/lib/lxc/${CONTAINER}/rootfs -S pkg01,pkg02,...

So I think most of the information on this page is not needed any more.

--Kolewu (talk) 00:06, 17 June 2013 (UTC)