Talk:Linux Containers

From ArchWiki
Revision as of 04:26, 20 January 2013 by Takeshita kenji (talk | contribs) (Added some notes about systemd in LXC.)
Jump to: navigation, search

systemd support

LXC support for containers using systemd appears to be broken currently.

I found this thread to contain both solutions and caveats/issues relating to systemd in LXC.

First step appears to be to set a container=LXC (or some other short string) before invoking init in the container. Is there a mechanism to do this?
Because of doing the devtmpfs thing, the guest can immediately see things like removable drives coming and going and might, presumably, be able to mount them. Not thrilled with that from a security standpoint. Would also mean the guests could access things like my permanent forensic CDs that are in the CD drives. I guess that can be restricted in the config but still makes me a bit uncomfortable that the guest has complete visibility into the hosts dev system.

Another gotcha, albeit a much more minor one... When systemd drops into this mode, you no longer have vty consoles available so lxc-console won't work. That's actually on their page.

I remember seeing this:

If systemd detects it is run in a container it will spawn a single shell on /dev/console, and not care about VTs or multiple gettys on VTs
Forgot to include the entry I added to the config file to make it all workie...
   lxc.mount.entry=devtmpfs /srv/lxc/rootfs/dev devtmpfs defaults 0 0
Container seems to hang if lxc-start is run in disconnected mode (lxc-start -d -o {log}). Starts up fine with a console that's connected to pty's but not to a log it seems...

Takeshita kenji (talk) 04:26, 20 January 2013 (UTC)