On Tue, Feb 18, 2020 at 1:22 PM Rich Freeman <ri...@gentoo.org> wrote:
> On Tue, Feb 18, 2020 at 2:06 PM Nikos Chantziaras <rea...@gmail.com> > wrote: > > > > It gets worse. The container reconfigured the keyboard shortcuts on the > > host! After booting a container, alt+Fn or alt+left/right on the host > > started switching to the linux text-mode console. I pressed alt+f2 to > > bring up the plasma search, I ended up on TTY2... ha ha. > > > > Remember how I said I'll use nspawn from now on? I take that back. Let's > > just say this thing is not even remotely production ready. > > Never had any issues with it, but I've never tried to use my host root > as the input filesystem. I suspect the issue is that this is giving > the container access to the host /dev, /sys and so on, and thus the > container isn't ending up being contained. Normally you don't go > mounting a host /dev inside a container image before launching it... > > -- > Rich > > @Nikos Chantziaras In case it helps you at all, here's an example nspawn configuration file that I've been using for quite a while. I have a skeleton filesystem tree in /var/lib/machines/multimedia-state that bind-mount read-writable stuff. Everything else is read-only bind-mounted from my root FS. I store things like samba configuration, and local state, there. For example, the container is a member of my samba4 domain controller. I use systemd-machined to launch this container at boot. mimir /etc/systemd/nspawn # cat multimedia.nspawn [Exec] PrivateUsers=false MachineID=131472ae68624b99b5ce0bf18194cda1 [Files] BindReadOnly=/bin/ BindReadOnly=/usr/ BindReadOnly=/var/ BindReadOnly=/lib/ BindReadOnly=/etc/ BindReadOnly=/sbin/ BindReadOnly=/lib64/ BindReadOnly=/var/lib/machines/multimedia-state/etc/fstab:/etc/fstab BindReadOnly=/var/lib/machines/multimedia-state/etc/hostname:/etc/hostname Bind=/var/lib/machines/multimedia-state/var/log/:/var/log/ Bind=/var/lib/machines/multimedia-state/var/lib/samba/:/var/lib/samba/ Bind=/var/lib/machines/multimedia-state/var/cache/samba/:/var/cache/samba/ Bind=/var/lib/machines/multimedia-state/etc/systemd/system/:/etc/systemd/system/ TemporaryFileSystem=/home/ TemporaryFileSystem=/var/tmp/ TemporaryFileSystem=/var/lib/machines/ Bind=/media/raid/multimedia/ [Network] MACVLAN=general
