Quoting Ramez Hanna (rha...@informatiq.org): > On Fri, Mar 2, 2012 at 4:21 PM, Serge Hallyn <serge.hal...@canonical.com> > wrote: > > Quoting Ramez Hanna (rha...@informatiq.org): > >> hi, > >> > >> here is is how o got f16 to work > >> * use the shipped fedora template to create the container > >> * chroot into the container rootfs > >> * touch /etc/fstab > >> * ln -s /dev/null /etc/systemd/system/udev.service > >> * unlink /etc/systemd/system/default.target > >> * ln -s /lib/systemd/system/multi-user.taget > >> /etc/systemd/system/default.target > >> if you want to setup a getty > >> * ln -s /lib/systemd/system/getty@.service > >> /etc/systemd/system/getty.target.wants/getty@tty1.service > >> * exit the chroot > >> > >> if you had installed sshd in the rootfs then ssh is ready you can just ssh > >> in > >> > >> the problem i am facing right now is that i am unable to stop systemd > >> from mounting /dev > >> which leads to not possible to access the lxc-console because the > >> container is using tty* from the host and not the ones created by lxc > >> which also means that if you pick a higher tty (above the ones used by > >> your host and allow it in the cgroup conf) then you can access your > >> container's tty using the ctrl-alt-Fx keys > >> > >> any one wants to contribute or comment please do > >> i will start working on the template now and soon send patches > > > > I've looked at that. It does it, unconditionally, during early startup > > while setting up selinux. There is no way you can ask systemd not to > > do it. > > > > I actually had an item in my todo list to ask you if you wanted to > > write a patch to fix that (preferably allowing a systemd.nodevmount > > or somesuch argument) and send it to the systemd list. > > > > Fortunately it doesn't check the return value, so until that patch gets > > written and sent to systemd, my plan is to have apparmor refuse the > > container's permission to mount /dev and /dev/pts. I should be able to > > test that in the next few days. > > > > -serge > > what if the /dev is mounted in lxc.mount as a bind mount won't that > deny systemd from mounting it!
Hmm, what you literally said isn't true (it won't *deny* systemd from mounting it if it wanted to), but what I think you meant, to my surprise, is true :) src/mount-setup.c:mount_one() won't mount a filesystem if its stat.st_dev != its parent dir's stat.st_dev. So yeah, mounting it from lxc.mount should prevent that from happening. Excellent! That was the only thing keeping me from pushing an updated fedora template that works for f16. Your list however looks a lot shorter than mine, so better I wait and try out yours. Looking forward to testing your new template! thanks, -serge ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
