On Wed, 2013-04-03 at 23:03 +0100, John wrote: > On 02/04/13 23:59, Michael H. Warfield wrote: > > On Tue, 2013-04-02 at 16:02 +0100, John wrote: > >> If my understanding is correctl, to stop systemd trying to launch udev > >> and generally make a mess of everything inside a container, you need to > >> remove the mknod capability from the container. > > Ah... That's kind of old information and not really effective. > > > >> But what if I want > >> (need) to be able to use mknod inside a container, how can I do that > >> with a systemd container? > > 1) Get the latest lxc. lxc 0.8 might suffice for systemd in a container > > but not with systemd in the host and I wouldn't recommend it. 0.9.0 is > > being pulled and bundled now. It's not up yet but 0.9.0.rc1 is. > > > > 2) You'll have to add "lxc.autodev = 1" to your configuration file.
> I already do that. I am running "lxc version: 0.9.0.alpha3" That's strange. What stops systemd from mounting devtmpfs and firing up udev is having a tmpfs mounted on /dev. That's part of what autodev = 1 is doing. What distro is running in the container and what version of systemd? I've seen this with Fedora 16 but the latest systemd and Fedora 17 in the container are fine. > I found that, without the removal of mknod capability, everything went > crazy. I have working containers with systemd both on host and inside > the container (I even run my full desktop inside a container). To get a > systemd container working I found I needed three things: > lxc.autodev = 1 > lxc.cap.drop = mknod I'm not having to do that but I'm avoiding F15 and F16 because they don't seem to play nice and start reliably. F17 is doing well for me. > lxc.pts = 1024 > > It's alll working well except for the fact that I might need to allow a > container to have mknod capability. Are you saying that with 0.9.0 there > are changes that negate the requirement for "lxc.cap.drop = mknod"? The > way I understood it was that it was systemd that behaved differently > based on the availability of that capability... > > > > I have found that this works to get recent systemd containers (Fedora > > 17) to work but Fedora 15 and Fedora 16 (neither of which are supported > > any longer) work due to udev / systemd interaction. > > > > I would recommend waiting a couple of days until 0.9.0 is up and then > > pulling it down and building it. That's your best shot with systemd. > > > >> I have this container that is a builder of system images for other nodes > >> (containers and/or metal boxes). In order to correctly do this it needs > >> to execute mknod inside the image as it builds it. (note, device nodes > >> created doesn't need to be usable in the context of the image being > >> built - the builder just needs to be able to create it). > >> > >> I've been doing this for ages under sysvinit and it's been fine. I have > >> just migrated this builder container to systemd and hit this problem... > >> Is there another way to keep systemd in line other than removing the > >> mknod capability ? > >> > >> Thanks, > >> John > >> > >> > >> > >> ------------------------------------------------------------------------------ > >> Own the Future-Intel(R) Level Up Game Demo Contest 2013 > >> Rise to greatness in Intel's independent game demo contest. Compete > >> for recognition, cash, and the chance to get your game on Steam. > >> $5K grand prize plus 10 genre and skill prizes. Submit your demo > >> by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2 > >> _______________________________________________ > >> Lxc-users mailing list > >> Lxc-users@lists.sourceforge.net > >> https://lists.sourceforge.net/lists/listinfo/lxc-users > >> > > > ------------------------------------------------------------------------------ > Minimize network downtime and maximize team effectiveness. > Reduce network management and security costs.Learn how to hire > the most talented Cisco Certified professionals. Visit the > Employer Resources Portal > http://www.cisco.com/web/learning/employer_resources/index.html > _______________________________________________ > Lxc-users mailing list > Lxc-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/lxc-users > -- Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Minimize network downtime and maximize team effectiveness. Reduce network management and security costs.Learn how to hire the most talented Cisco Certified professionals. Visit the Employer Resources Portal http://www.cisco.com/web/learning/employer_resources/index.html
_______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users