Thanks for the response. I disable selinux and a apparmor routinely. My containers are just a way to separate applications, there are no users accessing them, nothing bad can happen. So basically you are saying that there is no way to run Centos 7 under an Ubuntu host. Pretty amazing, if I may say. I think somebody dropped the ball.
On Fri, Feb 6, 2015 at 4:30 AM, Fajar A. Nugraha <[email protected]> wrote: > On Fri, Feb 6, 2015 at 3:25 AM, CDR <[email protected]> wrote: > > In Ubuntu 14.04 fully updated and lxc latest.1.1, a container with > Centos 7 > > never allows connection via lxc-console. It stays as below. > > If you start the container with -F, you can see how it boots and indeed > you > > can log in via the console. > > > > lxc-console -n centos7 > > > > Connected to tty 1 > > Type <Ctrl+a q> to exit the console, <Ctrl+a Ctrl+a> to enter Ctrl+a > itself > > > > Is there possible workaround? > > Probably not. > > Thanks to systemd, the only way you could start a c7 container under > ubuntu should be if you use > > lxc.aa_profile = unconfined > lxc.mount.auto = > lxc.cap.drop = > > (or don't specify the last two lines while using your own config file, > not using centos.common.conf). That would pretty much mean the > container could access everything on the host, and my simple test of > running "agetty tty1" inside the container pretty much screwed the > host. > > If you exclusively need c7, it would probably easier to just use a c7 > host as well, and use their "supported" method (i.e. docker). That way > you'd at least get selinux protection on the container as well, which > should prevent it from doing "bad stuff" to the host. Plus you don't > have to deal with the mess that is systemd (since they remove it and > replace with fakesystemd). You won't be able to get a login prompt > either, but at least it's a "safer" and supported way to run c7 inside > a container. > > -- > Fajar > _______________________________________________ > lxc-users mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-users
_______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
