On Fri, Mar 2, 2012 at 9:38 PM, Serge Hallyn <serge.hal...@canonical.com> wrote: > Quoting Ramez Hanna (rha...@informatiq.org): >> On Fri, Mar 2, 2012 at 4:21 PM, Serge Hallyn <serge.hal...@canonical.com> >> wrote: >> > Quoting Ramez Hanna (rha...@informatiq.org): >> >> hi, >> >> >> >> here is is how o got f16 to work >> >> * use the shipped fedora template to create the container >> >> * chroot into the container rootfs >> >> * touch /etc/fstab >> >> * ln -s /dev/null /etc/systemd/system/udev.service >> >> * unlink /etc/systemd/system/default.target >> >> * ln -s /lib/systemd/system/multi-user.taget >> >> /etc/systemd/system/default.target >> >> if you want to setup a getty >> >> * ln -s /lib/systemd/system/getty@.service >> >> /etc/systemd/system/getty.target.wants/getty@tty1.service >> >> * exit the chroot >> >> >> >> if you had installed sshd in the rootfs then ssh is ready you can just >> >> ssh in >> >> >> >> the problem i am facing right now is that i am unable to stop systemd >> >> from mounting /dev >> >> which leads to not possible to access the lxc-console because the >> >> container is using tty* from the host and not the ones created by lxc >> >> which also means that if you pick a higher tty (above the ones used by >> >> your host and allow it in the cgroup conf) then you can access your >> >> container's tty using the ctrl-alt-Fx keys >> >> >> >> any one wants to contribute or comment please do >> >> i will start working on the template now and soon send patches >> > >> > I've looked at that. It does it, unconditionally, during early startup >> > while setting up selinux. There is no way you can ask systemd not to >> > do it. >> > >> > I actually had an item in my todo list to ask you if you wanted to >> > write a patch to fix that (preferably allowing a systemd.nodevmount >> > or somesuch argument) and send it to the systemd list. >> > >> > Fortunately it doesn't check the return value, so until that patch gets >> > written and sent to systemd, my plan is to have apparmor refuse the >> > container's permission to mount /dev and /dev/pts. I should be able to >> > test that in the next few days. >> > >> > -serge >> >> what if the /dev is mounted in lxc.mount as a bind mount won't that >> deny systemd from mounting it! > > Hmm, what you literally said isn't true (it won't *deny* systemd > from mounting it if it wanted to), but what I think you meant, to > my surprise, is true :) > > src/mount-setup.c:mount_one() won't mount a filesystem if its > stat.st_dev != its parent dir's stat.st_dev. So yeah, mounting it from > lxc.mount should prevent that from happening. Excellent! That was the > only thing keeping me from pushing an updated fedora template that works > for f16. Your list however looks a lot shorter than mine, so better I > wait and try out yours. > > Looking forward to testing your new template! > > thanks, > -serge
i tried to do the following in /var/lib/lxc/$container/fstab i added a line /var/lib/lxc/$container/ddd /var/lib/lxc/$container/rootfs/dev ext4 defaults,bind 0 0 where ddd is a dir that has the /dev needed files (pts/, tty*, nul, etc...) started the container still /dev is mounted for devtmpfs did i do it wrong? -- BR RH http://informatiq.org ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
