On Fri, Jun 15, 2012 at 5:50 PM, Fajar A. Nugraha <l...@fajar.net> wrote:
> On Fri, Jun 15, 2012 at 7:26 PM, John Maclean <jaye...@gmail.com> wrote:
> > Hello all,
> >
> > I have built lxc from the git hub repo and have been able to create
> > containers using the stock templates for fedora. However, whenever I
> > start a container it always locks the hosts, X session.
> >
> > a - How can i diagnose this?
> > b - How can i prevent this?
>
> The easy way would be just to use ubuntu precise for your host. Seriously
> :)
>
> The hard way, I think your guest is accessing your hosts's tty. You
> can probably prevent that by something like this on your guests'
> config file:
>
> #==========
> lxc.cgroup.devices.deny = a
> # Allow any mknod (but not using the node)
> lxc.cgroup.devices.allow = c *:* m
> lxc.cgroup.devices.allow = b *:* m
> # /dev/null and zero
> lxc.cgroup.devices.allow = c 1:3 rwm
> lxc.cgroup.devices.allow = c 1:5 rwm
> # consoles
> lxc.cgroup.devices.allow = c 5:1 rwm
> lxc.cgroup.devices.allow = c 5:0 rwm
> #lxc.cgroup.devices.allow = c 4:0 rwm
> #lxc.cgroup.devices.allow = c 4:1 rwm
> # /dev/{,u}random
> lxc.cgroup.devices.allow = c 1:9 rwm
> lxc.cgroup.devices.allow = c 1:8 rwm
> lxc.cgroup.devices.allow = c 136:* rwm
> lxc.cgroup.devices.allow = c 5:2 rwm
> # rtc
> lxc.cgroup.devices.allow = c 254:0 rwm
> #fuse
> lxc.cgroup.devices.allow = c 10:229 rwm
> #tun
> lxc.cgroup.devices.allow = c 10:200 rwm
> #full
> lxc.cgroup.devices.allow = c 1:7 rwm
> #hpet
> lxc.cgroup.devices.allow = c 10:228 rwm
> #kvm
> lxc.cgroup.devices.allow = c 10:232 rwm
> #==================
>
> --
> Fajar
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Lxc-users mailing list
> Lxc-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-users
>
here is what i do
i always start the container form a terminalnot frommy x session
i also use the following script to start the container this fixes all
problem
====
# cat /home/rhanna/bin/lxc-start-fedora
#! /bin/bash
options=$(getopt -o n: -l name: -- "$@")
eval set -- "$options"
while true
do
case "$1" in
-n|--name) name=$2; shift 2;;
--) shift
break;;
*) break ;;
esac
done
if [ -z $name ]; then
echo "container name must be set, use -n|--name"
exit 1
fi
lxc-ls |grep $name >/dev/null 2>&1
if [ $? -ne 0 ]; then
echo "Container does not exist"
exit 1
fi
lxc-info -s -n$name|grep RUNNING >/dev/null 2>&1
if [ $? -eq 0 ]; then
echo "container already started"
exit 1
fi
mount |grep /tmp/lxc/$name > /dev/null 2>&1
if [ $? -eq 0 ]; then
umount /tmp/lxc/$name
fi
rm -rf /tmp/lxc/$name
mkdir -p /tmp/lxc/$name
mount none /tmp/lxc/$name -t tmpfs
rsync -a /var/lib/lxc/$name/rootfs/dev/ /tmp/lxc/$name
mount /tmp/lxc/$name /var/lib/lxc/$name/rootfs/dev/ -obind
lxc-start $* -n $name
=====
--
BR
RH
http://informatiq.org
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
