separate section for problems/solutio --- https://www.pld-linux.org/docs/lxc?rev=1385302413 +++ https://www.pld-linux.org/docs/lxc @@ -22,8 +22,9 @@ ===== Guest creation ===== Build the guest container. + ==== Bare minimum, no template ==== <file bash> # lxc-create -n test @@ -60,23 +61,32 @@ </file> !!! WARNING: pld template for LXC is yet to be written !!! - ===== Vserver comparision ===== + ===== Common problems / Useful tricks ===== - When in Vserver, guest processes are not visible in host, then in LXC all guest processes are visible. Beware when running ''killall(1)'' commands on host. + ==== loginuid ==== - Also, unfortunately ''/proc/PID/root'' points to ''/'' for LXC guests as well, so ''rc-scripts'' ''filter_chroot()'' can't differentiate between host and guest processes. + ''pam_loginuid.so'' does not allow ''sshd'' to login - Also, ''dmesg(1)'' in guest sees hosts' dmesg by default, you can turn this off by setting ''kernel.dmesg_restrict=1'' sysctl param, available since ''2.6.37'' kernel. + <file> + Nov 24 16:02:10 test sshd[2694]: error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session + </file> - ''pam_loginuid.so'' does not allow ''sshd'' to login. similar problem as [[http://kb.parallels.com/en/112597|here]]. - Workaround: - Disable "pam_loginuid.so" in the authentication rules: + Similar problem as [[http://kb.parallels.com/en/112597|here]], to workaround, disable ''pam_loginuid.so'' in the authentication rules: <file> # sed '/pam_loginuid.so/s/^/#/g' -i /etc/pam.d/* </file> + + ===== Vserver comparision ===== + + When in Vserver, guest processes are not visible in host, then in LXC all guest processes are visible. Beware when running ''killall(1)'' commands on host. + + Also, unfortunately ''/proc/PID/root'' points to ''/'' for LXC guests as well, so ''rc-scripts'' ''filter_chroot()'' can't differentiate between host and guest processes. + + Also, ''dmesg(1)'' in guest sees hosts' dmesg by default, you can turn this off by setting ''kernel.dmesg_restrict=1'' sysctl param, available since ''2.6.37'' kernel. + **Commands:** ^ Vserver ^ LXC ^ Notes ^ | vserver test enter | lxc-attach -n test -e | Use ''-e'' option with care, especially when restarting processes |
Diff URL: https://www.pld-linux.org/docs/lxc?do=diff&r1=1385302413&r2=1385302629 -- This mail was generated by DokuWiki at https://www.pld-linux.org/ _______________________________________________ pld-cvs-commit mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
