[systemd-devel] Calculating Web page loads accurately with systemd-nspawn's network-veth Xorg
Hi there, I've managed to get Firefox running like so: sudo systemd-nspawn --setenv=DISPLAY=:0 \ --setenv=XAUTHORITY=~/.Xauthority \ --bind-ro=$HOME/.Xauthority:/root/.Xauthority \ -D ~/containers/firefox \ firefox However I want to have network isolation so I can calculate Web page loads accurately. When I use --network-veth switch I get: Error: Can't open display: :0 type errors. I assume it's because Xorg can't network to my local host's Xorg server. Any tips how to manage this mapping? I need network isolation going for accurate measurements from $(grep firefox /proc/net/dev), with hopefully _no Xorg traffic_ shown. :} Many thanks, ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Calculating Web page loads accurately with systemd-nspawn's network-veth Xorg
On 08/23/2015 07:17 AM, Kai Hendry wrote: On Sun, 23 Aug 2015, at 10:05 PM, Mantas Mikulėnas wrote: Try adding --bind=/tmp/.X11-unix, for the named X11 sockets. Ah! Thank you Mantas. I logged this tip on http://dabase.com/e/12009/ Note that this allows the containerized app to punch through the container and into the X server. -- Rudd-O http://rudd-o.com/ signature.asc Description: OpenPGP digital signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] SElinux in container
Unfortunately, SELinux is not namespace/whatever aware and such a setup is not possible. Unless I suddenly became wrong in this area. W dniu 23.08.2015 o 14:10, arnaud gaboury pisze: Here is my setup: Host: Archlinux systemd 224-1 Container: Fedora 22 systemd 219 The container is a server and has vocation to be one day deployed on a dediacted server for production. In this way, I would like to set SElinux (default in Fedora). Unfortunately, doing it in Arch host is not a trivial affair and as host is a desktop, I would like to avoid. For now, SElinux is enabled in the Kernel with disables at boot with selinux=0. Is there any way to enable and configure SElinux only in the container? Looking at capabilities(7) did not give me any hints. As a side note, CAP_SYS_MODULE does not work for container. I guess it is due to systemd 219 on the container ? Thank you. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Calculating Web page loads accurately with systemd-nspawn's network-veth Xorg
On Sun, Aug 23, 2015 at 4:58 PM, Kai Hendry hen...@webconverger.com wrote: Hi there, I've managed to get Firefox running like so: sudo systemd-nspawn --setenv=DISPLAY=:0 \ --setenv=XAUTHORITY=~/.Xauthority \ --bind-ro=$HOME/.Xauthority:/root/.Xauthority \ -D ~/containers/firefox \ firefox However I want to have network isolation so I can calculate Web page loads accurately. When I use --network-veth switch I get: Error: Can't open display: :0 type errors. I assume it's because Xorg can't network to my local host's Xorg server. Any tips how to manage this mapping? I need network isolation going for accurate measurements from $(grep firefox /proc/net/dev), with hopefully _no Xorg traffic_ shown. :} Try adding --bind=/tmp/.X11-unix, for the named X11 sockets. -- Mantas Mikulėnas graw...@gmail.com ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Calculating Web page loads accurately with systemd-nspawn's network-veth Xorg
On Sun, 23 Aug 2015, at 10:05 PM, Mantas Mikulėnas wrote: Try adding --bind=/tmp/.X11-unix, for the named X11 sockets. Ah! Thank you Mantas. I logged this tip on http://dabase.com/e/12009/ ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] SElinux in container
Here is my setup: Host: Archlinux systemd 224-1 Container: Fedora 22 systemd 219 The container is a server and has vocation to be one day deployed on a dediacted server for production. In this way, I would like to set SElinux (default in Fedora). Unfortunately, doing it in Arch host is not a trivial affair and as host is a desktop, I would like to avoid. For now, SElinux is enabled in the Kernel with disables at boot with selinux=0. Is there any way to enable and configure SElinux only in the container? Looking at capabilities(7) did not give me any hints. As a side note, CAP_SYS_MODULE does not work for container. I guess it is due to systemd 219 on the container ? Thank you. -- google.com/+arnaudgabourygabx ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
