On Wed, Mar 13, 2013 at 11:38 AM, John Lane <[email protected]> wrote: > Good morning, I am trying to get LXC guests working with systemd. I am at > the point where I can start a container but it is affecting the host. I've > been discussing over on lxc-users and it's been suggested that systemd may > be incorrectly mounting devpts without the "newinstance" option. I > understand that the devpts mounts should have a "newinstance" option on them > to avoid the guest mounting the host's devices. > > My mounts inside the container are listed below. I am not sure whether these > are effected by lxc or systemd. I have configured lxc to use its "autodev" > option. > > none on /dev type tmpfs (rw,relatime,size=100k) > devpts on /dev/console type devpts (rw,relatime,gid=5,mode=620,ptmxmode=000) > devpts on /dev/tty1 type devpts (rw,relatime,gid=5,mode=620,ptmxmode=000) > proc on /proc type proc (rw,nosuid,nodev,noexec,relatime) > sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime) > tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev) > devpts on /dev/pts type devpts > (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000) > tmpfs on /run type tmpfs (rw,nosuid,nodev,mode=755) > tmpfs on /sys/fs/cgroup type tmpfs (rw,nosuid,nodev,noexec,mode=755) > cgroup on /sys/fs/cgroup/systemd type cgroup > (rw,nosuid,nodev,noexec,relatime,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd) > debugfs on /sys/kernel/debug type debugfs (rw,relatime) > hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime) > mqueue on /dev/mqueue type mqueue (rw,relatime) > configfs on /sys/kernel/config type configfs (rw,relatime) > tmpfs on /tmp type tmpfs (rw) > > I have spent some time searching documentation and google but found nothing > to help me understand how this is working and what I should do. I'd > appreciate some pointers to help me get an lxc guest up and running with > systemd.
On the host, "newinstance" is not strictly needed, it is useful inside the container though. Stuff in /dev should not be made visible inside the container so the host setting should not matter much to the container; and as soon as the container uses "newinstance" both should be separated. To use "newinstance" in the host, the kernel needs to be changed, we cannot/don't want to play dirty games in the host and delete a kernel-created /dev/ptmx and replace it with a symlink to /dev/pts/, that should all be done inside the kernel. See some more details here: https://bugzilla.redhat.com/show_bug.cgi?id=501718#c13 Kay _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
