On Wed, Feb 05, 2014 at 11:44:33PM +0100, Richard Weinberger wrote: > Hi! > > We're heavily using Linux containers in our production environment. > As modern Linux distributions move forward to systemd have to make sure that > systemd works within our containers. > > Sadly we're facing issues with cgroups. > Our testbed consists of openSUSE 13.1 with Linux 3.13.1 and libvirt 1.2.1. > > In a plain setup systemd stops immediately because it is unable to > create the cgroup hierarchy. > Mostly because the container uid 0 is in a user namespace and has no > rights to do that.
FYI I have succesfully run Fedora 19 with systemd inside a container with libvirt LXC, however, I did *not* enable user namespaces. Every time I try user namespaces I find some other bug in either the kernel or libvirt, so I wouldn't be surprised if yet more breakage has occurred in user namepsaces :-( > Next try, fool systemd by mounting a tmpfs to /sys/fs/cgroup/systemd/. > This seems to work. openSUSE boots, I can start/stop services... > Shutdown hangs forever, had no time to investigate so far. > > But is this tmpfs hack the correct way to run systemd in a container? > I really don't think so. Yeah that really shouldnt' be needed. When libvirt runs a container it creates a cgroup just for that container to run in, and systemd should be able to create its hierarchy under that location. That said, I wonder if libvirt is perhaps forgetting to chown() the cgroup to the UID/GID you've mapped for the root user. That would certainly prevent systemd using it and could cause the sort of pain you see. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel