On Thu, Feb 06, 2014 at 04:33:22PM +0100, Greg KH wrote: > On Thu, Feb 06, 2014 at 10:55:01AM +0000, Daniel P. Berrange wrote: > > On Wed, Feb 05, 2014 at 11:44:33PM +0100, Richard Weinberger wrote: > > > Hi! > > > > > > We're heavily using Linux containers in our production environment. > > > As modern Linux distributions move forward to systemd have to make sure > > > that > > > systemd works within our containers. > > > > > > Sadly we're facing issues with cgroups. > > > Our testbed consists of openSUSE 13.1 with Linux 3.13.1 and libvirt 1.2.1. > > > > > > In a plain setup systemd stops immediately because it is unable to > > > create the cgroup hierarchy. > > > Mostly because the container uid 0 is in a user namespace and has no > > > rights to do that. > > > > FYI I have succesfully run Fedora 19 with systemd inside a container > > with libvirt LXC, however, I did *not* enable user namespaces. Every > > time I try user namespaces I find some other bug in either the kernel > > or libvirt, so I wouldn't be surprised if yet more breakage has > > occurred in user namepsaces :-( > > Those bugs should now be fixed, if you don't enable the option, how are > we supposed to know what is left to be done? :)
I have in fact been building my own kernels for Fedora with user namespaces enabled to debug / test this and have reported all the bugs I found so far. Just saying that with the track record of bugs since the userns code first merged, I wouldn't be surprised if there were still more things to iron out as we try more real world apps like systemd. Regads, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
