Our actual templates are based on the lxc-sshd template example that comes with lxc-templates. There, basically all the lxc is is bind-mounts for necessary paths from the host, obviously read-only:
# grep mount.entry /usr/share/lxc/templates/lxc-sshd lxc.mount.entry = /dev dev none ro,bind 0 0 lxc.mount.entry = /lib lib none ro,bind 0 0 lxc.mount.entry = /bin bin none ro,bind 0 0 lxc.mount.entry = /usr usr none ro,bind 0 0 lxc.mount.entry = /sbin sbin none ro,bind 0 0 lxc.mount.entry = tmpfs run/sshd tmpfs mode=0644 0 0 lxc.mount.entry = /usr/share/lxc/templates/lxc-sshd $init_path none ro,bind 0 0 lxc.mount.entry = /etc/init.d etc/init.d none ro,bind 0 0 lxc.mount.entry = /etc/sysconfig/network-scripts etc/sysconfig/network-scripts none ro,bind 0 0 lxc.mount.entry = /etc/rc.d etc/rc.d none ro,bind 0 0 lxc.mount.entry = /lib64 lib64 none ro,bind 0 0 Perhaps bind-mounting /dev isn't needed anymore, though then I'd like to know why the example does that, and what the implications are of leaving the /dev entry out. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1699903 Title: lxc-sshd won't start with 2.0.8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1699903/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
