[systemd-devel] devpts inside Linux Container
Kay Sievers
kay at vrfy.org
Wed Mar 13 04:58:57 PDT 2013
On Wed, Mar 13, 2013 at 11:38 AM, John Lane <systemd at jelmail.com> wrote:
> Good morning, I am trying to get LXC guests working with systemd. I am at
> the point where I can start a container but it is affecting the host. I've
> been discussing over on lxc-users and it's been suggested that systemd may
> be incorrectly mounting devpts without the "newinstance" option. I
> understand that the devpts mounts should have a "newinstance" option on them
> to avoid the guest mounting the host's devices.
>
> My mounts inside the container are listed below. I am not sure whether these
> are effected by lxc or systemd. I have configured lxc to use its "autodev"
> option.
>
> none on /dev type tmpfs (rw,relatime,size=100k)
> devpts on /dev/console type devpts (rw,relatime,gid=5,mode=620,ptmxmode=000)
> devpts on /dev/tty1 type devpts (rw,relatime,gid=5,mode=620,ptmxmode=000)
> proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
> sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
> tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
> devpts on /dev/pts type devpts
> (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
> tmpfs on /run type tmpfs (rw,nosuid,nodev,mode=755)
> tmpfs on /sys/fs/cgroup type tmpfs (rw,nosuid,nodev,noexec,mode=755)
> cgroup on /sys/fs/cgroup/systemd type cgroup
> (rw,nosuid,nodev,noexec,relatime,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd)
> debugfs on /sys/kernel/debug type debugfs (rw,relatime)
> hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime)
> mqueue on /dev/mqueue type mqueue (rw,relatime)
> configfs on /sys/kernel/config type configfs (rw,relatime)
> tmpfs on /tmp type tmpfs (rw)
>
> I have spent some time searching documentation and google but found nothing
> to help me understand how this is working and what I should do. I'd
> appreciate some pointers to help me get an lxc guest up and running with
> systemd.
On the host, "newinstance" is not strictly needed, it is useful inside
the container though. Stuff in /dev should not be made visible inside
the container so the host setting should not matter much to the
container; and as soon as the container uses "newinstance" both should
be separated.
To use "newinstance" in the host, the kernel needs to be changed, we
cannot/don't want to play dirty games in the host and delete a
kernel-created /dev/ptmx and replace it with a symlink to /dev/pts/,
that should all be done inside the kernel.
See some more details here:
https://bugzilla.redhat.com/show_bug.cgi?id=501718#c13
Kay
More information about the systemd-devel
mailing list