[systemd-devel] Unable to run systemd in an LXC / cgroup container.
Lennart Poettering
lennart at poettering.net
Mon Oct 22 13:50:19 PDT 2012
On Mon, 22.10.12 11:48, Michael H. Warfield (mhw at WittsEnd.com) wrote:
> > > To summarize the problem... The LXC startup binary sets up various
> > > things for /dev and /dev/pts for the container to run properly and this
> > > works perfectly fine for SystemV start-up scripts and/or Upstart.
> > > Unfortunately, systemd has mounts of devtmpfs on /dev and devpts
> > > on /dev/pts which then break things horribly. This is because the
> > > kernel currently lacks namespaces for devices and won't for some time to
> > > come (in design). When devtmpfs gets mounted over top of /dev in the
> > > container, it then hijacks the hosts console tty and several other
> > > devices which had been set up through bind mounts by LXC and should have
> > > been LEFT ALONE.
>
> > Please initialize a minimal tmpfs on /dev. systemd will then work fine.
>
> My containers have a reasonable /dev that work with Upstart just fine
> but they are not on tmpfs. Is mounting tmpfs on /dev and recreating
> that minimal /dev required?
Well, it can be any kind of mount really. Just needs to be a mount. And
the idea is to use tmpfs for this.
What /dev are you currently using? It's probably not a good idea to
reuse the hosts' /dev, since it contains so many device nodes that
should not be accessible/visible to the container.
> > systemd will make use of pre-existing mounts if they exist, and only
> > mount something new if they don't exist.
>
> So you're saying that, if we have something mounted on /dev, that's what
> prevents systemd from mounting devtmpfs on /dev?
Yes.
> But, I have systemd running on my host system (F17) and containers with
> sysvinit or upstart inits are all starting just fine. That sounds like
> it should impact all containers as pivot_root() is issued before systemd
> in the container is started. Or am I missing something here? That
> sounds like a problem for Serge and others to investigate further. I'll
> see about trying that workaround though.
The "shared" issue is F18, and it's about running LXC on a systemd
system, not about running systemd inside of LXC.
Lennart
--
Lennart Poettering - Red Hat, Inc.
More information about the systemd-devel
mailing list