[systemd-devel] I want to run systemd inside of a locked down base docker container

Ranjib Dey dey.ranjib at gmail.com
Wed Feb 10 19:22:49 CET 2016


Docker(ls -alh)

crw-------  1 root root 136,   9 Feb 10 18:20 console
lrwxrwxrwx  1 root root       13 Feb 10 18:20 fd -> /proc/self/fd
crw-rw-rw-  1 root root   1,   7 Feb 10 18:20 full
c---------  1 root root  10, 229 Feb 10 18:20 fuse
lrwxrwxrwx  1 root root       11 Feb 10 18:20 kcore -> /proc/kcore
drwxrwxrwt  2 root root       40 Oct 30 08:01 mqueue
crw-rw-rw-  1 root root   1,   3 Feb 10 18:20 null
lrwxrwxrwx  1 root root        8 Feb 10 18:20 ptmx -> pts/ptmx
drwxr-xr-x  2 root root        0 Feb 10 18:20 pts
crw-rw-rw-  1 root root   1,   8 Feb 10 18:20 random
drwxrwxrwt  2 root root       40 Feb 10 18:20 shm
lrwxrwxrwx  1 root root       15 Feb 10 18:20 stderr -> /proc/self/fd/2
lrwxrwxrwx  1 root root       15 Feb 10 18:20 stdin -> /proc/self/fd/0
lrwxrwxrwx  1 root root       15 Feb 10 18:20 stdout -> /proc/self/fd/1
crw-rw-rw-  1 root root   5,   0 Feb 10 18:20 tty
crw-rw-rw-  1 root root   1,   9 Feb 10 18:20 urandom
crw-rw-rw-  1 root root   1,   5 Feb 10 18:20 zero

LXC (ls -alh /dev)
crw-rw----  1 root   tty     136, 18 Feb 10 07:15 console
lrwxrwxrwx  1 root   root         11 Feb 10 07:15 core -> /proc/kcore
lrwxrwxrwx  1 root   root         13 Feb 10 07:15 fd -> /proc/self/fd
crw-rw-rw-  1 nobody nogroup   1,  7 Feb  9 08:32 full
srw-rw-rw-  1 root   root          0 Feb 10 07:15 log
drwxrwxrwt  2 nobody nogroup      40 Feb 10 07:15 mqueue
drwxr-xr-x  2 root   root         40 Feb 10 07:15 net
crw-rw-rw-  1 nobody nogroup   1,  3 Feb  9 08:32 null
lrwxrwxrwx  1 root   root         13 Feb 10 07:15 ptmx -> /dev/pts/ptmx
drwxr-xr-x  2 nobody nogroup       0 Feb 10 07:15 pts
lrwxrwxrwx  1 root   root          4 Feb 10 07:15 ram -> ram1
crw-rw-rw-  1 nobody nogroup   1,  8 Feb  9 08:32 random
lrwxrwxrwx  1 root   root          8 Feb 10 07:15 shm -> /run/shm
lrwxrwxrwx  1 root   root          4 Feb 10 07:15 stderr -> fd/2
lrwxrwxrwx  1 root   root          4 Feb 10 07:15 stdin -> fd/0
lrwxrwxrwx  1 root   root          4 Feb 10 07:15 stdout -> fd/1
crw-rw-rw-  1 nobody nogroup   5,  0 Feb 10 18:17 tty
crw-rw----  1 root   tty     136,  0 Feb 10 07:15 tty1
crw-rw----  1 root   tty     136,  1 Feb 10 07:15 tty2
crw-rw----  1 root   tty     136,  2 Feb 10 07:15 tty3
crw-rw----  1 root   tty     136,  3 Feb 10 07:15 tty4
drwxr-xr-x  3 root   root         60 Feb 10 07:15 .udev
crw-rw-rw-  1 nobody nogroup   1,  9 Feb  9 08:32 urandom
crw-rw-rw-  1 nobody nogroup   1,  5 Feb  9 08:32 zero


On Wed, Feb 10, 2016 at 10:15 AM, Lennart Poettering <lennart at poettering.net
> wrote:

> On Wed, 10.02.16 11:39, Daniel J Walsh (dwalsh at redhat.com) wrote:
>
> > /sys as readonly
> > /tmp and /run on tmpfs.
> > /etc/machine-id created to match containerid.
> > /var/log/journald/UUID mounted from the host so that journalctl -M UUID
> > will work.
>
> Out of curiosity: what does /dev/ look like inside the container?
>
> Lennart
>
> --
> Lennart Poettering, Red Hat
> _______________________________________________
> systemd-devel mailing list
> systemd-devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/systemd-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20160210/64b97a69/attachment-0001.html>


More information about the systemd-devel mailing list