[systemd-devel] systemd-nspawn: starting multiple shells
Lennart Poettering
lennart at poettering.net
Mon Jul 2 16:34:25 UTC 2018
On Mo, 02.07.18 17:25, Nikolaus Rath (Nikolaus at rath.org) wrote:
> On Jul 02 2018, Lennart Poettering <lennart at poettering.net> wrote:
> >> Still not quite working, now there seems to be a problem with
> >> /proc/self/fd in the new shell:
> >>
> >> $ sudo systemd-nspawn -M $MACHINE \
> >> --private-users=1379532800:65536 --private-network \
> >> --as-pid2
> [...]
> >>
> >> What's happening here?
> >
> > the stdin/stdout/stderr fds of the nsenter process reference pipes
> > that belong to the host side, and the kernel doesn't allow them to be
> > reopened if user namespacing is used, for security reasons.
> >
> > "systemd-run -M $MACHINE -t /bin/sh" should generally be the better
> > choice than "nsenter",
>
> Yeah, but:
>
> $ sudo systemd-run -M iofabric -t /bin/sh
> [sudo] password for nikratio:
> Failed to create bus connection: No such file or directory
>
> Does this maybe require a systemd instance running in the container?
Yes, "systemd-run" talks to a systemd instance to create a service
on-the-fly.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list