Bug#768827: systemd: issues with systemd in a lxc container

Cameron Norman camerontnorman at gmail.com
Fri Dec 12 06:26:29 GMT 2014


Hello Michael,

On Sun, 09 Nov 2014 16:22:36 +0100 Michael Biebl <biebl at debian.org> 
wrote:
 > Control: retitle -1 issues with systemd in a lxc container
 >
 > Am 09.11.2014 um 16:11 schrieb Ritesh Raj Sarraf:
 > > If I switch the init sysvinit-core in the LXC container, then the
 > > problem goes away. Therefore I've come to the conclusion that the 
bug
 > > lies with systemd.
 >
 > I don't think the lxc maintainers currently support systemd in a
 > container [1].
 > Afair, this is something which needs to be addressed in lxc, though, 
and
 > not not systemd. That said, if there is something we can do in the
 > systemd package, to make it work (better) in lxc, please let us know.

There are a few things. Linking sigpwr.target to halt.target would make 
lxc-stop work *cleanly* OOTB. Also the patch to getty at .service shown 
here would help: 
https://wiki.archlinux.org/index.php/Linux_Containers#lxc-console_does_not_provide_a_login_prompt

The big one would be to pop up a prompt on first install of 
systemd-sysv while in an lxc container (similar to the /etc/inittab 
checking and associated message that is planned I think) telling the 
user that the host's version of LXC must be 0.8 or greater (available 
in squeeze-backports and wheezy), and the configuration for the 
container (a file on the host) needs to contain the lines `lxc.kmsg = 
0` and `lxc.autodev = 1`.

That last one is difficult because the host may not support those 
options (older than 0.8 LXC version), we can not adjust them ourselves 
from inside the container, and the container becomes unbootable if they 
are not set correctly (I think journald uses 100% CPU if lxc.kmsg is 1 
instead of 0).

Also apparently udev should not run in containers. Do you think we 
should have something with ConditionVirtualization!=container or 
whatever in the udev service file?

The lxc debian template tries to do all of this (including masking 
udev.service and systemd-udev.service), but it can only act on newly 
created containers so upgraded ones are left high and dry.

Cheers,
--
Cameron
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-systemd-maintainers/attachments/20141211/9d45a387/attachment-0001.html>


More information about the Pkg-systemd-maintainers mailing list