[Pkg-sysvinit-devel] Bug#706676: sysvinit: /sbin/init doesn't support LXC gracefull shutdown via lxc-shutdown

[Pallai Roland]

The problem is lxc has to watch the jail's utmp file to guess when it
wants to halt, because Linux kernels before version 3.4 does not
provide any function to reboot or halt a container from inside. It has
leaded to a dirty hack in lxc-utils that failed now.

First problem is the overlaid /run; the Wheezy initscript mounts a
tmpfs in /run and (re)creates utmp file there but lxc-utils won't
notice it. This could be fixed several ways:
1. do not give permission for the container to mount file systems,
drop sys_admin capability
2. mount tmpfs in /run from the container's lxc config before the
container mounts it

Second problem is the absolute symlink in /var/run; lxc-utils does not
expect absolute symlink there so it will watch the host's utmp file
for changes that pretty useless. You cannot replace this absolute link
in a Wheezy container, the initscript will restore that on next boot.
A trivial solution to patch lxc-utils to prefer /run over /var/run for
utmp watching, see my attachment.

Yes, my patch just an another hack, but not worth much effort to
properly fix it, because the next Debian-stable will get rid of this
utmp-hack as the kernel will support reboot() in process namespaces..
-------------- next part --------------
A non-text attachment was scrubbed...
Name: prefer_run_for_utmp_watching.diff
Type: application/octet-stream
Size: 683 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-sysvinit-devel/attachments/20130616/6011c618/attachment.obj>