Jan Olszak
2014-Jan-20 08:49 UTC
[libvirt-users] LXC configuration for Systemd in the user namespace.
Hi there! Does anyone have a config file for libvirt-LXC, that makes it possible to: 1. Use all namespaces (user namespace in particular) 2. Run systemd inside a container. Thanks! Jan
Gao feng
2014-Jan-23 09:32 UTC
Re: [libvirt-users] LXC configuration for Systemd in the user namespace.
On 01/20/2014 04:49 PM, Jan Olszak wrote:> Hi there! > > Does anyone have a config file for libvirt-LXC, that makes it possible to: > > 1. Use all namespaces (user namespace in particular) >This is always supported by libvirt lxc.> 2. Run systemd inside a container. >I guess systemd need to be changed if it want to run under user namespace. I'm glad to see you do a test and report us some errors. When I have time, I will look into this too. Thanks!
Daniel P. Berrange
2014-Jan-23 10:30 UTC
Re: [libvirt-users] LXC configuration for Systemd in the user namespace.
On Thu, Jan 23, 2014 at 05:32:20PM +0800, Gao feng wrote:> On 01/20/2014 04:49 PM, Jan Olszak wrote: > > Hi there! > > > > Does anyone have a config file for libvirt-LXC, that makes it possible to: > > > > 1. Use all namespaces (user namespace in particular) > > > > This is always supported by libvirt lxc. > > > 2. Run systemd inside a container. > > > > I guess systemd need to be changed if it want to run under > user namespace. > > I'm glad to see you do a test and report us some errors. > > When I have time, I will look into this too.FYI I have succesfully run systemd in libvirt LXC with all namespaces except for the user namespace. https://www.berrange.com/posts/2013/08/12/running-a-full-fedora-os-inside-a-libvirt-lxc-guest/ I have not tried to use user namespaces yet, but I wouldn't anticipate any problems. The key tasks is that after running the 'yum' command to populate the chroot with an install of the OS, you need to have a script that changes all the user / group IDs. eg in the libvirt XML you're going to setup a UID/GID mapping so that uid 0 in the container maps to say uid 500 in the host, and so on for any other uids. You need to setup your chroot files to have this matching ownership. At some point we need to create the 'virt-bootstrap' command I mention in that blog post todo this uid mapping automatically with user namespaces. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|