Hi systemd,
I'm working with machinectl to control containers, thus using the systemd
service "/usr/lib/systemd/system/[email protected]".
Currently my ExecStart option is the following: "ExecStart=systemd-nspawn
--quiet --boot --network-bridge=br0 --read-only --volatile=yes
--notify-read
On Do, 17.10.24 11:48, Joel GUITTET ([email protected]) wrote:
> systemd-nspawn --quiet --boot --network-bridge=br0 --read-only
> --volatile=yes --notify-ready=yes --settings=override
> --slice=${SLICE} --machine=%i
You are using --volatile=yes. See the man page of what it does, you
Hello community,
I face a strange behavior of my containers running using systemd-nspawn : some
directories initially in the volume are not visible inside the container. It
seems this is always the qame "kind" of directories e.g. maybe they are
reserved for specific use ?
Example:
root@target
Hello,
Thanks for the tip, I've taken a more recent version of systemd-nspawn and
it now works.
I now have another question: I want to set up a signle process. I have a
problem on the network side, I want to launch my signle process by
connecting it to a bridge. In the .nspawn file, in the network
On Fr, 01.12.23 14:03, Warex61 YTB ([email protected]) wrote:
> Hello,
> I would like to use systemd-nspawn to create a container that can launch a
> single process as pid 1 and mount its configuration files. I want the
> container to be as light as possible. Is there any way of creating a
Hello,
I would like to use systemd-nspawn to create a container that can launch a
single process as pid 1 and mount its configuration files. I want the
container to be as light as possible. Is there any way of creating a
container using nspawn without using bootstrap ?
For example, using this comm
Each nspawn container that's managed via machinectl is run as an instance
of "[email protected]". Add a [Service] ExecStartPre= to the instance
you need, using `systemctl edit` or similar.
On Mon, Oct 2, 2023 at 1:37 AM Rob Ert wrote:
> Hello all,
>
> As I have not been able to find an ans
Hello all,
As I have not been able to find an answer to my question after consulting
man pages and google, I am turning to this mailing list.
I have a systemd-nspawn os container that I have set to automatically start
with machinectl enable.
I would like to automatically have a bcachefs snapshot
Hi,
not sure, wether it is appropiate to ask here, but in lack of a better
alternative, I'll give it a go.
I am trying to boot an alpine container (openrc), works as root. but
when changing to a user id, the bootup fails with getty error messages:
getty: console: TIOCSCTTY: Operation not pe
>>> Neal Gompa schrieb am 11.08.2022 um 09:22 in
Nachricht
:
> On Thu, Aug 11, 2022 at 3:15 AM Ulrich Windl
> wrote:
>>
>> >>> Lennart Poettering schrieb am 10.08.2022 um
22:09
>> in
>> Nachricht :
>> > On Mi, 10.08.22 10:13, Thomas Archambault ([email protected])
wrote:
>> >
>> >> Thank yo
On Thu, Aug 11, 2022 at 3:15 AM Ulrich Windl
wrote:
>
> >>> Lennart Poettering schrieb am 10.08.2022 um 22:09
> in
> Nachricht :
> > On Mi, 10.08.22 10:13, Thomas Archambault ([email protected]) wrote:
> >
> >> Thank you again Lennart, and thx Kevin.
> >>
> >> That makes total sense, and acc
>>> Lennart Poettering schrieb am 10.08.2022 um 22:09
in
Nachricht :
> On Mi, 10.08.22 10:13, Thomas Archambault ([email protected]) wrote:
>
>> Thank you again Lennart, and thx Kevin.
>>
>> That makes total sense, and accounts for the application's high level
>> start‑up delay which appears
> On 10 Aug 2022, at 21:10, Lennart Poettering wrote:
>
> On Mi, 10.08.22 10:13, Thomas Archambault ([email protected]) wrote:
>
>> Thank you again Lennart, and thx Kevin.
>>
>> That makes total sense, and accounts for the application's high level
>> start-up delay which appears to be
On Mi, 10.08.22 10:13, Thomas Archambault ([email protected]) wrote:
> Thank you again Lennart, and thx Kevin.
>
> That makes total sense, and accounts for the application's high level
> start-up delay which appears to be what we are stuck with if we are over
> xfs. Unfortunately, it's diffic
On Wed, Aug 10, 2022 at 11:16 AM Thomas Archambault
wrote:
>
> Thank you again Lennart, and thx Kevin.
>
> That makes total sense, and accounts for the application's high level
> start-up delay which appears to be what we are stuck with if we are over
> xfs. Unfortunately, it's difficult to dictat
Thank you again Lennart, and thx Kevin.
That makes total sense, and accounts for the application's high level
start-up delay which appears to be what we are stuck with if we are over
xfs. Unfortunately, it's difficult to dictate to the client to change
their fs type, consequently we can't deve
On Di, 09.08.22 12:40, Thomas Archambault ([email protected]) wrote:
> Thank you Lennart for the follow-up.
>
> There does appear to be mostly filesystem operations prior to my manually
> killing nspawn as you suggested. I only let it run about 3 minutes prior to
> sending a signal given that
On Tue, Aug 9, 2022 at 12:43 PM Thomas Archambault
wrote:
> One obvious issue is the non-zero return from an ioctl call with the
> BTRFS_IOC_SUBVOL_CREATE arg at line 410, in the snippet below from my
> RHEL9.0 strace capture; this is occurring right after the initial blast
> of debug log messages
Thank you Lennart for the follow-up.
There does appear to be mostly filesystem operations prior to my
manually killing nspawn as you suggested. I only let it run about 3
minutes prior to sending a signal given that the strace output = ~25M.
One obvious issue is the non-zero return from an ioc
On Do, 04.08.22 13:30, Thomas Archambault ([email protected]) wrote:
> Following up on xfs and reflinks, it appears they are enabled on my
> out-of-box RHEL9.0. Fwiw, this is a VBox VM however so if the FC34 system
> which works correctly, but is using btrfs.
>
> As always, appreciate any hel
@lists.freedesktop.org
Subject: [systemd-devel] systemd-nspawn container not starting on
RHEL9.0
Message-ID: <[email protected]>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Good day everyone on the dev list,
We are adding
On Mi, 03.08.22 15:40, Thomas Archambault ([email protected]) wrote:
> Good day everyone on the dev list,
> We are adding an analysis tool to our application that uses the host's
> rootfs as one of its inputs.
>
> As a proof of concept, we used systemd-nspawn on Fedora 34 to create an
> isola
Good day everyone on the dev list,
We are adding an analysis tool to our application that uses the host's
rootfs as one of its inputs.
As a proof of concept, we used systemd-nspawn on Fedora 34 to create an
isolated container environment using the host's rootfs as the
container's rootfs and t
On Fr, 04.06.21 14:53, [email protected] ([email protected])
wrote:
> Hi again,
>
> after some more debugging this EOVERFLOW seems to be the result of a call to
> may_o_create in fs/namei.c in the kernel.
> There is a check:
>
> if (!fsuidgid_has_mapping(dir->dentry->d_sb, mnt_user
Hi again,
after some more debugging this EOVERFLOW seems to be the result of a call to
may_o_create in fs/namei.c in the kernel.
There is a check:
if (!fsuidgid_has_mapping(dir->dentry->d_sb, mnt_userns))
return -EOVERFLOW;
This seems to be the one returning EOVERFLOW to nspawn and resu
Hi!
I was very pleased to see the "nspawn: add support for kernel 5.12 ID mapping
mounts #19438"-pull request and went right at it to try it out.
The following was tested on the current git head of systemd running on
archlinux.
What I try to achieve on a high level is kind of emulating bubblewr
On Fr, 29.05.20 00:31, Nuno Reis ([email protected]) wrote:
> > I've noticed that if I give the same CPUScheduling options to the
> > 'systemd-nspawn@'.service service on the Fedora 32 hosting
> > system I don't have the following error anymore in the container:
> > Failed at step SETSCHEDULER spaw
Hi guys.
I'm new to this mailling list so I hope this is a good place to ask this
type of stuff.
I'm trying to have a nspawn container to run freeswitch with some realtime
settings set at service level and I'm facing some permission issues as I
explain bellow. When trying to search for related is
I made some progress... I modified the script to start the container like this:
exec ${CARCH:+setarch "$CARCH"} systemd-nspawn -q \
-D "$working_dir" \
-E "PATH=/usr/local/sbin:/usr/local/bin:/usr/bin" \
--register=yes --as-pid2 --machine=test \
"${mount_args[@]}" \
"$@"
Now when the scr
Thank you for the reply. I believe the container is being invoked from
a user session. I am unclear how to set the containername. The Arch
tools are invoking systemd-nspawn like this:
exec ${CARCH:+setarch "$CARCH"} systemd-nspawn -q \
-D "$working_dir" \
-E "PATH=/usr/local/sbin:/usr/local/bi
On Fr, 15.11.19 17:17, John ([email protected]) wrote:
> The container is created by one of the Arch Linux build scripts
> (https://git.archlinux.org/devtools.git/tree/arch-nspawn.in). I do
> not believe it runs with its own systemd/dbus. When I am compiling
> (https://git.archlinux.org/devto
On Wed, Nov 13, 2019 at 7:03 PM Uoti Urpala wrote:
>
> On Wed, 2019-11-13 at 10:24 -0500, John wrote:
> > I am using systemd-nspawn to compile in a clean environment. My
> > distcc cluster happily accepts requests from the container's build,
> > but the monitoring utility, distccmon-text, shows n
On Wed, 2019-11-13 at 10:24 -0500, John wrote:
> I am using systemd-nspawn to compile in a clean environment. My
> distcc cluster happily accepts requests from the container's build,
> but the monitoring utility, distccmon-text, shows no output. I invoked
> it defining the DISTCC_DIR variable to t
I am using systemd-nspawn to compile in a clean environment. My
distcc cluster happily accepts requests from the container's build,
but the monitoring utility, distccmon-text, shows no output. I invoked
it defining the DISTCC_DIR variable to the correct directory in the
container.
I collected an
systemd-networkd is not a separate package in Fedora 30
$ rpm -qf /usr/lib/systemd/systemd-networkd
/usr/lib/systemd/system/systemd-networkd.service
systemd-241-12.git1e19bcd.fc30.x86_64
systemd-241-12.git1e19bcd.fc30.x86_64
___
systemd-devel mailing lis
Two things :
1) I used the following on the host (you noted I do not need
systemd-networkd on the host)
# dnf install systemd-networkd
==>
No match for argument: systemd-networkd
Error: Unable to find a match: systemd-networkd
2) To create the container (feedback welcome) I used :
//
export REL
On Sat, 2019-09-28 at 10:03 -0600, Douglas E. Hopley Jr. wrote:
> I get the error when, on the host, I am creating the container.
> To this point, I have found my setups work needing systemd-networkd on both
> the host and container.
>
> The distro for the container I am working to set
Hmm that's odd, Fedora should have systemd-networkd by default, and you
shouldn't need it on the host (I've used networkd on the container end
before but always use NetworkManager on my host system.) What command
*exactly* gave the error that networkd wasn't found?
On Sat, Sep 28, 2019, 11:03 AM D
I get the error when, on the host, I am creating the container.
To this point, I have found my setups work needing systemd-networkd on
both the host and container.
The distro for the container I am working to set up is 'Fedora 30 '.
That is also
the host distro too. Seems I have something w
I'm a bit confused, where is the error about networkd not being found
coming from? Do you want networkd on the host system or inside the
container? If the latter, what distro does the container run?
On Fri, Sep 27, 2019, 6:57 PM Douglas E. Hopley Jr.
wrote:
> Greetings - I hope this finds you w
Greetings - I hope this finds you well and that I provide a set of good
starting details ...
I have been using systemd-nspawn to create 'containers'/machines that I use
on hosts. These machines were set up with unique IP addresses so I have
multiple machines on same host (in some cases sharing t
On Mo, 13.05.19 11:07, Antoine Pietri ([email protected]) wrote:
> On Mon, May 13, 2019 at 10:42 AM Lennart Poettering
> wrote:
> > you can use it to lock up the machine, hence we generally don't do it.
>
> Thanks, got it. For my usecase though, security isn't much of a
> concern and I do
On Mon, May 13, 2019 at 10:42 AM Lennart Poettering
wrote:
> you can use it to lock up the machine, hence we generally don't do it.
Thanks, got it. For my usecase though, security isn't much of a
concern and I don't necessarily have the time/bandwidth to migrate the
software to cgroupsv2 upstream
On So, 12.05.19 14:09, Antoine Pietri ([email protected]) wrote:
> Hi,
>
> I have a probably dumb question for which I couldn't find an answer in
> the docs. I'm trying to make a program that uses the cgroupv1 API run
> into a systemd-nspawn container. In the host, I know that I can just
>
Hi,
I have a probably dumb question for which I couldn't find an answer in
the docs. I'm trying to make a program that uses the cgroupv1 API run
into a systemd-nspawn container. In the host, I know that I can just
look at /proc/self/cgroup to see the path of my cgroup and write stuff
there. The le
Mailing List SVR wrote on 16/01/2019 21:03:
> Il 16/01/19 19:24, Lennart Poettering ha scritto:
>> On Mi, 16.01.19 09:20, Mailing List SVR ([email protected]) wrote:
>>
>>> Well, this command will make the sd devices readable inside the
>>> container on
>>> centos 7 too
>>>
>>> echo 'b 8:* rw
Il 16/01/19 19:24, Lennart Poettering ha scritto:
On Mi, 16.01.19 09:20, Mailing List SVR ([email protected]) wrote:
Well, this command will make the sd devices readable inside the container on
centos 7 too
echo 'b 8:* rw' >
/sys/fs/cgroup/devices/machine.slice/machine-bionic\\x2druntim
On Mi, 16.01.19 09:20, Mailing List SVR ([email protected]) wrote:
> Well, this command will make the sd devices readable inside the container on
> centos 7 too
>
> echo 'b 8:* rw' >
> /sys/fs/cgroup/devices/machine.slice/machine-bionic\\x2druntime.scope/devices.allow
>
> now I'll will sear
Well, this command will make the sd devices readable inside the
container on centos 7 too
echo 'b 8:* rw' >
/sys/fs/cgroup/devices/machine.slice/machine-bionic\\x2druntime.scope/devices.allow
now I'll will search how to pass to systemd-nspawn using a command line
argument
Il 16/01/19 01:4
Hi,
I'm quite new to systemd-nspawn,
I configured a systemd container based on ubuntu bionic using debootstrap.
I can start the container from a bionic host (systemd 237) with a
command like this one
systemd-nspawn -b -D bionic-devel
--capability=CAP_SYS_TIME,CAP_SYS_RAWIO --bind=/dev/sda
On Do, 26.07.18 20:13, [email protected]
([email protected]) wrote:
> Hi All, I am using systemd 237. I am trying to start two containers
> using systemd-nspawn with same root directory. First one starts but
> the second one throws the Error "Directory Tree /a/b/c/ is currentl
Hi All,
I am using systemd 237. I am trying to start two containers using
systemd-nspawn with same root directory. First one starts but the second one
throws the Error "Directory Tree /a/b/c/ is currently busy."
In version 239 man pages, it's mentioned implicitly, that it can be used so.
v239 man
Hello,
I want to harden my systemd-nspawn container. Let's say we have a
service like this:
# cat /etc/systemd/system/test.service
[Unit]
Description=Test DynamicUser= with StateDirectory=
[Service]
ExecStart=id
ExecStart=echo 1
ExecStart=test -w /var/lib/foobar
ExecStart=echo 2
ExecStart=test -w
On Mo, 02.07.18 17:25, Nikolaus Rath ([email protected]) wrote:
> On Jul 02 2018, Lennart Poettering wrote:
> >> Still not quite working, now there seems to be a problem with
> >> /proc/self/fd in the new shell:
> >>
> >> $ sudo systemd-nspawn -M $MACHINE \
> >> --private-users=1379532800:6
On Jul 02 2018, Lennart Poettering wrote:
>> Still not quite working, now there seems to be a problem with
>> /proc/self/fd in the new shell:
>>
>> $ sudo systemd-nspawn -M $MACHINE \
>> --private-users=1379532800:65536 --private-network \
>> --as-pid2
[...]
>>
>> What's happening here
On Fr, 29.06.18 21:24, Nikolaus Rath ([email protected]) wrote:
> >> The 'nsenter' approach seems to work so far, but I don't see a generally
> >> applicable way to figure out the right PID. Is there a trick for
> >> that?
> >
> > machinectl show --value $MACHINE -p Leader
>
> Still not quite wor
On Jun 25 2018, Lennart Poettering wrote:
> On Sa, 23.06.18 21:57, Nikolaus Rath ([email protected]) wrote:
>
>> On Jun 23 2018, Nikolaus Rath wrote:
>> > On Jun 23 2018, aleivag wrote:
>> >> short answer, yes, `machinectl login` is only suppported for systemd-init
>> >> ,
>> >> and `machinectl
On Do, 28.06.18 20:25, Nikolaus Rath ([email protected]) wrote:
> On Jun 26 2018, Lennart Poettering wrote:
> > On Di, 26.06.18 09:39, Nikolaus Rath ([email protected]) wrote:
> >
> >> Hi,
> >>
> >> That makes sense.. but is there any way to find out *globally* what
> >> devices are mounted in *
On Jun 26 2018, Lennart Poettering wrote:
> On Di, 26.06.18 09:39, Nikolaus Rath ([email protected]) wrote:
>
>> Hi,
>>
>> That makes sense.. but is there any way to find out *globally* what
>> devices are mounted in *any* namespace?
>
> If you a PID from any process that belongs to the container
On Di, 26.06.18 09:39, Nikolaus Rath ([email protected]) wrote:
> Hi,
>
> That makes sense.. but is there any way to find out *globally* what
> devices are mounted in *any* namespace?
If you a PID from any process that belongs to the container you can
list its mounts by doing /proc/$PID/mountinf
Hi,
That makes sense.. but is there any way to find out *globally* what
devices are mounted in *any* namespace?
Best,
-Nikolaus
On Jun 23 2018, Ryan Gonzalez wrote:
> It's probably a private mountpoint, meaning that no one outside of
> systemd-nspawn and it's children can see it. If you need t
On Sa, 23.06.18 21:57, Nikolaus Rath ([email protected]) wrote:
> On Jun 23 2018, Nikolaus Rath wrote:
> > On Jun 23 2018, aleivag wrote:
> >> short answer, yes, `machinectl login` is only suppported for systemd-init ,
> >> and `machinectl shell` `systemd-run` will try to talk to the container v
It's probably a private mountpoint, meaning that no one outside of
systemd-nspawn and it's children can see it. If you need to access the
data, you can use machinectl:
https://www.freedesktop.org/software/systemd/man/machinectl.html
On June 23, 2018 8:49:01 AM Nikolaus Rath wrote:
Hi,
I h
hi:
so for finding the pid the solution its (big surprise :D ) using systemd,
instead of just executing you systemd-nspawn in bash you start it as a
systemd-unit (you can even do this as ephemeral unit with `sytemd-run
--unit myspawn.service systemd-nspawn bla...`)
then to get the ip of the n
On Jun 23 2018, Nikolaus Rath wrote:
> On Jun 23 2018, aleivag wrote:
>> short answer, yes, `machinectl login` is only suppported for systemd-init ,
>> and `machinectl shell` `systemd-run` will try to talk to the container via
>> dbus, so i dont think you are force to have systemd runing inside t
On Jun 23 2018, aleivag wrote:
> short answer, yes, `machinectl login` is only suppported for systemd-init ,
> and `machinectl shell` `systemd-run` will try to talk to the container via
> dbus, so i dont think you are force to have systemd runing inside the
> container (i may be wrong) but you do
short answer, yes, `machinectl login` is only suppported for systemd-init ,
and `machinectl shell` `systemd-run` will try to talk to the container via
dbus, so i dont think you are force to have systemd runing inside the
container (i may be wrong) but you do need to have dbus (and its easy to
just
Hi,
On Sat, 23 Jun 2018, at 15:31, Vito Caputo wrote:
> On Sat, Jun 23, 2018 at 03:09:04PM +0100, Nikolaus Rath wrote:
> > How would I go about starting an additional shell in an existing
> > container? I am starting the container with:
> >
> > $ systemd-nspawn -M foo --as-pid2 --register=no
> >
>
On Sat, Jun 23, 2018 at 03:09:04PM +0100, Nikolaus Rath wrote:
> Hello,
>
> How would I go about starting an additional shell in an existing
> container? I am starting the container with:
>
> $ systemd-nspawn -M foo --as-pid2 --register=no
>
> "foo" is a raw image retrieved with machinectl. If I
Hi:
to get a shell on your running container , you need to get it's name
(execute `machinectl` to get a list of containers) and then
if you just want a shell you can run `systemd-run --machine= --pty
/bin/bash` or `machinectl shell /bin/bash`
and if you want a real login promp
machinectl login
Hello,
How would I go about starting an additional shell in an existing
container? I am starting the container with:
$ systemd-nspawn -M foo --as-pid2 --register=no
"foo" is a raw image retrieved with machinectl. If I simply execute the
above command again, I am getting a "Disk image
/var/lib/ma
Hi,
I have just started using machinectl and systemd-nspawn and like it a
lot. However, there is one thing that I could not figure out from the
documentation and not knowing it makes me feel uncomfortable: where
exactly is the root filesystem for the container mounted, and how can I
access it from
On 04/10/17 13:09, Lennart Poettering wrote:
> Ah, uh, I forgot that your image is a block device. We are missing
> some support there for that. /var/lib/machines may only contain
> dirs/subvols and raw files right now, we don't support block
> devices. But adding support for that should be easy, t
On Mi, 04.10.17 12:41, Mourad De Clerck ([email protected]) wrote:
> On 04/10/17 11:31, Lennart Poettering wrote:
> > The image dissection logic can deal with either. The GPT approach is a
> > bit nicer I think since the root partition can be marked as such, and
>
>
> All right, makes sen
On 04/10/17 11:31, Lennart Poettering wrote:
> The image dissection logic can deal with either. The GPT approach is a
> bit nicer I think since the root partition can be marked as such, and
All right, makes sense.
>> 2) machinectl list-images doesn't detect the images in LVs; am I
>> supposed to
On Di, 03.10.17 17:04, [email protected] ([email protected])
wrote:
> Hi,
>
> I'm trying to figure out the right way of using an LUKS-encrypted LV
> with systemd-nspawn.
>
> I've got an LV called "containername" which is LUKS-encrypted, and I
> start the container using:
>
> syst
Hi,
I'm trying to figure out the right way of using an LUKS-encrypted LV
with systemd-nspawn.
I've got an LV called "containername" which is LUKS-encrypted, and I
start the container using:
systemd-nspawn --boot --image=/dev/vg/containername
it asks me for the LUKS passphrase, and it seems to w
Hello,
I have some users inside container hat had the same uid/GID on host.
The files are bind to container and has rights "700" on host.
I can't access files inside container (permission denied).
so far so good.
Is there a way to map uid/gid from host to container or from container
to host,
that
Hi Everyone.
I have below trouble.
I start my container with --network-interface option as below:
ExecStart=/usr/bin/systemd-nspawn -M %i.%H --quiet --keep-unit --boot
--link-journal=auto --network-veth *--network-interface=dummy6*
--capability=CAP_NET_RAW --directory=/var/lib/container/%i
Every
Make sure to pass --enable-importd to ./configure.
Also, looking at Makefile.am, you see that importd is built conditionally:
if ENABLE_IMPORTD
if HAVE_LIBCURL
if HAVE_XZ
if HAVE_ZLIB
if HAVE_BZIP2
if HAVE_GCRYPT
...
So, you need to have the devel packages for curl, xz/lzma, zlib, bzip2
and gcr
Hi,
I have built systemd 233 from source by following the build
instructions in HACKING. Rebooted and logged in again.
# systemctl --version
systemd 233
-PAM -AUDIT -SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP
-LIBCRYPTSETUP -GCRYPT -GNUTLS -ACL -XZ -LZ4 -SECCOMP +BLKID -ELFUTILS
-KMOD -IDN def
On 17.04.2017 11:59, Lennart Poettering wrote:
> On Thu, 13.04.17 16:08, poma ([email protected]) wrote:
>
>> Hello
>>
>> Regaining of the network-interface, as is stated in the manual, ain't
>> happening;
>> man 1 systemd-nspawn
>> ...
>> OPTIONS
>> ...
>> --network-interface=
>> Assi
On Thu, 13.04.17 16:08, poma ([email protected]) wrote:
> Hello
>
> Regaining of the network-interface, as is stated in the manual, ain't
> happening;
> man 1 systemd-nspawn
> ...
> OPTIONS
> ...
> --network-interface=
> Assign the specified network interface to the container.
> Thi
Hello
Regaining of the network-interface, as is stated in the manual, ain't happening;
man 1 systemd-nspawn
...
OPTIONS
...
--network-interface=
Assign the specified network interface to the container.
This will remove the specified interface from the calling namespace and
place it in the co
On 12.04.2017 11:05, Lennart Poettering wrote:
> On Tue, 11.04.17 17:22, poma ([email protected]) wrote:
>
>> Hello
>>
>> The title doesn't quite work;
>>
>> # qemu-img --version
>> qemu-img version 2.6.2 (qemu-2.6.2-7.fc24), Copyright (c) 2004-2008 Fabrice
>> Bellard
>>
>> # qemu-img co
On Tue, 11.04.17 17:22, poma ([email protected]) wrote:
> Hello
>
> The title doesn't quite work;
>
> # qemu-img --version
> qemu-img version 2.6.2 (qemu-2.6.2-7.fc24), Copyright (c) 2004-2008 Fabrice
> Bellard
>
> # qemu-img convert fedora25.qcow2 fedora25.raw
>
> # file fedora25.*
Hello
The title doesn't quite work;
# qemu-img --version
qemu-img version 2.6.2 (qemu-2.6.2-7.fc24), Copyright (c) 2004-2008 Fabrice
Bellard
# qemu-img convert fedora25.qcow2 fedora25.raw
# file fedora25.*
fedora25.qcow2: QEMU QCOW Image (v3), 21474836480 bytes
fedora25.raw: DOS/MBR boot sec
Days ago I found out the real cause of this problem:
(SELinux bugreport) machinectl user experience is completely broken
https://bugzilla.redhat.com/show_bug.cgi?id=1416540
___
systemd-devel mailing list
[email protected]
https://lists.f
It looks like the problem is systemd-networkd disabled on both host
machine and container. Thanks to Francesco Frassinelli for the hint
___
systemd-devel mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/syste
Errata corrige:
# cat /etc/systemd/nspawn/theta-1.nspawn
is
# cat /etc/systemd/nspawn/test.nspawn
___
systemd-devel mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Hi everybody.
I am used to create and use systemd-nspawn containers (on Fedora 25)
with the following few lines of bash
# lvcreate --name test -L 200G vg_machines
# mkfs.ext4 /dev/vg_machines/test
# mkdir /var/lib/machines/test
# mount /dev/vg_machines/test /var/lib/ma
On Fri, 18.11.16 02:55, Masoom Shaikh ([email protected]) wrote:
> I have a container using debootstrap for Ubuntu 12.04
>
> systemd-nspawn -D ubuntu_12.04 works
>
>
> but I want it with boot option
>
> systemd-nspawn -bD ubuntu_12.04
>
> this doesn't give a console!
>
>
> read somewh
I have a container using debootstrap for Ubuntu 12.04
systemd-nspawn -D ubuntu_12.04 works
but I want it with boot option
systemd-nspawn -bD ubuntu_12.04
this doesn't give a console!
read somewhere, it might be related to older ubuntu's looking for /dev/tty1
et.al. where as systemd provides
well you can read user_namespaces(7), the beginning of it at least. it
probably says something about keyrings. so either this info is
incorrect, or I for example understand it wrongly, or whatever.
Also, you know, when you say that currently containers have holes and so
are still not really secure
Why do you turn off keyrings? at least manpages say that userns
virtualizes keyrings or something similar...
W dniu 11.11.2016 o 19:24, Lennart Poettering pisze:
> On Fri, 11.11.16 19:21, Michał Zegan ([email protected]) wrote:
>
>> audit/autofs are not properly virtualized, I know. But
On Fri, 11.11.16 19:36, Michał Zegan ([email protected]) wrote:
> Why do you turn off keyrings? at least manpages say that userns
> virtualizes keyrings or something similar...
That'd be a new feature then...
Lennart
--
Lennart Poettering, Red Hat
_
On Fri, 11.11.16 19:21, Michał Zegan ([email protected]) wrote:
> audit/autofs are not properly virtualized, I know. But I thought
> keyrings and cgroups are.
most container managers turn off keyrings entirely (as we do in nspawn
actually).
delegating controllers in cgroupsv1 is unsafe,
audit/autofs are not properly virtualized, I know. But I thought
keyrings and cgroups are.
W dniu 11.11.2016 o 18:28, Lennart Poettering pisze:
> On Fri, 11.11.16 16:41, Michał Zegan ([email protected]) wrote:
>
>> Thank you for your answers!
>>
>> What I meant by secure containers is mo
On Fri, 04.11.16 15:54, Bill Lipa ([email protected]) wrote:
> This might be due to trying to use systemd-nspawn -x with a raw image
> inside the btrfs /var/lib/machines volume. It doesn't work in the
> sense that the container isn't ephemeral, but there's no error message
> either, and this le
On Fri, 11.11.16 16:41, Michał Zegan ([email protected]) wrote:
> Thank you for your answers!
>
> What I meant by secure containers is mostly, containers that are or will
> be secure enough to use them for things like virtual private server
> hosting. Is nspawn intended to be usable for
1 - 100 of 340 matches
Mail list logo
