Our actual templates are based on the lxc-sshd template example that comes with lxc-templates. There, basically all the lxc is is bind-mounts for necessary paths from the host, obviously read-only:
# grep mount.entry /usr/share/lxc/templates/lxc-sshd lxc.mount.entry = /dev dev none ro,bind 0 0 lxc.mount.entry = /lib lib none ro,bind 0 0 lxc.mount.entry = /bin bin none ro,bind 0 0 lxc.mount.entry = /usr usr none ro,bind 0 0 lxc.mount.entry = /sbin sbin none ro,bind 0 0 lxc.mount.entry = tmpfs run/sshd tmpfs mode=0644 0 0 lxc.mount.entry = /usr/share/lxc/templates/lxc-sshd $init_path none ro,bind 0 0 lxc.mount.entry = /etc/init.d etc/init.d none ro,bind 0 0 lxc.mount.entry = /etc/sysconfig/network-scripts etc/sysconfig/network-scripts none ro,bind 0 0 lxc.mount.entry = /etc/rc.d etc/rc.d none ro,bind 0 0 lxc.mount.entry = /lib64 lib64 none ro,bind 0 0 Perhaps bind-mounting /dev isn't needed anymore, though then I'd like to know why the example does that, and what the implications are of leaving the /dev entry out. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1699903 Title: lxc-sshd won't start with 2.0.8 Status in lxc package in Ubuntu: New Bug description: On a xenial system after an update to lxc, starting a container created with the lxc-sshd template fails consistently. This does not occur with 2.0.7. root@xenial:~# lxc-create -n mysshd -t /usr/share/lxc/templates/lxc-sshd Generating public/private rsa key pair. Your identification has been saved in /var/lib/lxc/mysshd/rootfs/etc/ssh/ssh_host_rsa_key. Your public key has been saved in /var/lib/lxc/mysshd/rootfs/etc/ssh/ssh_host_rsa_key.pub. The key fingerprint is: SHA256:eR4Kv8JpWxe+RvIudD8LTuOYSGmLdnmX1CgB3Y/IHP4 root@xenial The key's randomart image is: +---[RSA 2048]----+ | . . | | . o . | | = o o | | *.. . | | . So+o | | ++=Eo. | | .+++BBo | | .+B+oO=+o | | ..o+++== .o | +----[SHA256]-----+ Generating public/private dsa key pair. Your identification has been saved in /var/lib/lxc/mysshd/rootfs/etc/ssh/ssh_host_dsa_key. Your public key has been saved in /var/lib/lxc/mysshd/rootfs/etc/ssh/ssh_host_dsa_key.pub. The key fingerprint is: SHA256:Jmet2LLZMtolKBhfDQ/Za4i3yr0/993umj4Hq0D8Qyg root@xenial The key's randomart image is: +---[DSA 1024]----+ | | | o | | + . | | . * o o | |. . + E S o | | + o + X + . | |. o o + = o o | | . + .+B.. ooo. | | o ++==..oo=*+ | +----[SHA256]-----+ root@xenial:~# lxc-start -n mysshd --logfile mysshd.log lxc-start: tools/lxc_start.c: main: 366 The container failed to start. lxc-start: tools/lxc_start.c: main: 368 To get more details, run the container in foreground mode. lxc-start: tools/lxc_start.c: main: 370 Additional information can be obtained by setting the --logfile and --logpriority options. root@xenial:~# cat mysshd.log lxc-start 20170622214710.829 ERROR lxc_conf - conf.c:lxc_setup_dev_console:1473 - Read-only file system - error unlinking /usr/lib/x86_64-linux-gnu/lxc/dev/console lxc-start 20170622214710.829 ERROR lxc_conf - conf.c:lxc_setup:4055 - failed to setup the console for 'mysshd' lxc-start 20170622214710.829 ERROR lxc_start - start.c:do_start:811 - Failed to setup container "mysshd". lxc-start 20170622214710.829 ERROR lxc_sync - sync.c:__sync_wait:57 - An error occurred in another process (expected sequence number 3) lxc-start 20170622214710.868 ERROR lxc_start - start.c:__lxc_start:1358 - Failed to spawn container "mysshd". lxc-start 20170622214715.901 ERROR lxc_start_ui - tools/lxc_start.c:main:366 - The container failed to start. lxc-start 20170622214715.901 ERROR lxc_start_ui - tools/lxc_start.c:main:368 - To get more details, run the container in foreground mode. lxc-start 20170622214715.901 ERROR lxc_start_ui - tools/lxc_start.c:main:370 - Additional information can be obtained by setting the --logfile and --logpriority options. root@xenial:~# dpkg -l '*lxc*' Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-======================================-========================-========================-================================================================================== un liblxc0 <none> <none> (no description available) ii liblxc1 2.0.8-0ubuntu1~16.04.2 amd64 Linux Containers userspace tools (library) ii lxc 2.0.8-0ubuntu1~16.04.2 all Transitional package for lxc1 ii lxc-common 2.0.8-0ubuntu1~16.04.2 amd64 Linux Containers userspace tools (common tools) ii lxc-templates 2.0.8-0ubuntu1~16.04.2 amd64 Linux Containers userspace tools (templates) ii lxc1 2.0.8-0ubuntu1~16.04.2 amd64 Linux Containers userspace tools ii lxcfs 2.0.6-0ubuntu1~16.04.1 amd64 FUSE based filesystem for LXC un lxctl <none> <none> (no description available) ii python3-lxc 2.0.8-0ubuntu1~16.04.2 amd64 Linux Containers userspace tools (Python 3.x bindings) Removing the addition of the bind-mount for /dev to the config from the template seems to move the start along, yet implications of doing this are unknown. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1699903/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
