[PLDWWW] page changed: docs:lxc
"Elan Ruusamäe (glen)"
glen at pld-linux.org
Sun Nov 24 15:17:09 CET 2013
separate section for problems/solutio
--- https://www.pld-linux.org/docs/lxc?rev=1385302413
+++ https://www.pld-linux.org/docs/lxc
@@ -22,8 +22,9 @@
===== Guest creation =====
Build the guest container.
+
==== Bare minimum, no template ====
<file bash>
# lxc-create -n test
@@ -60,23 +61,32 @@
</file>
!!! WARNING: pld template for LXC is yet to be written !!!
- ===== Vserver comparision =====
+ ===== Common problems / Useful tricks =====
- When in Vserver, guest processes are not visible in host, then in LXC all guest processes are visible. Beware when running ''killall(1)'' commands on host.
+ ==== loginuid ====
- Also, unfortunately ''/proc/PID/root'' points to ''/'' for LXC guests as well, so ''rc-scripts'' ''filter_chroot()'' can't differentiate between host and guest processes.
+ ''pam_loginuid.so'' does not allow ''sshd'' to login
- Also, ''dmesg(1)'' in guest sees hosts' dmesg by default, you can turn this off by setting ''kernel.dmesg_restrict=1'' sysctl param, available since ''2.6.37'' kernel.
+ <file>
+ Nov 24 16:02:10 test sshd[2694]: error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session
+ </file>
- ''pam_loginuid.so'' does not allow ''sshd'' to login. similar problem as [[http://kb.parallels.com/en/112597|here]].
- Workaround:
- Disable "pam_loginuid.so" in the authentication rules:
+ Similar problem as [[http://kb.parallels.com/en/112597|here]], to workaround, disable ''pam_loginuid.so'' in the authentication rules:
<file>
# sed '/pam_loginuid.so/s/^/#/g' -i /etc/pam.d/*
</file>
+
+ ===== Vserver comparision =====
+
+ When in Vserver, guest processes are not visible in host, then in LXC all guest processes are visible. Beware when running ''killall(1)'' commands on host.
+
+ Also, unfortunately ''/proc/PID/root'' points to ''/'' for LXC guests as well, so ''rc-scripts'' ''filter_chroot()'' can't differentiate between host and guest processes.
+
+ Also, ''dmesg(1)'' in guest sees hosts' dmesg by default, you can turn this off by setting ''kernel.dmesg_restrict=1'' sysctl param, available since ''2.6.37'' kernel.
+
**Commands:**
^ Vserver ^ LXC ^ Notes ^
| vserver test enter | lxc-attach -n test -e | Use ''-e'' option with care, especially when restarting processes |
Diff URL:
https://www.pld-linux.org/docs/lxc?do=diff&r1=1385302413&r2=1385302629
--
This mail was generated by DokuWiki at
https://www.pld-linux.org/
More information about the pld-cvs-commit
mailing list