[PLDWWW] page changed: docs:lxc

"Elan Ruusamäe (glen)" glen at pld-linux.org
Sun Nov 24 15:17:09 CET 2013 

separate section for problems/solutio

--- https://www.pld-linux.org/docs/lxc?rev=1385302413
+++ https://www.pld-linux.org/docs/lxc
@@ -22,8 +22,9 @@
  
  ===== Guest creation =====
  
  Build the guest container.
+ 
  ==== Bare minimum, no template ====
  
  <file bash>
  # lxc-create -n test
@@ -60,23 +61,32 @@
  </file>
  
  !!! WARNING: pld template for LXC is yet to be written !!! 
  
- ===== Vserver comparision =====
+ ===== Common problems / Useful tricks =====
  
- When in Vserver, guest processes are not visible in host, then in LXC all guest processes are visible. Beware when running ''killall(1)'' commands on host.
+ ==== loginuid ====
  
- Also, unfortunately ''/proc/PID/root'' points to ''/'' for LXC guests as well, so ''rc-scripts'' ''filter_chroot()'' can't differentiate between host and guest processes.
+ ''pam_loginuid.so'' does not allow ''sshd'' to login
  
- Also, ''dmesg(1)'' in guest sees hosts' dmesg by default, you can turn this off by setting ''kernel.dmesg_restrict=1'' sysctl param, available since ''2.6.37'' kernel.
+ <file>
+ Nov 24 16:02:10 test sshd[2694]: error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session
+ </file>
  
- ''pam_loginuid.so'' does not allow ''sshd'' to login. similar problem as [[http://kb.parallels.com/en/112597|here]].
  
- Workaround:
- Disable "pam_loginuid.so" in the authentication rules:
+ Similar problem as [[http://kb.parallels.com/en/112597|here]], to workaround, disable ''pam_loginuid.so'' in the authentication rules:
  <file>
  # sed '/pam_loginuid.so/s/^/#/g' -i  /etc/pam.d/*
  </file>
+ 
+ ===== Vserver comparision =====
+ 
+ When in Vserver, guest processes are not visible in host, then in LXC all guest processes are visible. Beware when running ''killall(1)'' commands on host.
+ 
+ Also, unfortunately ''/proc/PID/root'' points to ''/'' for LXC guests as well, so ''rc-scripts'' ''filter_chroot()'' can't differentiate between host and guest processes.
+ 
+ Also, ''dmesg(1)'' in guest sees hosts' dmesg by default, you can turn this off by setting ''kernel.dmesg_restrict=1'' sysctl param, available since ''2.6.37'' kernel.
+ 
  
  **Commands:**
  ^ Vserver ^ LXC ^ Notes ^
  | vserver test enter | lxc-attach -n test -e | Use ''-e'' option with care, especially when restarting processes |


Diff URL:
  https://www.pld-linux.org/docs/lxc?do=diff&r1=1385302413&r2=1385302629
-- 
This mail was generated by DokuWiki at
https://www.pld-linux.org/

More information about the pld-cvs-commit mailing list