Am 20.10.2014 um 19:27 schrieb Lennart Poettering: > On Mon, 20.10.14 19:16, Richard Weinberger (richard@xxxxxx) wrote: > >>> Have you read the link I posted? >> >> Sure, I've also been in the room in Düsseldorf while you've read it >> in front of us. > > Not that I changed it since then... ;-) > >>> Yes, I test systemd inside containers. Daily. Actually it's my primary >>> way of testing systemd, since it is extremely quick and allows me to >>> attach from the host with debugging tools... >>> >>> As long as you follow the suggestions in the document I linked systemd >>> will work without modifications in container managers. At least >>> libvirt-lxc and nspawn follows these suggestions, not sure about the >>> other container managers. >> >> If I read the source of nspwan correctly, it does not use user >> namespaces. > > Ah, this is about user namespaces? No I have not played around with > them so far. Sorry. Yep. Please have a look at them. There are some pitfalls. >> libvirt-lxc is currently not sure how to support systemd. So far it >> bind mounts only the machine specific part of cgroups into the container. >> Which is not really nice but better than exposing the whole hierarchy into >> the container. > > It really should also bind mount the upper parts, but possibly mark > them read-only (which nspawn currently doesn't do). Okay. Or maybe cgroup namespaces will help. Let's find out. :) Thanks, //richard _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
