This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | Next revision Both sides next revision | ||
docs:lxc [2013-11-24 15:13] glen loginuid issue |
docs:lxc [2013-11-24 15:17] glen separate section for problems/solutio |
||
---|---|---|---|
Line 24: | Line 24: | ||
Build the guest container. | Build the guest container. | ||
+ | |||
==== Bare minimum, no template ==== | ==== Bare minimum, no template ==== | ||
Line 62: | Line 63: | ||
!!! WARNING: pld template for LXC is yet to be written !!! | !!! WARNING: pld template for LXC is yet to be written !!! | ||
- | ===== Vserver comparision ===== | + | ===== Common problems / Useful tricks ===== |
- | When in Vserver, guest processes are not visible in host, then in LXC all guest processes are visible. Beware when running ''killall(1)'' commands on host. | + | ==== loginuid ==== |
- | Also, unfortunately ''/proc/PID/root'' points to ''/'' for LXC guests as well, so ''rc-scripts'' ''filter_chroot()'' can't differentiate between host and guest processes. | + | ''pam_loginuid.so'' does not allow ''sshd'' to login |
- | Also, ''dmesg(1)'' in guest sees hosts' dmesg by default, you can turn this off by setting ''kernel.dmesg_restrict=1'' sysctl param, available since ''2.6.37'' kernel. | + | <file> |
+ | Nov 24 16:02:10 test sshd[2694]: error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session | ||
+ | </file> | ||
- | ''pam_loginuid.so'' does not allow ''sshd'' to login. similar problem as [[http://kb.parallels.com/en/112597|here]]. | ||
- | Workaround: | + | Similar problem as [[http://kb.parallels.com/en/112597|here]], to workaround, disable ''pam_loginuid.so'' in the authentication rules: |
- | Disable "pam_loginuid.so" in the authentication rules: | + | |
<file> | <file> | ||
# sed '/pam_loginuid.so/s/^/#/g' -i /etc/pam.d/* | # sed '/pam_loginuid.so/s/^/#/g' -i /etc/pam.d/* | ||
</file> | </file> | ||
+ | |||
+ | ===== Vserver comparision ===== | ||
+ | |||
+ | When in Vserver, guest processes are not visible in host, then in LXC all guest processes are visible. Beware when running ''killall(1)'' commands on host. | ||
+ | |||
+ | Also, unfortunately ''/proc/PID/root'' points to ''/'' for LXC guests as well, so ''rc-scripts'' ''filter_chroot()'' can't differentiate between host and guest processes. | ||
+ | |||
+ | Also, ''dmesg(1)'' in guest sees hosts' dmesg by default, you can turn this off by setting ''kernel.dmesg_restrict=1'' sysctl param, available since ''2.6.37'' kernel. | ||
+ | |||
**Commands:** | **Commands:** |