User Tools
docs:lxc
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | Next revision Both sides next revision | ||
|
docs:lxc [2013-11-24 15:13] glen loginuid issue |
docs:lxc [2013-11-24 15:17] glen separate section for problems/solutio |
||
|---|---|---|---|
| Line 24: | Line 24: | ||
| Build the guest container. | Build the guest container. | ||
| + | |||
| ==== Bare minimum, no template ==== | ==== Bare minimum, no template ==== | ||
| Line 62: | Line 63: | ||
| !!! WARNING: pld template for LXC is yet to be written !!! | !!! WARNING: pld template for LXC is yet to be written !!! | ||
| - | ===== Vserver comparision ===== | + | ===== Common problems / Useful tricks ===== |
| - | When in Vserver, guest processes are not visible in host, then in LXC all guest processes are visible. Beware when running ''killall(1)'' commands on host. | + | ==== loginuid ==== |
| - | Also, unfortunately ''/proc/PID/root'' points to ''/'' for LXC guests as well, so ''rc-scripts'' ''filter_chroot()'' can't differentiate between host and guest processes. | + | ''pam_loginuid.so'' does not allow ''sshd'' to login |
| - | Also, ''dmesg(1)'' in guest sees hosts' dmesg by default, you can turn this off by setting ''kernel.dmesg_restrict=1'' sysctl param, available since ''2.6.37'' kernel. | + | <file> |
| + | Nov 24 16:02:10 test sshd[2694]: error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session | ||
| + | </file> | ||
| - | ''pam_loginuid.so'' does not allow ''sshd'' to login. similar problem as [[http://kb.parallels.com/en/112597|here]]. | ||
| - | Workaround: | + | Similar problem as [[http://kb.parallels.com/en/112597|here]], to workaround, disable ''pam_loginuid.so'' in the authentication rules: |
| - | Disable "pam_loginuid.so" in the authentication rules: | + | |
| <file> | <file> | ||
| # sed '/pam_loginuid.so/s/^/#/g' -i /etc/pam.d/* | # sed '/pam_loginuid.so/s/^/#/g' -i /etc/pam.d/* | ||
| </file> | </file> | ||
| + | |||
| + | ===== Vserver comparision ===== | ||
| + | |||
| + | When in Vserver, guest processes are not visible in host, then in LXC all guest processes are visible. Beware when running ''killall(1)'' commands on host. | ||
| + | |||
| + | Also, unfortunately ''/proc/PID/root'' points to ''/'' for LXC guests as well, so ''rc-scripts'' ''filter_chroot()'' can't differentiate between host and guest processes. | ||
| + | |||
| + | Also, ''dmesg(1)'' in guest sees hosts' dmesg by default, you can turn this off by setting ''kernel.dmesg_restrict=1'' sysctl param, available since ''2.6.37'' kernel. | ||
| + | |||
| **Commands:** | **Commands:** | ||
docs/lxc.txt · Last modified: 2016-08-21 00:36 by glen
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
