This
"host and container can't have services run on the same port (e.g. if you
want sshd on both host and container, you need to change the listening port
for one of them)"
is untrue.
each container in my case has a different IP address, the host has another
one, and I run SSHD inside each container just fine.
On Mon, May 27, 2019 at 10:00 PM Fajar A. Nugraha <l...@fajar.net> wrote:
> On Mon, May 27, 2019 at 8:11 PM Saint Michael <vene...@gmail.com> wrote:
>
>> I thought I did start the containers as privileged:
>>
>> lxc.include = /usr/share/lxc/config/ubuntu.common.conf
>> lxc.mount.auto=
>> lxc.mount.auto=proc:rw sys:rw cgroup:rw
>> lxc.apparmor.profile=unconfined
>> lxc.tty.max = 10
>> lxc.pty.max = 1024
>> lxc.cgroup.devices.allow = c 1:3 rwm
>> lxc.cgroup.devices.allow = c 1:5 rwm
>> lxc.cgroup.devices.allow = c 5:1 rwm
>> lxc.cgroup.devices.allow = c 5:0 rwm
>> lxc.cgroup.devices.allow = c 4:0 rwm
>> lxc.cgroup.devices.allow = c 4:1 rwm
>> lxc.cgroup.devices.allow = c 1:9 rwm
>> lxc.cgroup.devices.allow = c 1:8 rwm
>> lxc.cgroup.devices.allow = c 136:* rwm
>> lxc.cgroup.devices.allow = c 5:2 rwm
>> lxc.cgroup.devices.allow = c 254:0 rwm
>> lxc.cgroup.devices.allow = c 10:137 rwm # loop-control
>> lxc.cgroup.devices.allow = b 7:* rwm # loop*
>> lxc.cgroup.devices.allow = c 10:229 rwm #fuse
>> lxc.cgroup.devices.allow = c 10:200 rwm #docker
>> lxc.cgroup.devices.allow= a
>> lxc.cap.drop=
>> lxc.cgroup.devices.deny=
>> lxc.autodev= 1
>> lxc.hook.autodev = sh -c 'mknod ${LXC_ROOTFS_MOUNT}/dev/fuse c 10 229'
>>
>
>
> Following Stephane's suggestion works on my test vm. You didn't do so,
> thus it didn't work.
>
> ###
> # Distribution configuration
> lxc.include = /usr/share/lxc/config/common.conf
> lxc.arch = x86_64
>
> # Container specific configuration
> lxc.rootfs.path = dir:/var/lib/lxc/c7-ul/rootfs
> lxc.uts.name = c7-ul
>
> lxc.net.0.type = none
> lxc.mount.auto=
> lxc.mount.auto=proc:rw sys:rw cgroup:rw
> lxc.apparmor.profile=unconfined
> ###
>
> ###
> c7-ul / # sysctl --system
> * Applying /usr/lib/sysctl.d/00-system.conf ...
> * Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
> kernel.yama.ptrace_scope = 0
> * Applying /usr/lib/sysctl.d/50-default.conf ...
> kernel.sysrq = 16
> kernel.core_uses_pid = 1
> net.ipv4.conf.default.rp_filter = 1
> net.ipv4.conf.all.rp_filter = 1
> net.ipv4.conf.default.accept_source_route = 0
> net.ipv4.conf.all.accept_source_route = 0
> net.ipv4.conf.default.promote_secondaries = 1
> net.ipv4.conf.all.promote_secondaries = 1
> fs.protected_hardlinks = 1
> fs.protected_symlinks = 1
> * Applying /etc/sysctl.d/99-sysctl.conf ...
> * Applying /etc/sysctl.d/net.conf ...
> net.core.rmem_max = 67108864
> net.core.wmem_max = 33554432
> net.core.rmem_default = 31457280
> net.core.wmem_default = 31457280
> * Applying /etc/sysctl.conf ...
>
> c7-ul / # cat /proc/sys/net/core/rmem_max
> 67108864
> ###
>
>
> Of course as warned earlier, host networking brings along some quirks. For
> instance:
> - host and container can't have services run on the same port (e.g. if you
> want sshd on both host and container, you need to change the listening port
> for one of them)
> - do not configure networking on the container (ONBOOT=no should be enough
> on your container's eth confi)
> - absolutely do not run "reboot", "init 6", or "poweroff" on the
> container. At the very least, it will cause hosts's eth0 to go down.
> "reboot -f" on the container should work nicely though.
>
> --
> Fajar
> _______________________________________________
> lxc-users mailing list
> lxc-users@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
_______________________________________________
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
