On Thu, Apr 21, 2016 at 11:21 PM, Harald Dunkel <ha...@afaics.de> wrote: > On 04/21/16 08:05, Fajar A. Nugraha wrote: >> On Wed, Apr 20, 2016 at 6:50 PM, Harald Dunkel <harald.dun...@aixigo.de> >> wrote: >>> Hi folks, >>> >>> AFAIR the idea of the containers was to provide isolation >>> between the host and the user-space instances. >>> >>> Are we loosing this with systemd support? >> >> What makes you think that? >> >> The host only needs systemd cgroup mount, it doesn't need to run systemd. >> > > AFAIU you cannot run systemd in a LXC container dom1, unless > these cgroup mount points are setup in dom0 for some initia- > lization.
There are requirements in the host, yes. Even without systemd in the container, you'd still need cgroup support in the host. > I am not sure if this still counts as "isolated". > Shouldn't systemd in dom1 just work, no matter what? If that's what you want for "isolation", then use KVM. Looking at /usr/share/lxcfs/lxc.mount.hook, if you have kernel with cgroup namespace support, you might not need to setup host cgroup. CMIIW # no need for lxcfs cgroups if we have cgroup namespaces [ -n "$LXC_CGNS_AWARE" ] && [ -f /proc/self/ns/cgroup ] && exit 0 -- Fajar _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
