[PVE-User] Debian buster, systemd, container and nesting=1

Tue, 18 Feb 2020 07:45:14 -0800 

I'm still on PVE 5.4.

I've upgraded a (privileged) LXC container to debian buster, that was
originally installed as debian jessie, then upgraded to stretch, but
still without systemd.
Upgrading to buster trigger systemd installation.

After installation, most of the services, not all, does not start, eg
apache:

 root@vnc:~# systemctl status apache2.service 
 ● apache2.service - The Apache HTTP Server
    Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor 
preset: enabled)
    Active: failed (Result: exit-code) since Tue 2020-02-18 16:06:35 CET; 44s 
ago
      Docs: https://httpd.apache.org/docs/2.4/
   Process: 120 ExecStart=/usr/sbin/apachectl start (code=exited, 
status=226/NAMESPACE)
 
 feb 18 16:06:35 vnc systemd[1]: Starting The Apache HTTP Server...
 feb 18 16:06:35 vnc systemd[120]: apache2.service: Failed to set up mount 
namespacing: Permission denied
 feb 18 16:06:35 vnc systemd[120]: apache2.service: Failed at step NAMESPACE 
spawning /usr/sbin/apachectl: Permission denied
 feb 18 16:06:35 vnc systemd[1]: apache2.service: Control process exited, 
code=exited, status=226/NAMESPACE
 feb 18 16:06:35 vnc systemd[1]: apache2.service: Failed with result 
'exit-code'.
 feb 18 16:06:35 vnc systemd[1]: Failed to start The Apache HTTP Server.

google say me to add 'nesting=1' to 'features', that works, but looking at:

        https://pve.proxmox.com/wiki/Linux_Container

i read:

 nesting=<boolean> (default = 0)
    Allow nesting. Best used with unprivileged containers with additional id 
mapping. Note that this will expose procfs and sysfs contents of the host to 
the guest.


i can convert this container to an unprivileged ones, but other no, for
examples some containers are samba domain controller, that need a
privileged container.


There's another/better way to make systemd work on containers?


Thanks.

-- 
dott. Marco Gaiarin                                     GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

                Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
        (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
_______________________________________________
pve-user mailing list
pve-user@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user

Reply via email to