There are a few issues with creating a lucid container, then adding the
updates and security repositories.
If you add them later, you'll get problems that prevent your container from
fully starting if you upgrade the following:
mountall (2.14 => 2.15.3) and
ifupdown (0.6.8ubuntu29 => 0.6.8ubuntu29.2)
mountall will override /lib/init/fstab to look like:
>>>
# /lib/init/fstab: static file system information.
#
# These are the filesystems that are always mounted on boot, you can
# override any of these by copying the appropriate line from this file into
# /etc/fstab and tweaking it as you see fit. See fstab(5).
#
#
/dev/root / rootfs defaults
0 1
none/proc proc
nodev,noexec,nosuid 0 0
none/proc/sys/fs/binfmt_misc binfmt_misc
nodev,noexec,nosuid,optional 0 0
none/sys sysfs
nodev,noexec,nosuid 0 0
none/sys/fs/fuse/connections fusectl optional
0 0
none/sys/kernel/debug debugfs optional
0 0
none/sys/kernel/security securityfs optional
0 0
none/spu spufs gid=spu,optional
0 0
none/dev devtmpfs,tmpfs mode=0755
0 0
none/dev/pts devpts
noexec,nosuid,gid=tty,mode=0620 0 0
none/dev/shm tmpfs nosuid,nodev
0 0
none/tmp nonedefaults
0 0
none/var/run tmpfs
mode=0755,nosuid,showthrough 0 0
none/var/lock tmpfs
nodev,noexec,nosuid,showthrough 0 0
none/lib/init/rw tmpfs
mode=0755,nosuid,optional 0 0
>>>
Instead of:
>>>
# /lib/init/fstab: lxc system fstab
none/spu spufs gid=spu,optional
0 0
none/tmp nonedefaults
0 0
none/var/lock tmpfs
nodev,noexec,nosuid,showthrough 0 0
none/lib/init/rw tmpfs
mode=0755,nosuid,optional 0 0
>>>
I note that other versions of ubuntu don't seem to require this stripped
down /lib/init/fstab, can anyone explain why?
If you replace it with the old version, you'll be good to go, but...
ifupdown has these changes (though I don't quite understand why they're an
issue, seems like they should just work..):
>>>
diff -u -r
ifupdown-0.6.8ubuntu29/debian/ifupdown.network-interface-security.upstart
ifupdown-0.6.8ubuntu29.2/debian/ifupdown.network-interface-security.upstart
---
ifupdown-0.6.8ubuntu29/debian/ifupdown.network-interface-security.upstart
2010-02-20 17:30:21.0 +1300
+++
ifupdown-0.6.8ubuntu29.2/debian/ifupdown.network-interface-security.upstart
2011-01-05 07:48:34.0 +1300
@@ -13,14 +13,22 @@
or starting network-manager
or starting networking)
+# In order to handle the lack of upstart feature LP: #568860, we need to
+# run multiple times, for each of the above "starting" service instances,
or
+# else another one might run while we're running, and not wait for us to
+# finish.
+instance $JOB${INTERFACE:+/}${INTERFACE:-}
+
# Since we need these profiles to be loaded before any of the above
services
# begin running, this service must be a pre-start so that its pre-start
# script finishes before the above services' start scripts begin.
pre-start script
+[ -f /var/run/network-interface-security ] && exit 0 # already ran
[ -d /rofs/etc/apparmor.d ] && exit 0 # do not load on liveCD
[ -d /sys/module/apparmor ] || exit 0 # do not load without AppArmor
[ -x /sbin/apparmor_parser ] || exit 0 # do not load without parser
for link in /etc/apparmor/init/network-interface-security/* ; do
[ -L $link ] && /sbin/apparmor_parser -r -W $link || true
done
+> /var/run/network-interface-security
end script
diff -u -r ifupdown-0.6.8ubuntu29/debian/ifupdown.network-interface.upstart
ifupdown-0.6.8ubuntu29.2/debian/ifupdown.network-interface.upstart
--- ifupdown-0.6.8ubuntu29/debian/ifupdown.network-interface.upstart
2010-02-20 17:30:21.0 +1300
+++ ifupdown-0.6.8ubuntu29.2/debian/ifupdown.network-interface.upstart
2011-01-05 07:48:34.0 +1300
@@ -10,8 +10,15 @@
stop on net-device-removed INTERFACE=$INTERFACE
instance $INTERFACE
+export INTERFACE
pre-start script
+if [ "$INTERFACE" = lo ]; then
+ # bring this up even if /etc/network/interfaces is broken
+ ifconfig lo 127.0.0.1 up || true
+ initctl emit -n net-device-up \
+ IFACE=lo LOGICAL=lo ADDRFAM=inet METHOD=loopback || true
+fi
mkdir -p /var/run/network
exec ifup --allo