On Thu, Feb 16, 2012 at 02:25:36PM -0000, Serge Hallyn wrote: > regarding whether disabling plymouth is the right fix: I don't know the > mechanisms plymouth uses.
Well, I'm happy to answer questions you have on this, but I don't understand what issue you're trying to address by disabling plymouth. The bug description says only that: > As stgraber said, "it writes some error messages to /var/log/upstart (when > you have logging) and sometimes to the console". But a) that's not true for values of "it" == "plymouth" (maybe this refers to upstart?), and b) it's not clear to me what behavior you expect for the various messages if plymouth is disabled - particularly the ones that are *actually* being routed to plymouth, which may require some sort of user interaction. > 1. for system log entries, the right fix will be a syslog namespace, > which doesn't yet exist. plymouth has nothing to do with syslog. It captures *console* output to /var/log/boot.log, but that's a secondary function and doesn't use syslog for output. > 2. if it uses proc files, we may be able to use apparmor to protect from > plymouth, though that may make plymouth fail and cause the container to > not boot right. The right fix would be a mix of user namespaces and > proc file access filtering. Plymouth uses /proc/cmdline and /proc/self/fd. Are these a problem in lxc? > 3. if it uses devices (ioctls or writes), we may be able to use apparmor > and/or the devices namespace to protect from plymouth, but a device > namespace will be the right fix. Oh, it definitely uses devices. At a minimum, it expects to be able to open /dev/console. It also generally expects to make use of /dev/fb, /dev/tty0, /dev/tty1, and a few others. I had assumed that there is some sort of virtualized console in the container that would be exposed with the usual device name. If there isn't, then there's definitely no point in running plymouth in a container. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/925513 Title: plymouth should not run in container To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/925513/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs