To make something work, I need a shared memory device (/dev/shm) inside an LXD container. My exact problem is described here, but the solution does not apply to me as I am using LXD.
How do I accomplish this:
lxc.mount.entry = none dev/shm tmpfs nodev,nosuid,noexec,mode=1777,create=dir 0 0
in an LXD container?
What container image and LXD version are you using?
Here /dev/shm is already a tmpfs right out of the box:
root@blah:~# grep shm /proc/mounts
tmpfs /dev/shm tmpfs rw,nosuid,nodev,uid=1000000,gid=1000000 0 0
It’s LXD 4.0.3. The container is a Gentoo container made from an image I spun myself using distrobuilder, but based off of the template.
If it’s just a matter of configuring this in the guest, then I can do it that way. I just thought there was a canonical way to do this via LXD.
Ok, so that probably explains it. I suspect systemd always does the /dev/shm setup which is why most distros don’t have that problem.
Your best bet is an init script inside the container which creates /dev/shm on boot and mounts the tmpfs on it.
Okay, thanks. I’ll give that a try.
Should that be part of the image, perhaps?
There is an existing rc init script, /etc/init.d/devfs, that is supposed to mount devfs at sysinit. It appears that it is affected by the very same problem that the Alpine image had (there was a post on this that I lost and cannot find), the init script has the keyword ‘-lxc’, indicating it should never run inside a container. Here’s how I fixed it:
#!/sbin/openrc-run
# Copyright (c) 2007-2015 The OpenRC Authors.
# See the Authors file at the top-level directory of this distribution and
# https://github.com/OpenRC/openrc/blob/master/AUTHORS
#
# This file is part of OpenRC. It is subject to the license terms in
# the LICENSE file found in the top-level directory of this
# distribution and at https://github.com/OpenRC/openrc/blob/master/LICENSE
# This file may not be copied, modified, propagated, or distributed
# except according to the terms contained in the LICENSE file.
description="Set up the /dev directory"
depend()
{
provide dev-mount
before dev
# defaults: keyword -docker -lxc -prefix -systemd-nspawn -vserver
keyword -docker lxc -prefix -systemd-nspawn -vserver
}
Do we want /dev/shm to be available by default?
What’s the rest of that script?
If all it does is setup /dev/shm, then yeah, it should be made to run in lxc.
But the name suggests it may be doing more than just that.
Sorry, Stéphane, somehow I missed your response back in October. The complete script is here: https://github.com/OpenRC/openrc/blob/master/init.d/devfs.in
It mounts /dev. Setting keyword ‘lxc’ fixed the problems I was having and the container works for me in this state. We could try making it the default and revert if there are problems.
Yeah, probably worth trying