I’m hoping to be use LXC to package up system utilities and deploy them to a variety of different types of hosts without problems caused by conflicting versions of shared libraries.
Using a LXC privileged container, permissions work out very well for this use case.
(with Docker I wasn’t able to get the permissions to work)
The mount options also seem to give me everything I need.
Unfortunately, I haven’t figured out how to access the entire host process table from inside the container. Is there a different startup flag the or a config option that would allow my container to access the entire host process table, so that top or htop inside the container would not be constrained to the container?
In case anyone else is interested in this, turns out it’s really more of a container image problem than an actual LXC problem…
If you start with /usr/share/lxc/templates/lxc-busybox and remove or comment out the
#lxc.mount.auto = cgroup:mixed proc:rw sys:mixed
Then if you add an entry like:
lxc.mount.entry = /proc rootproc none rw,bind,optional 0 0
And after the container boots, do a:
mount --bind /rootproc /proc
The host process table comes through normally.
Perhaps there’s a better way… I’ve just started digging into it, but at least this is one way that you can access the full process table inside an LXC container.
I’m not sure why you can’t directly mount “/proc” during the boot of the container with something like:
lxc.mount.entry = /proc proc none rw,bind,optional 0 0
Each time I tried that, the container failed to start.
1 Like