[Request fulfilled] enable container namespace features in Jolla kernel

Question

33

[Request fulfilled] enable container namespace features in Jolla kernel

asked 2014-12-10 16:40:44 +0200

t-lo

4384 ●51 ●61 ●63

http://www.thilo-fromm.de...

updated 2015-06-09 09:48:28 +0200

Starting containers on the Jolla would be an awesome feature.

Please enable the necessary namespace features CONFIG_UTS_NS, CONFIG_IPC_NS, CONFIG_PID_NS, and CONFIG_NET_NS in the Jolla kernel. This would enable systemd-nspawn to start containers.

Currently when I try to use systemd-nspawn I get:

[root@Jolla containers]# systemd-nspawn --read-only -bD Fedora-Minimal-armhfp-21_Beta-4-sda
The kernel auditing subsystem is known to be incompatible with containers.
Please make sure to turn off auditing with 'audit=0' on the kernel command
line before using systemd-nspawn. Sleeping for 5s...
Spawning namespace container on /media/sdcard/a1471002-ecc9-4bed-9beb-a5092113fe1f/data/containers/Fedora-Minimal-armhfp-21_Beta-4-sda (console is /dev/pts/4).
clone() failed, do you have namespace support enabled in your kernel? (You need UTS, IPC, PID and NET namespacing built in): Invalid argument

Being able to start containers on the Jolla phone would enable users to run many popular Linux distributions w/o actually installing those. Many distributions provide disk images for ARM which can be started as containers.

Update: @anandrkris recommended I bring this request to the sailfish-devel mailing list. Here's the link to the mailing list thread: https://lists.sailfishos.org/pipermail/devel/2014-December/005371.html

edit retag flag offensive close delete

Comments

1

I suppose these questions are better discussed over sailfish mailing lists where there is higher chance of developer interaction?

anandrkris ( 2014-12-10 17:12:55 +0200 )edit

Good point! The TJC community however seem quite technology adept to me so I figured it would be nice to involve those users into the containers idea, too.

t-lo ( 2014-12-10 17:17:03 +0200 )edit

Hmm...agree there are certainly users who are interested and comment their views but dev. visibility is high in ML / IRC. The problem in TJC is that there is a deluge of questions and this could get lost unless thread is very active / highly voted.

anandrkris ( 2014-12-10 17:24:56 +0200 )edit

I am currently in the process of subscribing to devel@lists.sailfish.org and posting a corresponding request there. Will update the question w/ a link to the mailing list archive thread as soon as it becomes available.

t-lo ( 2014-12-10 17:49:47 +0200 )edit

1

@t-lo: What about Docker ? I don't think it needs nspawn by default so it might be able to run out of the box ? (provided other things it needs are not disabled)

MartinK ( 2014-12-10 18:10:07 +0200 )edit

I suppose these questions are better discussed over sailfish mailing lists where there is higher chance of developer interaction?
anandrkris ( 2014-12-10 17:12:55 +0200 )edit
Good point! The TJC community however seem quite technology adept to me so I figured it would be nice to involve those users into the containers idea, too.
t-lo ( 2014-12-10 17:17:03 +0200 )edit
Hmm...agree there are certainly users who are interested and comment their views but dev. visibility is high in ML / IRC. The problem in TJC is that there is a deluge of questions and this could get lost unless thread is very active / highly voted.
anandrkris ( 2014-12-10 17:24:56 +0200 )edit
I am currently in the process of subscribing to devel@lists.sailfish.org and posting a corresponding request there. Will update the question w/ a link to the mailing list archive thread as soon as it becomes available.
t-lo ( 2014-12-10 17:49:47 +0200 )edit
@t-lo: What about Docker ? I don't think it needs nspawn by default so it might be able to run out of the box ? (provided other things it needs are not disabled)
MartinK ( 2014-12-10 18:10:07 +0200 )edit

Answer 1

18

answered 2015-06-09 09:46:50 +0200

t-lo

4384 ●51 ●61 ●63

http://www.thilo-fromm.de...

@Philippe De Swert , @g7

Guys! Guys!

Observe:

[root@Jolla containers]# systemd-nspawn --read-only -bD Fedora-Minimal-armhfp-21_Beta-4-sda
Spawning namespace container on /media/sdcard/a1471002-ecc9-4bed-9beb-a5092113fe1f/data/containers/Fedora-Minimal-armhfp-21_Beta-4-sda (console is /dev/pts/1).
Init process in the container running as PID 14721.
/etc/localtime does not point into /usr/share/zoneinfo/, not updating container timezone.
systemd 216 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN )
Detected virtualization 'systemd-nspawn'.
Detected architecture 'arm'.

Welcome to Fedora 21 (Twenty One)!

Failed to install release agent, ignoring: File exists
Running in a container, ignoring fstab device entry for /dev/disk/by-uuid/f1a2a574-2b14-4f67-8230-598cc073cdd4.
Running in a container, ignoring fstab device entry for /dev/disk/by-uuid/c446d8b1-140f-4bba-8099-9ae2e502db5b.
Running in a container, ignoring fstab device entry for /dev/disk/by-uuid/6ddc1a55-12a9-4238-9e98-6b87e0f7680f.
mkdir: cannot create directory '/lib/systemd/system/anaconda.target.wants': Read-only file system
ln: failed to create symbolic link '/lib/systemd/system/anaconda.target.wants/anaconda-tmux@tty1.service': No such file or directory
Configuration file /usr/lib/systemd/system/auditd.service is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.
Configuration file /usr/lib/systemd/system/man-db.timer is marked executable. Please remove executable permission bits. Proceeding anyway.
Configuration file /usr/lib/systemd/system/man-db.service is marked executable. Please remove executable permission bits. Proceeding anyway.
[  OK  ] Reached target Remote File Systems.
[  OK  ] Reached target Swap.
[  OK  ] Created slice Root Slice.
[  OK  ] Created slice User and Session Slice.
[  OK  ] Listening on /dev/initctl Compatibility Named Pipe.
[  OK  ] Listening on Delayed Shutdown Socket.
[  OK  ] Listening on Device-mapper event daemon FIFOs.
[  OK  ] Listening on LVM2 metadata daemon socket.
[  OK  ] Listening on Journal Socket.
[  OK  ] Created slice System Slice.
[  OK  ] Created slice system-getty.slice.
         Starting Monitoring of LVM2 mirrors, snapshots etc. using dmeventd or progress polling...
         Mounting FUSE Control File System...
         Starting Activation of DM RAID sets...
         Starting Show Plymouth Boot Screen...
[  OK  ] Reached target Slices.
         Starting Remount Root and Kernel File Systems...
[  OK  ] Mounted FUSE Control File System.
[  OK  ] Listening on Journal Socket (/dev/log).
[  OK  ] Started Activation of DM RAID sets.
plymouth-start.service: control process exited, code=exited status=69
[FAILED] Failed to start Show Plymouth Boot Screen.
See "systemctl status plymouth-start.service" for details.
Unit plymouth-start.service entered failed state.
plymouth-start.service failed.
systemd-remount-fs.service: main process exited, code=exited, status=1/FAILURE
[FAILED] Failed to start Remount Root and Kernel File Systems.
See "systemctl status systemd-remount-fs.service" for details.
Unit systemd-remount-fs.service entered failed state.
systemd-remount-fs.service failed.
         Starting LVM2 metadata daemon...
[  OK  ] Started LVM2 metadata daemon.
         Starting Configure read-only root support...
         Starting Load/Save Random Seed...
[  OK  ] Reached target Local File Systems (Pre).
[  OK  ] Reached target Paths.
[  OK  ] Reached target Encrypted Volumes.
         Starting Journal Service...
[  OK  ] Started Journal Service.
[  OK  ] Started Configure read-only root support.
[FAILED] Failed to start Load/Save Random Seed.
See "systemctl status systemd-random-seed.service" for details.
[  OK  ] Started Monitoring of LVM2 mirrors, snapshots etc. using dmeventd or progress polling.
[  OK  ] Reached target Local File Systems.
         Starting Tell Plymouth To Write Out Runtime Data...
         Starting Trigger Flushing of Journal to Persistent Storage...
         Starting Mark the need to relabel after reboot...
         Starting Create Volatile Files and Directories...
[  OK  ] Started Tell Plymouth To Write Out Runtime Data.
[  OK  ] Started Mark the need to relabel after reboot.
[  OK  ] Started Create Volatile Files and Directories.
         Starting Security Auditing Service...
[  OK  ] Started Trigger Flushing of Journal to Persistent Storage.
[FAILED] Failed to start Security Auditing Service.
See "systemctl status auditd.service" for details.
         Starting Update UTMP about System Boot/Shutdown...
[FAILED] Failed to start Update UTMP about System Boot/Shutdown.
See "systemctl status systemd-update-utmp.service" for details.
[DEPEND] Dependency failed for Update UTMP about System Runlevel Changes.
[  OK  ] Reached target System Initialization.
[  OK  ] Listening on Open-iSCSI iscsid Socket.
[  OK  ] Listening on Open-iSCSI iscsiuio Socket.
[  OK  ] Listening on D-Bus System Message Bus Socket.
[  OK  ] Reached target Sockets.
[  OK  ] Reached target Timers.
[  OK  ] Reached target Basic System.
         Starting NTP client/server...
         Starting OpenSSH Server Key Generation...
         Starting Initial Setup configuration program (text mode)...
         Starting Login Service...
         Starting D-Bus System Message Bus...
[  OK  ] Started D-Bus System Message Bus.
         Starting Permit User Sessions...
         Starting firewalld - dynamic firewall daemon...
[FAILED] Failed to start NTP client/server.
See "systemctl status chronyd.service" for details.
[  OK  ] Started Permit User Sessions.
[  OK  ] Started Login Service.
         Starting Cleanup of Temporary Directories...
         Starting dnf makecache...
         Starting Command Scheduler...
[  OK  ] Started Command Scheduler.
         Starting Console Getty...
[  OK  ] Started Console Getty.
         Starting Terminate Plymouth Boot Screen...


Fedora release 21 (Twenty One)
Kernel 3.4.106.20150416.1 on an armv7l (console)

Fedora-Minimal-armhfp-21_Beta-4-sda login:

\o/ \o/ \o/ \o/ \o/ \o/ \o/ \o/ \o/ \o/ \o/ \o/ \o/ \o/ \o/ \o/ \o/ \o/ \o/ \o/

I'll get back to the forum with a more detailed HowTo in a separate post. Thank you so much for enabling this!

edit flag offensive delete publish link

Comments

1

This is just crazy & wondertful!

Thanks!!

juiceme ( 2015-06-09 10:18:15 +0200 )edit

2

@l-to: Sorry for making you wait so long, but so glad it finally works for you ;)

Philippe De Swert ( 2015-06-09 10:45:27 +0200 )edit

Great!! :D

g7 ( 2015-06-09 13:40:12 +0200 )edit

Accepted Answer

12

answered 2014-12-11 09:29:27 +0200

Philippe De Swert
7698 ●74 ●88 ●91

updated 2015-06-09 11:36:56 +0200

A quick look at our kernel seems to indicate the support might be possible to get compiled in. However this will need to be evaluated and we will need to check if the phone runs stable with that included. Also this definitely comes too late for the upcoming update. But let's see what we can do. (No promises though and no idea if this will work as expected once we have it enabled)

(Released in 1.1.6.x enjoy!)

edit flag offensive delete publish link

Comments

if @Stskeeps releases the kernel sources for U9 then people can enable it themselves, like they did with the zram kernel option

r0kk3rz ( 2014-12-11 09:35:55 +0200 )edit

2

@r0kk3rz: Of course the sources will be available, but my answer was mostly aimed at people who might not want/are able to deal with that.

Philippe De Swert ( 2014-12-11 09:38:27 +0200 )edit

OK, so it won't be there with Update 10 - which is a pity considering the infrequent releases :-/ Can you give a rough indication on when this might be available?

t-lo ( 2014-12-11 09:40:32 +0200 )edit

@Philippe De Swert of course, but with a few pioneers in the community to see what breaks it helps you guys qualify the change for upcoming updates

r0kk3rz ( 2014-12-11 11:09:56 +0200 )edit

1

@Philippe De Swert Since roughly two months have passed - do we have a chance to get this feature w/ update11 (whenever it may be ready)?

t-lo ( 2015-02-04 13:51:53 +0200 )edit

[Request fulfilled] enable container namespace features in Jolla kernel

Comments

2 Answers

Comments

Comments

Question tools

Stats

Related questions

[Request fulfilled] enable container namespace features in Jolla kernel

Comments

2 Answers

Comments

Comments

Question tools

Public thread

Stats

Related questions