You are not logged in.
I've been playing around with virtual consoles inside an LXC container. I thought I'd post my notes on here for the benefit of the Arch community. I took comprehensive notes when testing how LXC handles tty devices because it was rather confusing to me! I'd be happy to hear feedback in case of errors or omissions.
Virtual Console (tty) configuration
===================================
The container can be configured with virtual consoles (tty devices). These may be devices from the host that the container is permissioned to use or they may be devices local to the container.
The host's virtual consoles are accessed using the key sequence ALT+Fn (or CTRL+ALT+Fn from within an X11 session). The left ALT key reaches consles 1 through 12 and the right ALT key reaches consoles 13 through 24. Further virtual consoles may be reached by the ALT+Right Arrow key sequence which steps to the next virtual console.
The container's local virtual consoles may be accessed using the "lxc-console" command.
The container must have a tty device file (e.g. /dev/tty1) for each virtual console (host or local). These can be created thus:
# mknod -m 666 /dev/tty1 c 4 1
# mknod -m 666 /dev/tty2 c 4 2
and so on...
In the above, c means character device, 4 is the major device number (tty devices) and 1,2,3, etc, is the minor device number (specific tty device). Note that tty0 is special and always refers to the current virtual console.
> further info on tty devices:
http://www.kernel.org/pub/linux/docs/de … evices.txt
Note that the device file's major number will be seen from within the container to change from 4 to 136 if it is not a host virtual console. This change is not seen when viewing the container's devices from the host. This information is useful when troubleshooting - more on this below.
If a virtual console's device file does not exist in the container then the container can not use virtual console.
The container's virtual consoles may be used for login sessions if the container runs "getty" services on their tty devices. This is normally done by the container's "init" process and is configured in the container's "/etc/inittab" file using lines like this:
c1:2345:respawn:/sbin/agetty -8 38400 tty1 linux
There is one line per device. The first part "c1" is just a unique label, the second part defines applicable run levels, the third part tells init to start a new getty when the current one terminates and the last part gives the command line for the getty. For further information refer to "man init"
If there is no getty process on a virtual console it will not be possible to log in via that virtual console. A getty is not required on a virtual console unless it is to be used to log in.
If a virtual console is to allow root logins it also needs to be listed in the container's /etc/securetty file.
The number of local virtual consoles that the container has is defined in the container's configuration file (normally on the host in /etc/lxc). It is defined thus:
lxc.tty = n
where n is the number of local virtual consoles required.
The local virtual consoles are numbered starting at tty1 and take precdence over any of the host's virtual consoles that the container might be entitled to use. This means that, for example, if n = 2 then the container will not be able to use the host's tty1 and tty2 devices even entitled to do so by its configuration file. Setting n to 0 will prevent local virtual consoles from being created thus allowing full access to any of host's virtual consoles that the container might be entitled to use.
The container may access the host's virtual consoles if the host is not using them and the container's configuration allows it. Typical configuration would deny access to all devices and then allow access to specifc devices like this:
lxc.cgroup.devices.deny = a # Deny all access to devices
lxc.cgroup.devices.allow = c 4:0 rwm # dev/tty0
lxc.cgroup.devices.allow = c 4:1 rwm # dev/tty1
lxc.cgroup.devices.allow = c 4:2 rwm # dev/tty2
Note that if lxc.tty is set to a number, n, then no host devices numbered n or below wll be accessible even if the above configuration is present becuase they will be replaced with local virtual consoles instead.
Real host devices will have a major number of 4 whereas local devices will have a major number of 136. This can be checked from within a container thus:
# ls -Al /dev/tty*
crw------- 1 root root 136, 10 Aug 21 21:28 /dev/tty1
crw------- 1 root root 136, 11 Aug 21 21:28 /dev/tty2
For a container to be able to use a host's virtual console it must not be in use by the host. This will most likely require the host's /etc/inittab being modified to ensure no getty or other process runs on any virtual console that is to be used by the container.
After editing the host's /etc/inittab file, issung a "killall -HUP init" will terminate any getty processes that are no longer configured and this will free up the virtual conosole for use by the container.
~
Offline
Forums are not the right place for such info - put it in the wiki so anyone can fix an error if they see it.
Offline
I'd gladly do that but don't know where to start. Do I just dive in and start editing pages? If I can get some guidance I'd like to contribute something...
Offline
I'd gladly do that but don't know where to start. Do I just dive in and start editing pages? If I can get some guidance I'd like to contribute something...
Offline
Ok I'm going to give that a go. Do you want to delete this thread?
Sorry for posting in wrong place
Offline
Ok I'm going to give that a go. Do you want to delete this thread?
Sorry for posting in wrong place
It's OK, just please post a link to the article you create in case someone stumbles on this forum page in the future, so he will can check a more up-to-date info in the wiki.
Offline
Side note, I'm pretty sure I'd already added the relevant parts in the Wiki document for LXC containers :
http://wiki.archlinux.org/index.php/Linux_Containers
An explanation of what a Virtual Console is would probably be out of the scope of that particular wiki document though *shrug*
Offline
@delerious010: When I worked through it I felt that the wiki page as it stood was not clear enough to me as a new user of LXC so I made some detailed notes for myself. I added in some background I found out along the way (like the vt stuff) which was never that important before but found a new lease of usefulness with the new scope for using containers. It was suggested on here that I put the info in the wiki and, wanting to contribute something back, I did so. I am also writing a set of "recipies" for specific containers (such as containerising a desktop that runs on one of the host's virtual terminals) which I plan to add as a new "LXC Recipes" wiki page for the benefit of the community. Not wishing to step on anyone's toes let me know if I should do this another way. I'd like to give something back beyond the odd post to a forum but I'd like to do it the right way for the arch community. cheers.
Offline
Hey Starfry,
Oh hell, I don't own the Wiki in any shape or form, so feel free to make any updates you find may be helpful. That Wiki page was really just my attempt at taking notes while I was learning how it worked. Personally though, were I the one adding either a section of specific recipes or additional information on the VT stuff, I'd follow a modular approach and create separate documents for each which I'd link back from within the the Linux Containers document.
But that's just me, and you may have another equally good, or better, way of doing things.
- Jon
Offline