[SailfishDevel] Enable container namespace features in sailfish OS kernel

Thilo Fromm sailfish at thilo-fromm.de
Wed Dec 10 16:50:28 UTC 2014 

Hello,

I'd like to use systemd-nspawn on the Jolla phone. Since many
distributions offer ARM images I think this would be an awesome
developer feature.
systemd-nspawn is already available in the default image but the
Sailfish kernel lacks some namespace features in order to run
containers. Even though CONFIG_NAMESPACES is 'y' the following features
are missing:
 CONFIG_UTS_NS
 CONFIG_IPC_NS
 CONFIG_PID_NS
 CONFIG_NET_NS

Consequently, when I try to run e.g. the Fedora ARM image I get:

[root at Jolla containers]# systemd-nspawn --read-only -bD \
				Fedora-Minimal-armhfp-21_Beta-4-sda
The kernel auditing subsystem is known to be incompatible with
containers. Please make sure to turn off auditing with 'audit=0' on the
kernel command line before using systemd-nspawn. Sleeping for 5s...
Spawning namespace container on
/media/sdcard/a1471002-ecc9-4bed-9beb-a5092113fe1f/data/containers/Fedora-Minimal-armhfp-21_Beta-4-sda
(console is /dev/pts/4).
clone() failed, do you have namespace support enabled in your kernel?
(You need UTS, IPC, PID and NET namespacing built in): Invalid argument


The "kernel auditing" can be worked around (it's thee reason nspawn
sleeps for a few seconds) but the missing namespace features seem to be
a deal breaker.


Here are the steps to reproduce what I did:

1. Download Fedora ARM image from

http://download.fedoraproject.org/pub/fedora/linux/releases/test/21-Beta/Images/armhfp/Fedora-Minimal-armhfp-21_Beta-4-sda.raw.xz

2. Unpack
   xz -d Fedora-Minimal-armhfp-21_Beta-4-sda.raw.xz

3. use fdisk to grok offset of the third partition for loop-mounting:
   ...
   Fedora-Minimal-armhfp-21_Beta-4-sda.raw3  1251328

4. loop-mount the partition:
   mkdir Fedora-Minimal-armhfp-21_Beta-4-sda
   mount -o loop,offset=$((1251328*512)) \
	Fedora-Minimal-armhfp-21_Beta-4-sda.raw \
	Fedora-Minimal-armhfp-21_Beta-4-sda

5. Use systemd-nspawn to start the image in a container:
   systemd-nspawn --read-only -bD Fedora-Minimal-armhfp-21_Beta-4-sda

I failed at 5.

Regards,
Thilo

More information about the Devel mailing list