[SailfishDevel] Enable container namespace features in sailfish OS kernel

Thilo Fromm sailfish at thilo-fromm.de
Wed Dec 10 16:50:28 UTC 2014


I'd like to use systemd-nspawn on the Jolla phone. Since many
distributions offer ARM images I think this would be an awesome
developer feature.
systemd-nspawn is already available in the default image but the
Sailfish kernel lacks some namespace features in order to run
containers. Even though CONFIG_NAMESPACES is 'y' the following features
are missing:

Consequently, when I try to run e.g. the Fedora ARM image I get:

[root at Jolla containers]# systemd-nspawn --read-only -bD \
The kernel auditing subsystem is known to be incompatible with
containers. Please make sure to turn off auditing with 'audit=0' on the
kernel command line before using systemd-nspawn. Sleeping for 5s...
Spawning namespace container on
(console is /dev/pts/4).
clone() failed, do you have namespace support enabled in your kernel?
(You need UTS, IPC, PID and NET namespacing built in): Invalid argument

The "kernel auditing" can be worked around (it's thee reason nspawn
sleeps for a few seconds) but the missing namespace features seem to be
a deal breaker.

Here are the steps to reproduce what I did:

1. Download Fedora ARM image from


2. Unpack
   xz -d Fedora-Minimal-armhfp-21_Beta-4-sda.raw.xz

3. use fdisk to grok offset of the third partition for loop-mounting:
   Fedora-Minimal-armhfp-21_Beta-4-sda.raw3  1251328

4. loop-mount the partition:
   mkdir Fedora-Minimal-armhfp-21_Beta-4-sda
   mount -o loop,offset=$((1251328*512)) \
	Fedora-Minimal-armhfp-21_Beta-4-sda.raw \

5. Use systemd-nspawn to start the image in a container:
   systemd-nspawn --read-only -bD Fedora-Minimal-armhfp-21_Beta-4-sda

I failed at 5.


More information about the Devel mailing list