Shulou(Shulou.com)06/02 Report--

The LXC container runs X Server

The Linux Containers (LXC) project provides a container management tool for operating system-level virtualization on Linux. Most application containers do not need graphical interface, such as FTP, HTTP and other background services. The container can run X desktop environment remotely through ssh,xdmcp. In this case, the container is X Client, and the container does not need to install X Server.

The Linux host system uses Ctrl-Alt-F1 to Ctrl-Alt-F7 to switch between different virtual terminals, in which vt01 to vt06 is the text mode terminal, and vt07 is the X terminal, which generally runs on the virtual terminal 7 (vt07). When you need the container to run X locally, you need to assign another virtual terminal (such as vt09) to the container.

The content of this article is to run X locally in the container, that is, to run container X.

Experimental environment: two complete debian 8 desktop systems, debian-An and debian-B.

1. Manually specify keyboard / mouse input device driver

Start the debian-B system, install the xserver-xorg-input-kbd and xserver-xorg-input-mouse packages, create the / etc/X11/xorg.conf.d/ directory, and create the 10-input.conf file under it, as follows:

#-v--Section "ServerFlags" # prohibits devices from automatically detecting Option "AutoAddDevices", "False" EndSectionSection "ServerLayout" Identifier "Desktop" InputDevice "Mouse0"CorePointer" InputDevice "Keyboard0", "CoreKeyboard" EndSectionSection "InputDevice" Identifier "Keyboard0" Driver "kbd" # Option "XkbLayout"gb" EndSectionSection "InputDevice" Identifier "Mouse0" Driver "mouse" Option "Protocol"auto" Option "Device" / dev/input/mice "Option" ZAxisMapping "4 5 6 7" EndSection#-- ^--

Restart the debian-B system and the keyboard / mouse device is manually specified by the 10-input.conf configuration file.

two。 Configure Container

First shut down the debian-B system, then start the debian-A system and mount the root of the debian-B system to the directory / mnt/sdc1/ of the debian-A system.

The debian-A system acts as the host (hereinafter referred to as the host)

Debian-B system as a container (hereinafter referred to as a container)

Copy the device file from the host to the container root

Root@debian:/home/linlin# cp-a / dev/tty1 / mnt/sdc1/dev/

Root@debian:/home/linlin# cp-a / dev/tty2 / mnt/sdc1/dev/

Root@debian:/home/linlin# cp-a / dev/tty3 / mnt/sdc1/dev/

Root@debian:/home/linlin# cp-a / dev/tty4 / mnt/sdc1/dev/

Root@debian:/home/linlin# cp-a / dev/tty5 / mnt/sdc1/dev/

Root@debian:/home/linlin# cp-a / dev/tty6 / mnt/sdc1/dev/

Root@debian:/home/linlin# cp-a / dev/tty7 / mnt/sdc1/dev/

Root@debian:/home/linlin# cp-a / dev/tty8 / mnt/sdc1/dev/

Root@debian:/home/linlin# cp-a / dev/tty9 / mnt/sdc1/dev/

Root@debian:/home/linlin# cp-a / dev/input / mnt/sdc1/dev

Root@debian:/home/linlin#

Comment out the following line in the container's inittab file

1:2345:respawn:/sbin/getty 38400 tty1

2:23:respawn:/sbin/getty 38400 tty2

3:23:respawn:/sbin/getty 38400 tty3

4:23:respawn:/sbin/getty 38400 tty4

5:23:respawn:/sbin/getty 38400 tty5

6:23:respawn:/sbin/getty 38400 tty6

And add the following lines

1:2345:respawn:/sbin/getty 38400 console

C1:23:respawn:/sbin/getty 38400 tty1

C2:23:respawn:/sbin/getty 38400 tty2

C3:23:respawn:/sbin/getty 38400 tty3

C4:23:respawn:/sbin/getty 38400 tty4

C5:23:respawn:/sbin/getty 38400 tty5

Create a container vm3 with the following config configuration:

Linlin@debian:~$ cat / var/lib/lxc/vm3/config

# # Containerlxc.utsname = vm3#--v-- Project (1) lxc.network.type = vethlxc.network.flags = uplxc.network.link = br0lxc.network.name = eth0lxc.network.mtu = 1500lxc.network.ipv4 = 192.168.0.10According to 6lxc.pts-- lxc.rootfs = / mnt/sdc1lxc.tty = 6lxc.pts = 1024##Capabilitieslxc.cap.drop = mac_adminlxc.cap.drop = mac_overridelxc.cap.drop = sys_adminlxc.cap.drop = Sys_module##Devices#Deny all deviceslxc.cgroup.devices.deny = a#Allow to mknod all devices (but not using them) lxc.cgroup.devices.allow = c *: * mlxc.cgroup.devices.allow = b *: * m#/dev/consolelxc.cgroup.devices.allow = c 5:1 rwm#/dev/fuselxc.cgroup.devices.allow = c 10 but not using them 229 rwm#/dev/nulllxc.cgroup.devices.allow = c 1:3 rwm#/dev/ptmxlxc.cgroup.devices.allow = c 5 : 2 rwm#/dev/pts/*lxc.cgroup.devices.allow = c 136 rwm#/dev/urandomlxc.cgroup.devices.allow * rwm#/dev/randomlxc.cgroup.devices.allow = c 1:8 rwm#/dev/rtclxc.cgroup.devices.allow = c 254 rwm#/dev/rtclxc.cgroup.devices.allow 0 rwm#/dev/ttylxc.cgroup.devices.allow = c 5:0 rwm#/dev/urandomlxc.cgroup.devices.allow = c 1:9 rwm#/dev/zerolxc.cgroup.devices.allow = c 1:5 rwm#--v-- item (2): The # tty9 necessary for the container to start X is vt9lxc.cgroup.devices.allow = c 4:9 rwm#/dev/memlxc.cgroup.devices.allow = C1: 1 rwm#inputlxc.cgroup.devices.allow = c 13rwm#/dev/memlxc.cgroup.devices.allow * rwm#-- ^-- # # Filesystemlxc.mount.entry = proc / mnt/sdc1/proc proc nodev Noexec,nosuid 0 0lxc.mount.entry = sysfs / mnt/sdc1/sys sysfs defaults,ro 0 0

Linlin@debian:~$

Description: container vm3 config configuration is based on the LXC debian template to modify and add (1) (2) items.

3. Container runs X

3.1 start X manually

After launching the container vm3, log in as the root command line, and then enter the command startx-- vt9 to run the X desktop environment on tty9 (that is, vt09).

Debian GNU/Linux vm3 consolevm3 login: root password: root@vm3:~# startx-- vt9

The X desktop environment has been successfully run in the container and can be switched to the host system. Vt7 and vt9 can switch to each other. In the container X desktop environment, you can return to the container console normally.

There is a problem: it's just that the X interface of the container refreshes very slowly, and the X server running is Xorg. I don't know why?

3.2 Auto start X

The gdm of the container vm3 above uses the default configuration, and cannot automatically start X. There is a line in / usr/share/gdm/defaults.conf that reads:

Command=/usr/bin/X-audit 0

That is, specify the X command.

Therefore, you can modify the gdm configuration of the container by adding the following two lines to the host to / mnt/sdc1/etc/gdm/gdm.conf (that is, container / etc/gdm/gdm.conf):

[server-Standard]

Command=/usr/bin/X vt09-audit 0

Test:

Root@vm3:~# / etc/init.d/gdm stopStopping GNOME Display Manager: gdm.root@vm3:~# / etc/init.d/gdm startStarting GNOME Display Manager: gdm.root@vm3:~#

Started X normally and entered the desktop environment.

After the host starts the container, it can start X.

Root@debian:/home/linlin# lxc-start-n vm3-droot@debian:/home/linlin#

Now start the container with lxc-start and automatically switch to container X (that is, vt9). Press + + to switch back to vt7 (host X), and vt7 and vt9 can switch between each other.

Click the shutdown button in the container X desktop environment to close the container normally.

The gdm configuration (i.e. / mnt/sdc1/etc/gdm/gdm.conf) is as follows:

# GDM Custom Configuration file. [daemon] [security] [xdmcp] [gui] [greeter] [chooser] [debug] [servers] #-- the X command command has more vt09 parameters than the default [server-Standard] command=/usr/bin/X vt09-audit 0strings-^--

Note: there is an article that setting gdm to FirstVT=9 and VTAllocation=false can automatically start X to vt9, but it is not valid after testing. The result of debugging container gdm is that the value vt09 of FirstVT is not passed to the X command parameter. I don't know why?

4.Xvesa

Because the container uses Xorg's X interface to refresh very slowly, Xvesa can be used instead of Xorg.

Debian does not provide a separate Xvesa software package, but can copy the executable binary Xvesa on the lightweight distribution SliTaz system to the container vm3, namely / mnt/sdc1/usr/bin/Xvesa

After starting the container vm3, log in as the root command line and enter a long command

Debian GNU/Linux vm3 consolevm3 login: root password: root@vm3:~# startx-/ usr/bin/Xvesa-ac-shadow-screen 1024x768x24-keybd keyboard-mouse mouse,5,/dev/input/mice-- vt9

When startx starts X, it will also start the window manager. It has successfully run the X desktop environment in the container and can move the mouse and keyboard input normally, but it is unable to switch between vt7 and vt9. Fortunately, after canceling the container user, you can return to the host container console.

The X interface of Xvesa refreshes normally and will not be very slow.

Description: using Xvesa, there is no need to change the gdm configuration, do not install xserver-xorg-input-kbd and xserver-xorg-input-mouse packages.

5. Safety

Because the container must be allowed to access / dev/mem to use X, so there is a security risk, so do not run X. That is, in the container config configuration, even if the container installs X, it cannot start X as long as the following is not configured.

# / dev/memlxc.cgroup.devices.allow = c 1:1 rwm

In general, LXC templates are not configured with access / dev/mem.

(attached: LXC container graphics front end fglxc-ver0.0.9.zip source code download address http://u.163.com/xtfcsdnT extraction code: lAPs2V9m)

This article is migrated from the original NetEase.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.