How to Background a Systemd-nspawn Container

background-processsystemd-nspawn

I use systemd-nspawn to run a few containers. I can have them started in the background using systemctl start systemd-nspawn@foo. On occasion, however, I start with systemd-nspawn -bD foo. I couldn't find any way to send it to the background. Closing the terminal just kills the container as machinectl list shows. Can I do so, and if so, how?

I understand a container is much more than a single process, but in this sense, the expected effect is the same as backgrounding a process – I want the container running, but my original shell given back to me.

Best Answer

Ok, so, for what it's worth, the following was successful for me:

sudo systemd-nspawn -bxD/

Practically identical to yours, except I don't give the machine a name and I get an -x ephemeral btrfs snapshot of my / for the container's root.

That brought up the container's getty on my terminal's pty and I logged in to login and all.

I confess I was a bit stumped for a little while, but after a little poking at systemctl in the container w/ zsh <tab> completion I came up with (run from within the container):

systemctl stop console-getty.service

==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to manage system services or other units.
Authenticating as: mikeserv
Password:
==== AUTHENTICATION COMPLETE ===

Which got the machine to surrender its terminal control. The only thing is, I started that with sudo - which also gets its own layer of terminal control to authenticate in the first place. This left me with a blank terminal, and no amount of kill -CONT "$(pgrep ksh)" was doing me any good. And so I was again stumped for a moment or two, but (in another terminal)...

sudo fuser -v /dev/pts/*

                     USER        PID ACCESS COMMAND
/dev/pts/0:          mikeserv   8347 F.... zsh
                     root      18003 F.... sudo
/dev/pts/13:         mikeserv   9553 F.... zsh
                     mikeserv  16838 F.... ksh
                     root      17657 F.... sudo
                     root      17658 F.... systemd-nspawn
/dev/pts/14:         root      17675 F.... systemd

Gave me the above list, and so I thought - what the hell?

sudo kill -STOP 17657

And - lo and behold - I had ksh back in the original terminal. To wrap it up, I needed to verify I could still access the machine, though, of course, else it would be useless:

machinectl -l

MACHINE                    CLASS     SERVICE
localhost-35ceaa76b1306897 container nspawn

Ok...

sudo machinectl login localhost-35ceaa76b1306897

Connected to machine localhost-35ceaa76b1306897. 
Press ^] three times within 1s to exit session.

Arch Linux 4.0.7-2-ARCH (pts/0)

localhost-35ceaa76b1306897 login:

And I got another getty on another terminal!

Related Solutions

Why does “su -c &” seemingly allow a command to run in the background without hanging up

There are several ways a process might be killed because of a dying terminal.

The first way is that the terminal driver in the kernel sends a SIGHUP signal to the controlling process for which the terminal is the controlling terminal. In most cases, the controlling process is the shell that is initially started in the terminal, and its controlling terminal is the one that its stdin, stdout and stderr are connected to. A process becomes disconnected from the controlling terminal if it calls setsid.
The second way is that the shell, when it receives SIGHUP, re-sends that signal to its subprocesses — more precisely, to its background jobs. Some shells (ksh, bash, zsh) have a disown builtin to tell the shell not to send a SIGHUP to a particular job.
If the terminal goes away and a program tries to read from it, it is notified of an end-of-file condition (or possibly EIO for a background job). If the terminal goes away and a program tries to write to it, the write returns with an EIO error. These might cause the program to exit.

So what su changes here is that (2) would normally cause the initial shell to kill the background job, but since that background process is running as a different user, the signal cannot be delivered, and the background process lives on.

Access usb device from systemd-nspawn container

systemd-nspawn handles permissions for devices through cgroups. By default, any container is granted with permissions only for common devices like /dev/null, /dev/zero, etc, and additionally to any device passed directly to --bind argument like --bind=/dev/vcs. This won't work with USB because /dev/bus/usb is a directory.

To grant permission for currently running container named my_container (supposedly you started it with systemd-nspawn directly from command line) execute as root:

$ echo 'c 189:* rwm' > \
 /sys/fs/cgroup/devices/machine.slice/machine-my_container/devices.allow

c 189:* rwm means read write modify permissions for any character device with type (identificator) 189 and any subtype. You can find type and subtype of device with file:

$ file /dev/bus/usb/002/002

This permission will only last while container is running.

If you are using systemd-nspawn@.service or want to persist permissions with it, create

/etc/systemd/system/systemd-nspawn@.service.d/override.conf

/etc/systemd/system/systemd-nspawn@my_container.service.d/override.conf

(depending on whether you want access to USB from any systemd-nspawn container or only from my_container correspondingly) with the following content:

[Service]
DeviceAllow=char-usb_device rwm

usb_device is an alias. You can find other in /proc/devices.

Best Answer

Related Solutions

Why does “su -c &” seemingly allow a command to run in the background without hanging up

Access usb device from systemd-nspawn container

Related Question