From FedoraProject

< Features(Difference between revisions)
Jump to: navigation, search
(Benefit to Fedora)
(How To Test)
Line 53: Line 53:
  Description=My little container
  Description=My little container
  ExecStart=/usr/bin/systemd-nspawn -jbD /srv/mycontainer 3  
  ExecStart=/usr/bin/systemd-nspawn -jbD /srv/mycontainer 3  

Revision as of 22:05, 17 January 2013


systemd Message Catalog


For a longer time systemd already included the systemd-nspawn tool as a more powerful version of chroot(1), primarily inteded for use in development, debugging, testing and building of software. With Fedora 19 we want to make nspawn considerably more useful, so that it can easily be used to start containers capable of booting up a complete Fedora distribution inside as normal system services.


Current status

  • Targeted release: Fedora 19
  • Last updated: 2012-01-17
  • Percentage of completion: 100%

Detailed Description

systemd-nspawn is already very useful as a development/debugging/testing/building tool for software. With Fedora 19 we to ensure the following things:

  • An unmodified Fedora 19 shall boot up fine inside a systemd-nspawn container
  • systemd-nspawn shall work fine when invoked as a systemd system service
  • The system journal of the container shall be available in the host without fiddling
  • The nspawn container shall be socket-activatable, so that it can be auto-spawning on SSH connections.

Benefit to Fedora

We can more easily test Fedora 19 inside containers in order to ensure it continues to work fine out-of-the-box. This hopefully has the effect that Fedora is and stays bootable in container environments without changes, in the future.

We have a simple to use tool that just works, for development, debugging, testing and building of software.


Primarily only needs changes in systemd upstream.

How To Test

Turn off auditing as it is incompatible with containers. Boot your host with audit=0 on the kernel command line.

Use the following to set up a container:

# yum -y --releasever=19 --nogpg --installroot=/srv/mycontainer --disablerepo='*' --enablerepo=fedora install systemd passwd yum fedora-release

Then, set a root password:

$ sudo systemd-nspawn --capability=cap_audit_control,cap_audit_write -D /srv/mycontainer
# passwd

Now, boot it up, and check that it booted cleanly:

$ sudo systemd-nspawn --capability=cap_audit_control,cap_audit_write -bD /srv/mycontainer 3

And make a service out of it:

# cat > /etc/systemd/systemd/mycontainer.service <<EOF
Description=My little container

ExecStart=/usr/bin/systemd-nspawn -jbD /srv/mycontainer 3 

And start it:

# systemctl daemon-reload
# systemctl start mycontainer

And later on stop it:

# systemctl stop mycontainer

User Experience

It's a tool for developers, hackers, system builders, engineers. Normal users sould never see this.


Nothing really.

Contingency Plan

Nothing. people who don't play with this will never see this.



Release Notes

No need for additions.

Comments and Discussion