Run CentOS 7 LXC container inside Debian Jessie

When I installed Debian 8 (Jessie), I hoped to be able to run Centos 7 containers easily. I would be disappointed. First, I had to find how to tell LXC to install Centos 7 and not Centos 6, which was the default. Then, well, it didn't worked out of the box, mainly because systemd inside systemd is kind of a hack at the moment. And then, I was not able to log inside it.

First things first

To give an argument to a template via lxc-create, you need to add "--" at the end of the lxc-create command. The next dashes are the real arguments. To create a Centos 7 container, you'll end up with the following command :
lxc-create -n smtp -t centos -- --release 7


In the common config of Centos in Debian 8, that you can find at /usr/share/lxc/config/centos.common.conf, there are some mistakes. You need to add some capabilities, by removing setfcap and setpcap from the lxc.cap.drop list. In the end you should end up with something like :

lxc.cap.drop = mac_admin mac_override
lxc.cap.drop = sys_module sys_nice sys_pacct
lxc.cap.drop = sys_rawio sys_time

This file is part of the lxc package on Debian, so it may be overridden by an update, you should keep an eye on that. IMO, it should be fixed upstream, maybe I could open a BR, but I'm not sure where.

Then, you will need to add two lines if they are missing in the config file of your container, for example /var/lib/lxc/smtp/config :

lxc.autodev = 1
lxc.kmsg = 0


Once your container is started in daemon mode with lxc-start -n smtp -d, you will want to use it ... but lxc-console won't work, you will have a blank screen, not sure why. Anyway there is a simple workaround: lxc-attach -n smtp .


You can now enjoy the many things CentOS can do for you. Like FreeIPA to build a "at home" fully functional mail service, with LDAP, Kerberos, Postfix and Dovecot =)
Maybe I'll write about that someday.