2969
Comment:
|
3013
reword note about distros without mmdebstrap
|
Deletions are marked like this. | Additions are marked like this. |
Line 18: | Line 18: |
Note: Fedora/Arch users may install and use debootstrap instead of mmdebstrap | /!\ Users of distributions that do not include apt and mmdebstrap, can install and use debootstrap instead of mmdebstrap. |
Contents
See nspawn for more details of configuring systemd-nspawn containers. See Arch Linux specific tips if you have Arch Linux as host machine. For clean builds, you can install sbuild inside your container or setup sbuild on host and use the shared home option to access packaging files.
Install required packages and enable networking service
Install systemd-container and mmdebstrap packages
sudo apt install systemd-container mmdebstrap
Setup the root filesystem using mmdebstrap
sudo mmdebstrap --include=systemd-container,auto-apt-proxy,sudo unstable /var/lib/machines/debian-sid
Users of distributions that do not include apt and mmdebstrap, can install and use debootstrap instead of mmdebstrap.
Optional: If you already have apt-cacher-ng setup, then speed up the setup by running
sudo auto-apt-proxy mmdebstrap --include=systemd-container,auto-apt-proxy,sudo unstable /var/lib/machines/debian-sid
Enable systemd-networkd
sudo systemctl enable systemd-networkd sudo systemctl start systemd-networkd
Start the container
Create /var/lib/machines/debian-sid.nspawn and add the following lines
[Exec] Boot=yes PrivateUsers=no PrivateUsersChown=no [Files] Bind=/home/<username> [Network] VirtualEthernet=yes
See man 5 systemd.nspawn for more options you can add to this file.
sudo machinectl start debian-sid
To stop the container, run:
sudo machinectl stop debian-sid
See man machinectl for more options.
Use the container (get a shell inside container)
You can get a shell inside the container with the following command,
sudo machinectl shell debian-sid
Switch to normal user for packaging (Basic thumb rule of security: never use root user when you can do something as a normal user). You will need to crate this user first, see below for creating a normal user.
# su - <username>
Configure the container (add normal user and networking)
Create a normal user with sudo access (so you can get root access for specific commans with sudo - alternatively, you can exit from su for root shell)
root@debian-sid:~# adduser <username> root@debian-sid:~# adduser <username> sudo
Enable systemd-networkd inside the container,
root@debian-sid:~# sudo systemctl enable systemd-networkd
Optional: Setup hostname in /etc/hostname (use your favorite editor). This avoids confusing the container shell with host shell (if we don't set this, hostname of the host system will be used as hostname of the container as well).
debian-sid
and /etc/hosts
pravi@debian-sid:~$ cat /etc/hosts 127.0.0.1 localhost debian-sid ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters