[pve-devel] [PATCH container/docs/manager 0/3] document that systemd requires LXC nesting

[pve-devel] [PATCH container/docs/manager 0/3] document that systemd requires LXC nesting

[Robert Obkircher]

Updates docs and API schema.

The new onlineHelp link is not ideal, because it requires scrolling 
down a bit to the features section of the options. Would it make sense
to make it possible to link there directly?

pve-docs:

Robert Obkircher (1):
  fix #6897: document that systemd requires LXC nesting

 pct.adoc | 1 +
 1 file changed, 1 insertion(+)


pve-container:

Robert Obkircher (1):
  fix #6897: document that systemd requires nesting

 src/PVE/LXC/Config.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


pve-manager:

Robert Obkircher (1):
  fix #6897: ui: add onlineHelp to lxc/FeaturesEdit

 www/manager6/lxc/FeaturesEdit.js | 1 +
 1 file changed, 1 insertion(+)


Summary over all repositories:
  3 files changed, 3 insertions(+), 1 deletions(-)

-- 
Generated by git-murpp 0.8.1


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH pve-docs 1/1] fix #6897: document that systemd requires LXC nesting

[Robert Obkircher]

Signed-off-by: Robert Obkircher <r.obkircher@proxmox.com>
---
 pct.adoc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pct.adoc b/pct.adoc
index d6146eb..9276555 100644
--- a/pct.adoc
+++ b/pct.adoc
@@ -358,6 +358,7 @@ General settings of a container include
 * *SSH Public Key*: a public key for connecting to the root account over SSH
 * *Unprivileged container*: this option allows to choose at creation time
   if you want to create a privileged or unprivileged container.
+* *Nesting*: expose procfs and sysfs to allow nested containers. Note that systemd also uses this to isolate services.
 
 Unprivileged Containers
 ^^^^^^^^^^^^^^^^^^^^^^^
-- 
2.47.3



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] [PATCH pve-docs 1/1] fix #6897: document that systemd requires LXC nesting

[Shannon Sterz]

On Wed Oct 22, 2025 at 12:03 PM CEST, Robert Obkircher wrote:
> Signed-off-by: Robert Obkircher <r.obkircher@proxmox.com>
> ---
>  pct.adoc | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/pct.adoc b/pct.adoc
> index d6146eb..9276555 100644
> --- a/pct.adoc
> +++ b/pct.adoc
> @@ -358,6 +358,7 @@ General settings of a container include
>  * *SSH Public Key*: a public key for connecting to the root account over SSH
>  * *Unprivileged container*: this option allows to choose at creation time
>    if you want to create a privileged or unprivileged container.
> +* *Nesting*: expose procfs and sysfs to allow nested containers. Note that systemd also uses this to isolate services.
>
>  Unprivileged Containers
>  ^^^^^^^^^^^^^^^^^^^^^^^

LGTM!

Reviewed-by: Shannon Sterz <s.sterz@proxmox.com>



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH pve-container 1/1] fix #6897: document that systemd requires nesting

[Robert Obkircher]

Signed-off-by: Robert Obkircher <r.obkircher@proxmox.com>
---
 src/PVE/LXC/Config.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/PVE/LXC/Config.pm b/src/PVE/LXC/Config.pm
index 5d3749e..bea09ef 100644
--- a/src/PVE/LXC/Config.pm
+++ b/src/PVE/LXC/Config.pm
@@ -445,7 +445,7 @@ my $features_desc = {
         description => "Allow nesting."
             . " Best used with unprivileged containers with additional id mapping."
             . " Note that this will expose procfs and sysfs contents of the host"
-            . " to the guest.",
+            . " to the guest. That is also required by systemd to isolate services.",
     },
     keyctl => {
         optional => 1,
-- 
2.47.3



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] [PATCH pve-container 1/1] fix #6897: document that systemd requires nesting

[Shannon Sterz]

On Wed Oct 22, 2025 at 12:03 PM CEST, Robert Obkircher wrote:
> Signed-off-by: Robert Obkircher <r.obkircher@proxmox.com>
> ---
>  src/PVE/LXC/Config.pm | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/PVE/LXC/Config.pm b/src/PVE/LXC/Config.pm
> index 5d3749e..bea09ef 100644
> --- a/src/PVE/LXC/Config.pm
> +++ b/src/PVE/LXC/Config.pm
> @@ -445,7 +445,7 @@ my $features_desc = {
>          description => "Allow nesting."
>              . " Best used with unprivileged containers with additional id mapping."
>              . " Note that this will expose procfs and sysfs contents of the host"
> -            . " to the guest.",
> +            . " to the guest. That is also required by systemd to isolate services.",

nit: imo "This" would be more appropriate here than "That"

>      },
>      keyctl => {
>          optional => 1,

Other than that small nit above:

Reviewed-by: Shannon Sterz <s.sterz@proxmox.com>


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH pve-manager 1/1] fix #6897: ui: add onlineHelp to lxc/FeaturesEdit

[Robert Obkircher]

Signed-off-by: Robert Obkircher <r.obkircher@proxmox.com>
---
 www/manager6/lxc/FeaturesEdit.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/www/manager6/lxc/FeaturesEdit.js b/www/manager6/lxc/FeaturesEdit.js
index 271f1cc3..765805bf 100644
--- a/www/manager6/lxc/FeaturesEdit.js
+++ b/www/manager6/lxc/FeaturesEdit.js
@@ -1,6 +1,7 @@
 Ext.define('PVE.lxc.FeaturesInputPanel', {
     extend: 'Proxmox.panel.InputPanel',
     xtype: 'pveLxcFeaturesInputPanel',
+    onlineHelp: 'pct_options',
 
     // used to save the mounts fstypes until sending
     mounts: [],
-- 
2.47.3



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] [PATCH pve-manager 1/1] fix #6897: ui: add onlineHelp to lxc/FeaturesEdit

[Shannon Sterz]

On Wed Oct 22, 2025 at 12:03 PM CEST, Robert Obkircher wrote:
> Signed-off-by: Robert Obkircher <r.obkircher@proxmox.com>
> ---
>  www/manager6/lxc/FeaturesEdit.js | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/www/manager6/lxc/FeaturesEdit.js b/www/manager6/lxc/FeaturesEdit.js
> index 271f1cc3..765805bf 100644
> --- a/www/manager6/lxc/FeaturesEdit.js
> +++ b/www/manager6/lxc/FeaturesEdit.js
> @@ -1,6 +1,7 @@
>  Ext.define('PVE.lxc.FeaturesInputPanel', {
>      extend: 'Proxmox.panel.InputPanel',
>      xtype: 'pveLxcFeaturesInputPanel',
> +    onlineHelp: 'pct_options',
>
>      // used to save the mounts fstypes until sending
>      mounts: [],

LGTM!

Reviewed-by: Shannon Sterz <s.sterz@proxmox.com>


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel