7
edits
Changes
no edit summary
</pre>
===Edit VE config===
Add the following to the <code>/etc/vz/conf/777.conf</code>:
<pre>
DISTRIBUTION="gentoo"
===Make /etc/mtab a symlink to /proc/mounts===
The VE root filesystem is mounted by the host system, not the guest -- and therefore root fs will not appear in /etc/mtab. It will lead to df command a non-workingdf command.
<pre>
rm -f /vz/private/777/etc/mtab
ln -s /proc/mounts /vz/private/777/etc/mtab
</pre>
After replacing <code>/etc/mtab </code> with a symlink to <code>/proc/mounts</code>, you will always have up-to-date information of what is mounted in <code>/etc/mtab</code>.
===Edit Replace /etc/fstab===
<pre>
</pre>
We need only <code>/proc</code> to be mounted at the boot time.
===Edit /etc/inittab===
Edit <code>/vz/private/777/etc/inittab</code>, putting and put a hashmark hash mark (#) before at the beginning of the lines containing:
<pre>c?:1235:respawn:/sbin/agetty 38400 tty? linux</pre>
This prevents from starting <code>getty</code> and login from starting on ttys that does do not exist in VEs.
===Edit /etc/shadow===
Edit <code>/vz/private/777/etc/shadow</code>, and change root's password in the first line to an exclamation mark (!):
<pre>root:!:10071:0:::::</pre>
This will disable the root login until the password is changed with <code>vzctl set VEID --userpasswd root:password</code>.
===Disable unneeded init scripts===
===Edit /sbin/rc===
<pre># try mount -n ${mntcmd:--t sysfs sysfs /sys -o noexec,nosuid,nodev}</pre>
This prevents the VE from attempting to mount <code>/sys</code>.
To ensure that these changes arenthis change isn't automatically overwritten on update, add the following to <code>/vz/private/777/etc/make.conf</code>:
<pre>CONFIG_PROTECT = /sbin/rc</pre>
===Set up udev===
<div class="previewnote"><p><strong>NOTE: udev-state does not exists anymore!! ../lib/udev/state and ../lib/udev/devices are empty directories now... maybe someone knows how to handle it the right way?</strong></p></div>
</pre>
You can check running services.:
<pre>
</pre>
All services in boot and default runlevels must be started. If everything all right, stop itthe VE:
<pre>
</pre>
===Make Making distfiles and portage tree of the host system available in a VE===
{{Warning|This step is optional and will result in shared files between VEs! These steps can save space on disk but trade isolation and security... consider your options carefully!}}
To install software into a VE with portage , you should mount <code>/usr/portage </code> into the VE with the "bind" option. Do this the following on the host after the VE startsis started:
<pre>
</pre>
If your <code>/usr/portage/distfiles placed </code> directory resides on the other a different partition than your <code>/usr/portage</code> directory, dothe following:
<pre>
</pre>
Now, to install a package into a VE , you just need to enter there by the VE using <code>vzctl enter</code> and run
<pre>
while you have all the needed files in the <code>/usr/portage/distfiles</code> of host system.
For security reasons hold this , you should have these directories mounted only while you are installing software into a VE.
{{Note|you have to <code>umount /vz/root/777/usr/portage/distfiles</code> before trying to stop your VE.}}
===Create the template cache file===
<pre>
</pre>
===Test the new template cache file=== Create a new VE from the template file:
<pre>
</pre>
If the VE was created successfully, try to start it:
<pre>