Install most basic Debian Jessie container for use as a template for LXC or similar

To create a most basic Debian Jessie container, you can follow these steps:

mkdir jessie
cd jessie
mkdir rootfs
cd rootfs/
debootstrap jessie .
chroot .

You should not forget to set the root password as it is good to have a known value later.

Now that we are within the container, we can configure the most basic settings that we will need for all containers:

tasksel --task-packages standard | xargs apt-get install -y
dpkg-reconfigure locales

Here I am usually generating


and set the default to en_US.UTF-8 .

To get the full repository contents, you should change your repository sources to look as below:

deb jessie main contrib non-free
deb jessie/updates main contrib non-free

and then do an aptitude update .

You should also install an SSH server by entering

aptitude install openssh-server

Enable root logins via SSH by changing one line in its configuration:

PermitRootLogin yes

Unfortunately systemd is not yet working easily with LXC, so it should be replaced by the old sysvinit:

aptitude install sysvinit-core
dpkg -P systemd

Edit initial DNS resolver configuration so it looks like this:

nameserver ip.of.your.namserver

Then also configure the main network interface configuration:

auto eth0
iface eth0 inet static

iface eth0 inet6 static
        address 2001:aaaa:bbbb:0168::2
        netmask 64
        gateway 2001:aaaa:bbbb:0168::1

Replace /etc/inittab with the following short version which is enough for a container:

l0:0:wait:/etc/init.d/rc 0
l1:1:wait:/etc/init.d/rc 1
l2:2:wait:/etc/init.d/rc 2
l3:3:wait:/etc/init.d/rc 3
l4:4:wait:/etc/init.d/rc 4
l5:5:wait:/etc/init.d/rc 5
l6:6:wait:/etc/init.d/rc 6
1:2345:respawn:/sbin/getty --noclear 38400 console
p0::powerfail:/sbin/init 0
p6::ctrlaltdel:/sbin/init 6

Should the network not come up automatically, you can set the IP address in the config file of the container:

After a first start, you should also configure the mail server so it can send all system mail to your main mail server:

dpkg-reconfigure exim4-config

and answer all the questions.

Shut the machine down again, cleanup all the log files and make a copy which you can then use as your template for further containers.

Remotely disabling Firewall of Mac OS X

I just happened to be unable to log in to my Mac using ScreenSharing (VNC). It is enabled, but probably the firewall is asking if ScreenSharing should be allowed to receive incoming connections… Bummer!

If at least SSH is working, it is possible to disable the firewall completely from the command line. Please be sure to only do this in a secured environment:

sudo defaults write /Library/Preferences/ globalstate -int 0

After this you will have to restart the firewall agent:

sudo launchctl unload /System/Library/LaunchDaemons/
sudo launchctl load /System/Library/LaunchDaemons/

You should now be able to use ScreenSharing.

Do not forget to re-enable the firewall again after you have finished your work, same procedure, but with 1 instead of 0, of course 🙂

To enable ScreenSharing in general, please read this older post: Activate screen sharing on Mac OS X when you only have SSH enabled