Systemd containers with systemd-nspawn and debootstrap

Exploring Linux features is exciting, but it can be risky! I sometimes break my system while testing packages. To mitigate this, I discovered systemd-nspawn with debootstrap. It’s a lightweight container that works well for isolated testing.

In this guide, Debian/Ubuntu users will learn how to get systemd-nspawn up and running in no time.

Installing the pakcages

First things first, we need to install two packages: systemd-container and debootstrap:

sudo apt install systemd-container debootstrap

debootstrap lets you spin up a lightweight Debian/Ubuntu right on your host, and systemd-container utilities such as systemd-nspawn and machinectl manage the OS in a lightweight container.

Creating a virtual machine

Let’s generate a minimal Debian image called debian-testing with the following command:

# `bookworm` is latest debian code name
sudo debootstrap --include=systemd,dbus bookworm /var/lib/machines/debian-bookworm

To install minimal Ubuntu image, run:

# `jammy` is latest Ubuntu LTS codename.
sudo debootstrap --include=systemd,dbus --arch amd64 jammy /var/lib/machines/ubuntu-jammy  http://archive.ubuntu.com/ubuntu

To verify successful installation, run machinectl list-images. Look for debian-testing in the output.

 $ machinectl list-images
NAME            TYPE      RO USAGE CREATED                     MODIFIED
debian-bookworm directory no       Sun 2024-09-22 22:34:02 IST -
ubuntu-jammy    directory no       Sun 2024-09-22 21:53:45 IST -

2 images listed.

Logging into virtual machine

Use the following command to start the debian-bookworm container.

sudo systemd-nspawn -D /var/lib/machines/debian-bookworm # or ubuntu-jammy

Since you’re now inside your virtual machine, let’s set a password for the root user. This will come in handy when you want to manage the container using machinectl.

To swiftly terminate the container, press the Ctrl+] ky combination three times in quick succession while inside the container.

Runnin a graphical application in container

To run graphical apps like Chromium within the container, we need to set up display sharing. First, gracefully shut down the container. Then use this command to establish the container.

xhost local:; sudo systemd-nspawn -E DISPLAY="$DISPLAY" -D /var/lib/machines/debian-bookworm

Now that you’re logged in, it’s time to fire up Chromium! Just type the following commands to install and open it.

apt update
apt install Chromium
chromium --no-sandbox

References

• Tutorial: Systemd: The Adventure Continues. Slides: https://ossna2020.sched.com/event/c47t/tutorial-systemd-the-adventure-continues-lee-elston-the-linux-foundation
• https://wiki.debian.org/nspawn
• https://man7.org/linux/man-pages/man1/systemd-nspawn.1.html
• https://wiki.archlinux.org/title/Systemd-nspawn
• https://man7.org/linux/man-pages/man1/machinectl.1.html
• https://github.com/nspawn/nspawn