Making this work requires a bit of extra effort to get it to a nice point.
Essentially we are aiming for a container that:
- Can be worked properly using
machinectl - Can be logged into without having to type passwords (obviously don't do this if you expose it publically)
This guide assumes you run your networking with systemd-networkd - if you don't, you will need to sort out container networking yourself.
Check you aren't using network-manager with
systemctl status network-manager
If it says enabled - you are using Network Manager
First - everything here will need to happen as root, so make things easy
sudo su
You will need two packages
apt install debootstrap systemd-containerd
Then start to build a new root machine
debootstrap --include=systemd-container,dbus --components=main,universe xenial /var/lib/machines/xenial http://archive.ubuntu.com/ubuntu/
The Arch wiki has good documentation
but misses the dbus required package. systemd will not work happily inside the container without it.
Once finished
systemd-nspawn -D /var/lib/machines/xenial
This should put you into the container. If it doesn't - stop and fix that first, you might bone your machine if you continue.
Debian distros don't like root not having a password, so
passwd
Enable the networking daemons
systemctl enable systemd-networkd
systemctl enable systemd-resolved
The old securetty file is a royal PITA due to its expectation of physical terminals. Remove it to disable its capability.
rm /etc/securetty
If you are worried about the implications, see this post from Poettering on why its pointless here.
Then exit your container with exit or press ] three times
You should now be able to start the container with
machinectl start xenial
And login with
machinectl shell root@xenial /bin/bash