This is a real pain to get working, but with some help from the IRC channel #vserver and help from Bertl, AlexanderS, and Guy I managed to get some guest system(s) up.

I'm testing this on a dual core HP Compaq dc7800. It's not very fancy, and I'm using a normal SATA drive for the base buster install, with Grub as a bootloader. No RAID or other fancy stuff.


Base system install.

Download the iso image for debian buster, amd64. I used 10.11. It's worth to know the Debian versions:

  • Debian 11 ("Bullseye") - current stable.
  • Debian 10 ("Buster") - old stable.
  • Debian 9 ("Stretch") – oldoldstable, under LTS
  • Debian 8 ("Jessie") – achived, under prolonged LTS
  • Debian 7 ("Wheezy") – old stable
  • Debian 6.0 ("Squeeze") – old stable

Buster seem to be the latest (as of writing this) with the Vserver packages available, so I started with this. You can check what version you have by

#cat /etc/debian_version

(shows Squeeze). After downloading the CD image, I used graphical installation, and the whole drive for / and swap (1GB swap). I did NOT install a debian desktop environment or print server (uncheck those options), but rather just set it up as a plain ssh server (check "SSH server" and "standard system utilities").

WARNING: A warning on selection of file system for the /vservers directory or partition: do not use XFS if you plan to use 32-bit guest systems, or specify "defaults,inode32" as parameters in fstab. See "Errors when starting a guest vserver".


After booting the server and logging in as root I did the following:

apt-get install mc
mcedit /etc/ssh/sshd_conf

(I kind of grew up with nc so I like to use mc/mcedit as well). Change (to your satisfaction):

PermitRootLogin yes
PubkeyAuthentication yes

(this is because I use putty to ssh to the host later on, and usually I log in as root or the admin user account). You have to restart the service with /etc/init.d/ssh restart.

To use an admin account you could do e.g

apt-get install sudo
 echo "MyAdminAccount ALL = NOPASSWD: ALL">>/etc/sudoers

Then all you have to do, after logging in as "MyAdminAccount" is to do "sudo -s" to get a root  shell.

We need some packages to get started:

apt-get update
apt-get upgrade
apt-get install -y gnupg2
apt-get install curl
apt-get install debootstrap


The new kernel image

Now to install the Benjamin Green' s stuff:

 wget -q -O - | apt-key add -
 echo "deb buster main" | tee /etc/apt/sources.list.d/kernel-psand.list
 apt-get update
 apt-get install linux-image-vserver-4.9-beng linux-headers-vserver-4.9-beng
 apt-get install util-vserver util-vserver-build

Possibly the last line is not needed (see below). To edit/change what kernel to boot with:

mcedit /etc/default/grub


Now reboot the system. When grub bootloader shows up, go in to the submenu "Advanced options for Debian GNU/Linux" and choose the "Debian GNU/Linux, with Linux 4.9.227-vs2.3.9.12-beng" kernel with Vserver support. The above grub config changes will cause your selection to be saved, so next time you reboot it will automatically use your last selection and boot this kernel again.

When at the prompt again, you should be able to check the kernel with uname:

# uname -a
Linux j2dc7800 4.9.227-vs2.3.9.12-beng #1 SMP Thu Sep 3 11:55:45 BST 2020 x86_64 GNU/Linux


Fixing what doesn't work out of the box

The default installation did not work for me. After building and starting a guest, the host's /proc (and /sys and /dev) would get unmounted which of course caused all kind of trouble. If this happen to you, you can always get /proc back (until you have permanently fixed the problem) by "mount -t proc none /proc".

After much fiddling and testing I used AlexanderS' solution to "downgrade" util-vserver (it's not really downgraded but replaced). Alternatively, you can remove systemd from the host, see : "Systemd must also be removed from hosts. With it present the host will lose it's /proc /sys and /dev on host starts or stops.". The link is broken but more information can be found here and here. It might mess up grub so I did not do this.

To "downgrade" (not really) util-vserver:

cd /root
mkdir AlexS
cd AlexS/
dpkg --install *.deb

You also have to patch /usr/share/util-vserver/vserver.functions. Change the for loop (around line 327):

#for i in /etc/init.d/rc /etc/rc.d/rc; do
for i in /etc/init.d/rc /etc/rc.d/rc /lib/init/rc /usr/lib/init/rc; do



You probably have sshd running at the host. You will need to edit the configuration so that sshd, for the host, only listen to port 22 (or whatever) on its own ip.

Edit /etc/ssh/sshd_config of the host and change:

Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress :: something like:

Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
ListenAddress  # not the guests IP! 

Otherwise, if you install sshd on a guest system, you'll end up at the host even if you ssh to the guest from an external computer. This could be very confusing.
Like calling your wife and your mother-in-law answers.

See Linux Vserver FAq "8.2 When I try to ssh to the guest, I log into the host, even if I installed sshd on the guest. What's wrong here?".



To see what versions (and other things of interest) you have, you can issue the command vserver-info. With the installation above, I get

Kernel: 4.9.227-vs2.3.9.12-beng
util-vserver: 0.30.216-pre3126; Feb 24 2016, 18:09:28

The util-vserver shipped with Buster is (as of writing this, 2021-11-02):

util-vserver: 0.30.216-pre3120-1.4+b11

so it doesn't look like we're behind the distribution, though if we look at the github repo it was last updated on 14 Jan 2018. If you want a later util-vserver you'll have to recompile it from the repo, but I don't know what state the systemd support is in so I'm not going to do that. I couldn't find a really good date on Benjamin Green's kernel, but the repository packages file has a date from 18-Aug 2021 so it feels quite recent.


To avoid possible difficulties with apt-get upgrade of util-vserver, you could put relevant packages on hold. Otherwise they might be upgraded and you'll end up with the broken system (possibly with /proc unmounted, see Errors when starting a guest vserver).

To set util-vservers on hold:

apt-mark hold libvserver0
apt-mark hold util-vserver
apt-mark hold util-vserver-build
apt-mark hold util-vserver-core

To see what's on hold:

root@somewhere:/# apt-mark showhold


Creating a guest

Now we should be able to build a guest. I used the following (edit e.g the ip and name "buildbuster642" as you se fit):

vserver buildbuster642 build -n buildbuster642 -m debootstrap --i-know-its-there --context 2000\
--hostname --interface enp0s25: -- -d buster --\
--arch=amd64 --exclude=systemd-sysv,systemd,libsystemd0 --include=cron,sysvinit-core,sysvinit-utils

Beware: the network interface on this machine is called "enp0s25:" and not "eth0:". I used the name "buildbuster642" here.


Starting the guest system on the host

Before starting the guest we need to start a service:

/etc/init.d/vprocunhide restart

Then, finally:

# vserver buildbuster642 start
Using makefile-style concurrent boot in runlevel 3.
Starting enhanced syslogd: rsyslogd.
Starting periodic command scheduler: cron.

# vserver-stat
2000     5 225.9M     0    0m00s00   0m00s00   4m37s97 buildbuster642

Warning: If you forgot to change vserver-util to AlexanderS version, you will see some error(s) that will need some recovery fixing. See Errors when starting a guest vserver.

If you didn't see this error you can continue, and we can now enter the guest with:

# vserver buildbuster642 enter
root@buildbuster642:/# ps
  PID TTY          TIME CMD
13554 pts/0    00:00:00 vcontext
13590 pts/0    00:00:00 bash
13593 pts/0    00:00:00 ps


Adjusting the start-up scripts on the guest

Stopping the guest is a different matter (and sometimes starting). It will try to do all kind of poking around on the hardware, which it can't and thus complain a lot. To reduce the amount of complaining/weird messages, you can edit/remove things from /etc/rc0.d, /etc/rc1.d ... etc. What I got was:

[FAIL] udev requires a mounted sysfs, not started ... failed!
[info] Saving the system clock.
hwclock: Cannot access the Hardware Clock via any known method.
hwclock: Use the --verbose option to see the details of our search for an access method.
[....] Unmounting temporary filesystems...umount: /tmp: must be superuser to unmount.
[....] Deactivating swap...swapoff: Not superuser.
mount: /: permission denied.
[info] Will now restart.
ifdown: shutdown enp0s25: Operation not permitted
[FAIL] startpar: service(s) returned failure: udev .../usr/share/util-vserver/vserver.stop: line 100: 13112 Killed                  "${IONICE_CMD[@]}" "${NICE_CMD[@]}" "${NETNS_CMD[@]}" "${CHBIND_CMD[@]}" "$_VSPACE" --enter "$S_CONTEXT" "${OPTS_VSPACE[@]}" "${OPTS_VSPACE_SHARED[@]}" -- "$_VTAG" --migrate "${OPTS_VTAG_ENTER[@]}" --silent -- $_VCONTEXT $SILENT_OPT --migrate $OPT_VCONTEXT_CHROOT --xid "$S_CONTEXT" -- "${INITCMD_STOP[@]}"


What I did was to remove the following on the guest:

from /etc/rc0.d:

K01brightness  K01udev  K04networking  K05umountfs  K06umountroot  K07halt

from /etc/rc6.d:

K01brightness  K01udev  K04networking  K05umountfs  K06umountroot  K07reboot

from /etc/rcS:
S10brightness S11networking S02udev
S07kmod S10procps

Start up and shut down of the guest then worked as expected.


Starting a guest server at boot

If the host server is rebooted we normally want the guest(s) to also start up. To do so, we first need to verify that vprocunhide and util-vserver is in the host's start up scripts:

ls /etc/rc*.d/ | grep util
ls /etc/rc*.d/ | grep vproc

Then mark the server you want to start at boot (e.g "buildbuster642"):

echo "default" > /etc/vservers/buildbuster642/apps/init/mark


Too small /tmp

On a Buster guest, the /tmp is (as it should) mounted as tmpfs which is a ram disk. Boot persistent tmp files should be in /var/tmp. Anyway, the /tmp is by default restricted to 16M. If you want to remove the limit, do e.g this before starting the guest:

# Remove restriction on tmp
sed -i "s/size=16m,//g"  /etc/vservers/$XNAME/fstab

$XNAME is here the name of the guest (e.g "buildbuster642").


See also

Errors when starting a guest vserver



Add comment

Security code