Package:lxc Version:0.9.0~alpha3-2+deb8u1
Hello, I have had my hosts filesystem mounted read-only after the last container stopped. This is very annoying as you can't do much which it anymore (e.g. not starting a new container etc.). After some searching I found: - It is the guest (in the container) who does a remount on the guests root. mount -o remount,ro / (in /etc/init.d/umountroot) - This remount propagates "back" to the host. If there are files open for writing on the host filesystem the remount fails. So this is the reason why it only happens after the last container closes. And many users may not even take notice of the problem when running lxc somewhere on the hosts root filesystem which is always busy. - Thinking in terms of guest isolation this is a nightmare, of course. - Since some time the kernel provides slave mounts and there has been an interesting discussion whether this can be used to isolate the guest. Obviously it can't. (And the question arose, whether this is a kernel issue. Seems a remount does not count as a mount operation.) See: https://lists.linuxcontainers.org/pipermail/lxc-users/2011-July/002309.html - There is a trick to solve the problem: lxc-start creates and holds a file open for writing in order to prevent the remount ("pinning"). Unfortunatedly is releases it too early so the intention is missed. - I have found a patch for Ubuntu which addresses this issue. https://lists.linuxcontainers.org/pipermail/lxc-devel/2013-September/005165.html It does not apply to Debians lxc 0.9.0~alpha3-2+deb8u1 but contains only four small changes in src/lxc/start.c. Here is my patch for Debians lxc. Markus
close_pinfd_on_stop
Description: Binary data