Quoting Ivan Vilata i Balaguer (i...@selidor.net):
> Serge Hallyn (2012-02-10 16:05:19 +0100) wrote:
>
> > Quoting Ivan Vilata i Balaguer (i...@selidor.net):
> >> Serge Hallyn (2012-02-09 19:30:29 +0100) wrote:
> >>
> >> > Quoting Ivan Vilata i Balaguer (i...@selidor.net):
> >> >> Hi all. I'm running Debian's LXC 0.7.5 under Linux 3.2.0. I've set up
> >> >> a shared mountpoint to dynamically export some host directories into one
> >> >> container, like this::
> >> >>
> >> >> # mkdir -p /lxc-shared
> >> >> # mount --bind /lxc-shared /lxc-shared
> >> >> # mount --make-unbindable /lxc-shared
> >> >> # mount --make-shared /lxc-shared
> >> >
> >> > (I should think more before answering, but ...)
> >> >
> >> > What if you do 'mount --make-rslave /lxc-shared' here? That should
> >> > prevent the container's mount actions from being forwarded to the
> >> > host.
> >>
> >> Thanks for the suggestion! That does prevent a starting container from
> >> unmounting bind mounts under /lxc-shared in the host, *however* it also
> >> renders (un)mounts performed after the --make-rslave invisible to any
> >> container which had access to the directory. E.g. imagine myvm has a
> >
> > Right, this was a quick test. What you actually want to do is leave the
> > mount shared on the host, and have the container startup turn it into a
> > slave mount. I'm not sure offhand what would be the best time to do this,
> > but one thing you could do is use a wrapper around lxc-start like:
> >
> > mv /usr/bin/lxc-start /usr/bin/lxc-start.real
> >
> > cat > /usr/bin/lxc-start.mid << EOF
> > mount --make-unbindable /lxc-shared
> > mount --make-shared /lxc-shared
Oops, this isn't right. I think I just meant
cat > /usr/bin/lxc-start.mid << EOF
mount --make-rslave /lxc-shared
exec /usr/bin/lxc-start.real $*
EOF
> > exec /usr/bin/lxc-start.real $*
> > EOF
> >
> > cat > /usr/bin/lxc-start << EOF
> > lxc-unshare -s MOUNT -- /usr/bin/lxc-start.mid $*
> > EOF
> >
> > chmod ugo+x /usr/bin/lxc-start{,.mid}
> >
> > You can probably do this through /var/lib/lxc/<container>/fstab entries,
> > but it would take some tweaking. We could also add support for this
> > in the lxc config files. I think it's a common enough request that it'd
> > be worth doing.
>
> Well, I'm actually trying on the host to mount and unmount file systems
> I don't know beforehand *while myvm is running* under subdirectories in
> /lxc-shared,
You've lost me here (I don't understand what you're saying), but
> but running myvm through the scripts you suggest creates a
> new namespace so that myvm no longer sees mounts done by the host.
Note that you're still supposed to do
mount --bind /lxc-shared /lxc-shared
mount --make-shared /lxc-shared /lxc-shared
at host boot. Then creating a new namespace shouldn't stop myvm from
seeing new mounts done by the host. The reason I was creating that new
namespace was so that the mount --make-rslave wouldn't happen in the
host's namespace.
But in any case, like I say I think it'd be worth adding explicit
support through the config file for this.
thanks,
-serge
------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
