[Lxc-users] notes on the /var/lib/lxc-becomes-readonly problem
During my testing I ran back into the issue of lxc-stop marking /var/lib/lxc read-only. So here is the deal. When a container shuts down, it tries to remount its / readonly. That doesn't work if the mount is busy (i.e. a file is held open for write). If /var/lib/lxc is on the same fs as '/', or if a second container is running, you'll see mount: / is busy on the console, and /var/lib/lxc won't be set to readonly. But if you create a new fs and mount it onto /var/lib/lxc, and start only a single container there, then /var/lib/lxc is marked readonly after shutdown (and the '/ is busy' message doesn't show up). Now as Dave has several times helped us to remember, this happens because mount --bind -o remount,ro / sets the mount's readonly flag, but mount -o remount,ro / sets the superblock's readonly flag. And there is only one sb for all the bind mounts. This gets particularly nasty when you develop dreams of using btrfs snapshots for containers. Because all the subvolumes will share a sb. So - a workaround, for now, is to have /etc/init.d/lxc on the host make sure that a file under /var/lib/lxc is always held open :) A proper fix is possible though. Thanks again to Dave for thinking of it. In the kernel source, at fs/namespace.c:do_remount(), there is: if (flags & MS_BIND) err = change_mount_flags(path->mnt, flags); else err = do_remount_sb(sb, flags, data, 0); I think it would be conceptually clean to do something like: if (flags & MS_BIND || devcgroup_write_allowed(sb)) err = change_mount_flags(path->mnt, flags); else err = do_remount_sb(sb, flags, data, 0); where devcgroup_write_allowed() would be much like security/device_cgroup:__devcgroup_inode_permission(), but using the sb->s_dev. The idea would be, the devices cgroup isn't letting you mount that major:minor, so why would you be able to change an existing mount? If someone cares to work on the proper kernel patch, please send an email to make sure there's no duplicate effort. I don't expect to do it this week though. -serge -- Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Container start unmounts shared bind mounts
Quoting Ivan Vilata i Balaguer (i...@selidor.net): > Hi all. I'm running Debian's LXC 0.7.5 under Linux 3.2.0. I've set up > a shared mountpoint to dynamically export some host directories into one > container, like this:: > > # mkdir -p /lxc-shared > # mount --bind /lxc-shared /lxc-shared > # mount --make-unbindable /lxc-shared > # mount --make-shared /lxc-shared (I should think more before answering, but ...) What if you do 'mount --make-rslave /lxc-shared' here? That should prevent the container's mount actions from being forwarded to the host. > Now I bind mount the host directory under the shared directory:: > > # mkdir -p /lxc-shared/myvm/foo > # mount --bind /tmp /lxc-shared/myvm/foo > The problem is that whenever I start any container, /lxc-shared/myvm/foo > gets unmounted (even if it has processes working under it!). This > affects bind mounts only if they are under shared mountpoints, e.g. if I > also do this mount on the host:: > > # mount --bind /tmp /mnt > > It survives after starting the container. > > Does anyone know why does this happen? Should I file a bug report? > Thanks a lot! -- Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] Container start unmounts shared bind mounts
Hi all. I'm running Debian's LXC 0.7.5 under Linux 3.2.0. I've set up a shared mountpoint to dynamically export some host directories into one container, like this:: # mkdir -p /lxc-shared # mount --bind /lxc-shared /lxc-shared # mount --make-unbindable /lxc-shared # mount --make-shared /lxc-shared Now I bind mount the host directory under the shared directory:: # mkdir -p /lxc-shared/myvm/foo # mount --bind /tmp /lxc-shared/myvm/foo The problem is that whenever I start any container, /lxc-shared/myvm/foo gets unmounted (even if it has processes working under it!). This affects bind mounts only if they are under shared mountpoints, e.g. if I also do this mount on the host:: # mount --bind /tmp /mnt It survives after starting the container. Does anyone know why does this happen? Should I file a bug report? Thanks a lot! -- Ivan Vilata i Balaguer -- https://elvil.net/ -- Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
