Re: [Lxc-users] Container start unmounts shared bind mounts
Quoting Ivan Vilata i Balaguer (i...@selidor.net):
Serge Hallyn (2012-02-11 00:08:10 +0100) wrote:
Quoting Ivan Vilata i Balaguer (i...@selidor.net):
Serge Hallyn (2012-02-10 16:05:19 +0100) wrote:
mv /usr/bin/lxc-start /usr/bin/lxc-start.real
cat /usr/bin/lxc-start.mid EOF
mount --make-unbindable /lxc-shared
mount --make-shared /lxc-shared
Oops, this isn't right. I think I just meant
cat /usr/bin/lxc-start.mid EOF
mount --make-rslave /lxc-shared
exec /usr/bin/lxc-start.real $*
EOF
exec /usr/bin/lxc-start.real $*
EOF
cat /usr/bin/lxc-start EOF
lxc-unshare -s MOUNT -- /usr/bin/lxc-start.mid $*
EOF
chmod ugo+x /usr/bin/lxc-start{,.mid}
Yup, the new one did work! :)
Well, I'm actually trying on the host to mount and unmount file systems
I don't know beforehand *while myvm is running* under subdirectories in
/lxc-shared,
You've lost me here (I don't understand what you're saying), but
Sorry, tried to stuff too much into too few words. :D
What I want to do is set up a shared directory /lxc-shared in the host,
which will appear as /shared in myvm. While myvm is running, I'll be
binding host directories to /lxc-shared/foo, /lxc-shared/bar and other
subdirs I don't know beforehand so that they become visible as
/shared/foo, /shared/bar etc. at myvm. I don't need other containers to
access /lxc-shared (and of course I don't want them to accidentaly
unmount things from it when starting).
but running myvm through the scripts you suggest creates a
new namespace so that myvm no longer sees mounts done by the host.
Note that you're still supposed to do
mount --bind /lxc-shared /lxc-shared
mount --make-shared /lxc-shared /lxc-shared
at host boot. Then creating a new namespace shouldn't stop myvm from
seeing new mounts done by the host. The reason I was creating that new
namespace was so that the mount --make-rslave wouldn't happen in the
host's namespace.
Yes, I was already doing that before starting myvm. Indeed, your fix
above made the sharing work as expected.
But in any case, like I say I think it'd be worth adding explicit
support through the config file for this.
Running the containers through your scripts do the trick, but having an
option in myvm's config file to make the host's /lxc-shared directory
shared only for this container (so that other containers don't need to
go through lxc-unshare --make-rslave) would be great. Does that fit
the behaviour of the new config entries you suggest?
I think so. I've put it down on the list of things to consider for
next cycle.
Anyway, thanks a lot for you help!
My pleasure. It's a good feature to have.
-serge
--
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Container start unmounts shared bind mounts
Serge Hallyn (2012-02-11 00:08:10 +0100) wrote:
Quoting Ivan Vilata i Balaguer (i...@selidor.net):
Serge Hallyn (2012-02-10 16:05:19 +0100) wrote:
mv /usr/bin/lxc-start /usr/bin/lxc-start.real
cat /usr/bin/lxc-start.mid EOF
mount --make-unbindable /lxc-shared
mount --make-shared /lxc-shared
Oops, this isn't right. I think I just meant
cat /usr/bin/lxc-start.mid EOF
mount --make-rslave /lxc-shared
exec /usr/bin/lxc-start.real $*
EOF
exec /usr/bin/lxc-start.real $*
EOF
cat /usr/bin/lxc-start EOF
lxc-unshare -s MOUNT -- /usr/bin/lxc-start.mid $*
EOF
chmod ugo+x /usr/bin/lxc-start{,.mid}
Yup, the new one did work! :)
Well, I'm actually trying on the host to mount and unmount file systems
I don't know beforehand *while myvm is running* under subdirectories in
/lxc-shared,
You've lost me here (I don't understand what you're saying), but
Sorry, tried to stuff too much into too few words. :D
What I want to do is set up a shared directory /lxc-shared in the host,
which will appear as /shared in myvm. While myvm is running, I'll be
binding host directories to /lxc-shared/foo, /lxc-shared/bar and other
subdirs I don't know beforehand so that they become visible as
/shared/foo, /shared/bar etc. at myvm. I don't need other containers to
access /lxc-shared (and of course I don't want them to accidentaly
unmount things from it when starting).
but running myvm through the scripts you suggest creates a
new namespace so that myvm no longer sees mounts done by the host.
Note that you're still supposed to do
mount --bind /lxc-shared /lxc-shared
mount --make-shared /lxc-shared /lxc-shared
at host boot. Then creating a new namespace shouldn't stop myvm from
seeing new mounts done by the host. The reason I was creating that new
namespace was so that the mount --make-rslave wouldn't happen in the
host's namespace.
Yes, I was already doing that before starting myvm. Indeed, your fix
above made the sharing work as expected.
But in any case, like I say I think it'd be worth adding explicit
support through the config file for this.
Running the containers through your scripts do the trick, but having an
option in myvm's config file to make the host's /lxc-shared directory
shared only for this container (so that other containers don't need to
go through lxc-unshare --make-rslave) would be great. Does that fit
the behaviour of the new config entries you suggest?
Anyway, thanks a lot for you help!
--
Ivan Vilata i Balaguer -- https://elvil.net/
--
Virtualization Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Container start unmounts shared bind mounts
Serge Hallyn (2012-02-09 19:30:29 +0100) wrote: Quoting Ivan Vilata i Balaguer (i...@selidor.net): Hi all. I'm running Debian's LXC 0.7.5 under Linux 3.2.0. I've set up a shared mountpoint to dynamically export some host directories into one container, like this:: # mkdir -p /lxc-shared # mount --bind /lxc-shared /lxc-shared # mount --make-unbindable /lxc-shared # mount --make-shared /lxc-shared (I should think more before answering, but ...) What if you do 'mount --make-rslave /lxc-shared' here? That should prevent the container's mount actions from being forwarded to the host. Thanks for the suggestion! That does prevent a starting container from unmounting bind mounts under /lxc-shared in the host, *however* it also renders (un)mounts performed after the --make-rslave invisible to any container which had access to the directory. E.g. imagine myvm has a /shared directory and this config line:: lxc.mount.entry = /lxc-shared/myvm/ /var/lib/lxc/debtest/rootfs/shared/ none defaults,bind 0 0 Then:: host# mkdir -p /lxc-shared host# mount --bind /lxc-shared /lxc-shared host# mount --make-shared /lxc-shared host# lxc-start -n myvm -d # myvm sees /lxc-shared/myvm at /shared host# mkdir -p /lxc-shared/myvm/foo host# mount --bind /tmp /lxc-shared/myvm/foo # myvm sees mounted /shared/foo host# mount --make-rslave /lxc-shared # myvm still sees mounted /shared/foo host# lxc-start -n myothervm -d # myvm still sees mounted /shared/foo host# mkdir -p /lxc-shared/myvm/bar host# mount --bind /tmp /lxc-shared/myvm/bar # myvm sees /shared/bar but nothing mounted on it! A workaround I found is bind mounting the desired directory *in the container* (which requires not dropping the sys_admin capability):: host# mkdir -p /lxc-shared host# mount --bind /lxc-shared /lxc-shared host# mount --make-shared /lxc-shared host# lxc-start -n myvm -d # myvm sees /lxc-shared/myvm at /shared host# mkdir -p /lxc-shared/myvm/foo host# mount --bind /tmp /lxc-shared/myvm/foo # myvm sees mounted /shared/foo myvm# mount --bind /shared/foo /mnt/foo host# lxc-start -n myothervm -d # host's /lxc-shared/myvm/foo gets unmounted # myvm sees /shared/foo but nothing mounted on it # myvm still sees mounted /mnt/foo host# mkdir -p /lxc-shared/myvm/bar host# mount --bind /tmp /lxc-shared/myvm/bar # myvm sees mounted /shared/bar myvm# mount --bind /shared/bar /mnt/bar # and so on... However, the question still remains: *Why on Earth does starting a container unmount all bind mounts under a shared mount???* Doesn't it look like a bug to you? Thanks cheers! Now I bind mount the host directory under the shared directory:: # mkdir -p /lxc-shared/myvm/foo # mount --bind /tmp /lxc-shared/myvm/foo The problem is that whenever I start any container, /lxc-shared/myvm/foo gets unmounted (even if it has processes working under it!). This affects bind mounts only if they are under shared mountpoints, e.g. if I also do this mount on the host:: # mount --bind /tmp /mnt It survives after starting the container. Does anyone know why does this happen? Should I file a bug report? Thanks a lot! -- Ivan Vilata i Balaguer -- https://elvil.net/ -- Virtualization Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Container start unmounts shared bind mounts
Quoting Ivan Vilata i Balaguer (i...@selidor.net):
Serge Hallyn (2012-02-09 19:30:29 +0100) wrote:
Quoting Ivan Vilata i Balaguer (i...@selidor.net):
Hi all. I'm running Debian's LXC 0.7.5 under Linux 3.2.0. I've set up
a shared mountpoint to dynamically export some host directories into one
container, like this::
# mkdir -p /lxc-shared
# mount --bind /lxc-shared /lxc-shared
# mount --make-unbindable /lxc-shared
# mount --make-shared /lxc-shared
(I should think more before answering, but ...)
What if you do 'mount --make-rslave /lxc-shared' here? That should
prevent the container's mount actions from being forwarded to the
host.
Thanks for the suggestion! That does prevent a starting container from
unmounting bind mounts under /lxc-shared in the host, *however* it also
renders (un)mounts performed after the --make-rslave invisible to any
container which had access to the directory. E.g. imagine myvm has a
Right, this was a quick test. What you actually want to do is leave the
mount shared on the host, and have the container startup turn it into a
slave mount. I'm not sure offhand what would be the best time to do this,
but one thing you could do is use a wrapper around lxc-start like:
mv /usr/bin/lxc-start /usr/bin/lxc-start.real
cat /usr/bin/lxc-start.mid EOF
mount --make-unbindable /lxc-shared
mount --make-shared /lxc-shared
exec /usr/bin/lxc-start.real $*
EOF
cat /usr/bin/lxc-start EOF
lxc-unshare -s MOUNT -- /usr/bin/lxc-start.mid $*
EOF
chmod ugo+x /usr/bin/lxc-start{,.mid}
You can probably do this through /var/lib/lxc/container/fstab entries,
but it would take some tweaking. We could also add support for this
in the lxc config files. I think it's a common enough request that it'd
be worth doing.
/shared directory and this config line::
lxc.mount.entry = /lxc-shared/myvm/ /var/lib/lxc/debtest/rootfs/shared/
none defaults,bind 0 0
Then::
host# mkdir -p /lxc-shared
host# mount --bind /lxc-shared /lxc-shared
host# mount --make-shared /lxc-shared
host# lxc-start -n myvm -d
# myvm sees /lxc-shared/myvm at /shared
host# mkdir -p /lxc-shared/myvm/foo
host# mount --bind /tmp /lxc-shared/myvm/foo
# myvm sees mounted /shared/foo
host# mount --make-rslave /lxc-shared
# myvm still sees mounted /shared/foo
host# lxc-start -n myothervm -d
# myvm still sees mounted /shared/foo
host# mkdir -p /lxc-shared/myvm/bar
host# mount --bind /tmp /lxc-shared/myvm/bar
# myvm sees /shared/bar but nothing mounted on it!
A workaround I found is bind mounting the desired directory *in the
container* (which requires not dropping the sys_admin capability)::
host# mkdir -p /lxc-shared
host# mount --bind /lxc-shared /lxc-shared
host# mount --make-shared /lxc-shared
host# lxc-start -n myvm -d
# myvm sees /lxc-shared/myvm at /shared
host# mkdir -p /lxc-shared/myvm/foo
host# mount --bind /tmp /lxc-shared/myvm/foo
# myvm sees mounted /shared/foo
myvm# mount --bind /shared/foo /mnt/foo
host# lxc-start -n myothervm -d
# host's /lxc-shared/myvm/foo gets unmounted
# myvm sees /shared/foo but nothing mounted on it
# myvm still sees mounted /mnt/foo
host# mkdir -p /lxc-shared/myvm/bar
host# mount --bind /tmp /lxc-shared/myvm/bar
# myvm sees mounted /shared/bar
myvm# mount --bind /shared/bar /mnt/bar
# and so on...
However, the question still remains: *Why on Earth does starting a
container unmount all bind mounts under a shared mount???*
Doesn't it look like a bug to you?
No, when a container starts up, it mounts its new root under, say,
/usr/lib/lxc/, and mounts other directories under there. Then it
does pivot_root (see man 8 pivot_root), so now /usr/lib/lxc is its
'/', and the old '/' and all its submounts are now mounted on '/old'.
Then the container startup recursively unmounts /old, including
/old/lxc-shared.
That umount of /old/lxc-shared is what is getting propagated to
the host mount.
-serge
Thanks cheers!
Now I bind mount the host directory under the shared directory::
# mkdir -p /lxc-shared/myvm/foo
# mount --bind /tmp /lxc-shared/myvm/foo
The problem is that whenever I start any container, /lxc-shared/myvm/foo
gets unmounted (even if it has processes working under it!). This
affects bind mounts only if they are under shared mountpoints, e.g. if I
also do this mount on the host::
# mount --bind /tmp /mnt
It survives after starting the container.
Does anyone know why does this happen? Should I file a bug report?
Thanks a lot!
--
Ivan Vilata i Balaguer -- https://elvil.net/
--
Virtualization Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
Re: [Lxc-users] Container start unmounts shared bind mounts
Serge Hallyn (2012-02-10 16:05:19 +0100) wrote:
Quoting Ivan Vilata i Balaguer (i...@selidor.net):
Serge Hallyn (2012-02-09 19:30:29 +0100) wrote:
Quoting Ivan Vilata i Balaguer (i...@selidor.net):
Hi all. I'm running Debian's LXC 0.7.5 under Linux 3.2.0. I've set up
a shared mountpoint to dynamically export some host directories into one
container, like this::
# mkdir -p /lxc-shared
# mount --bind /lxc-shared /lxc-shared
# mount --make-unbindable /lxc-shared
# mount --make-shared /lxc-shared
(I should think more before answering, but ...)
What if you do 'mount --make-rslave /lxc-shared' here? That should
prevent the container's mount actions from being forwarded to the
host.
Thanks for the suggestion! That does prevent a starting container from
unmounting bind mounts under /lxc-shared in the host, *however* it also
renders (un)mounts performed after the --make-rslave invisible to any
container which had access to the directory. E.g. imagine myvm has a
Right, this was a quick test. What you actually want to do is leave the
mount shared on the host, and have the container startup turn it into a
slave mount. I'm not sure offhand what would be the best time to do this,
but one thing you could do is use a wrapper around lxc-start like:
mv /usr/bin/lxc-start /usr/bin/lxc-start.real
cat /usr/bin/lxc-start.mid EOF
mount --make-unbindable /lxc-shared
mount --make-shared /lxc-shared
exec /usr/bin/lxc-start.real $*
EOF
cat /usr/bin/lxc-start EOF
lxc-unshare -s MOUNT -- /usr/bin/lxc-start.mid $*
EOF
chmod ugo+x /usr/bin/lxc-start{,.mid}
You can probably do this through /var/lib/lxc/container/fstab entries,
but it would take some tweaking. We could also add support for this
in the lxc config files. I think it's a common enough request that it'd
be worth doing.
Well, I'm actually trying on the host to mount and unmount file systems
I don't know beforehand *while myvm is running* under subdirectories in
/lxc-shared, but running myvm through the scripts you suggest creates a
new namespace so that myvm no longer sees mounts done by the host.
However, I can use a slight modification of your suggestion, namely
running myvm through normal lxc-start (so it uses the same namespace as
the host), and the other containers through those scripts (actually I
don't need --make-shared there).
The ideal solution for me would be making /lxc-shared shared, running
myvm and then doing something which allows mounts under /lxc-shared to
be seen only in the host and myvm but not in other containers started
normaly. But the previous solution comes quite close to it. :)
However, the question still remains: *Why on Earth does starting a
container unmount all bind mounts under a shared mount???*
Doesn't it look like a bug to you?
No, when a container starts up, it mounts its new root under, say,
/usr/lib/lxc/, and mounts other directories under there. Then it
does pivot_root (see man 8 pivot_root), so now /usr/lib/lxc is its
'/', and the old '/' and all its submounts are now mounted on '/old'.
Then the container startup recursively unmounts /old, including
/old/lxc-shared.
That umount of /old/lxc-shared is what is getting propagated to
the host mount.
Ummm, now I see clearly what's going on there. Thanks a lot for your
help and for the explanation! :)
--
Ivan Vilata i Balaguer -- https://elvil.net/
--
Virtualization Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Container start unmounts shared bind mounts
Quoting Ivan Vilata i Balaguer (i...@selidor.net):
Serge Hallyn (2012-02-10 16:05:19 +0100) wrote:
Quoting Ivan Vilata i Balaguer (i...@selidor.net):
Serge Hallyn (2012-02-09 19:30:29 +0100) wrote:
Quoting Ivan Vilata i Balaguer (i...@selidor.net):
Hi all. I'm running Debian's LXC 0.7.5 under Linux 3.2.0. I've set up
a shared mountpoint to dynamically export some host directories into one
container, like this::
# mkdir -p /lxc-shared
# mount --bind /lxc-shared /lxc-shared
# mount --make-unbindable /lxc-shared
# mount --make-shared /lxc-shared
(I should think more before answering, but ...)
What if you do 'mount --make-rslave /lxc-shared' here? That should
prevent the container's mount actions from being forwarded to the
host.
Thanks for the suggestion! That does prevent a starting container from
unmounting bind mounts under /lxc-shared in the host, *however* it also
renders (un)mounts performed after the --make-rslave invisible to any
container which had access to the directory. E.g. imagine myvm has a
Right, this was a quick test. What you actually want to do is leave the
mount shared on the host, and have the container startup turn it into a
slave mount. I'm not sure offhand what would be the best time to do this,
but one thing you could do is use a wrapper around lxc-start like:
mv /usr/bin/lxc-start /usr/bin/lxc-start.real
cat /usr/bin/lxc-start.mid EOF
mount --make-unbindable /lxc-shared
mount --make-shared /lxc-shared
Oops, this isn't right. I think I just meant
cat /usr/bin/lxc-start.mid EOF
mount --make-rslave /lxc-shared
exec /usr/bin/lxc-start.real $*
EOF
exec /usr/bin/lxc-start.real $*
EOF
cat /usr/bin/lxc-start EOF
lxc-unshare -s MOUNT -- /usr/bin/lxc-start.mid $*
EOF
chmod ugo+x /usr/bin/lxc-start{,.mid}
You can probably do this through /var/lib/lxc/container/fstab entries,
but it would take some tweaking. We could also add support for this
in the lxc config files. I think it's a common enough request that it'd
be worth doing.
Well, I'm actually trying on the host to mount and unmount file systems
I don't know beforehand *while myvm is running* under subdirectories in
/lxc-shared,
You've lost me here (I don't understand what you're saying), but
but running myvm through the scripts you suggest creates a
new namespace so that myvm no longer sees mounts done by the host.
Note that you're still supposed to do
mount --bind /lxc-shared /lxc-shared
mount --make-shared /lxc-shared /lxc-shared
at host boot. Then creating a new namespace shouldn't stop myvm from
seeing new mounts done by the host. The reason I was creating that new
namespace was so that the mount --make-rslave wouldn't happen in the
host's namespace.
But in any case, like I say I think it'd be worth adding explicit
support through the config file for this.
thanks,
-serge
--
Virtualization Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] Container start unmounts shared bind mounts
Hi all. I'm running Debian's LXC 0.7.5 under Linux 3.2.0. I've set up a shared mountpoint to dynamically export some host directories into one container, like this:: # mkdir -p /lxc-shared # mount --bind /lxc-shared /lxc-shared # mount --make-unbindable /lxc-shared # mount --make-shared /lxc-shared Now I bind mount the host directory under the shared directory:: # mkdir -p /lxc-shared/myvm/foo # mount --bind /tmp /lxc-shared/myvm/foo The problem is that whenever I start any container, /lxc-shared/myvm/foo gets unmounted (even if it has processes working under it!). This affects bind mounts only if they are under shared mountpoints, e.g. if I also do this mount on the host:: # mount --bind /tmp /mnt It survives after starting the container. Does anyone know why does this happen? Should I file a bug report? Thanks a lot! -- Ivan Vilata i Balaguer -- https://elvil.net/ -- Virtualization Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
