On Thu, 15.01.15 12:14, Stéphane Graber (stgra...@ubuntu.com) wrote: > Hello, > > The last big issue I'm running into when running systemd in an > unprivileged LXC container is that it's crashing on an assert in the > shutdown/reboot path right after unmounting all devices. > > That's because due to mknod not being allowed inside a user namespace, > we have to bind-mount all the required device nodes from the host's /dev on > top of empty files in the container's /dev. > > This all works great until systemd unmounts everything. At which point, > all of those are 0 byte files. Systemd then opens /dev/urandom and > attempts to read some bytes from there, gets 0 bytes back and trips an > assertion. > > > To fix that, I've got two different approaches, both with an associated > patch attached to this e-mail: > - 0001-Add-dev-urandom-to-ignore_paths.patch: > This very simply adds /dev/urandom to the ignore_paths list alongside > /dev/console. That way all the other mount entries are unmounted but > /dev/urandom isn't, fixing the issue we're currently seeing. > > - 0001-Ignore-devices-bind-mounts.patch: > This one is a more generic take on the problem and should be more > future-proof. Rather than hardcoding /dev/urandom, it extends the > existing mount_point_ignore function to ignore any mountpoint which is a > character or block device.
I think I'd prefer if we simply would avoid unmounting anything that sits below /sys, /dev, /proc. i.e. a simple path_startswith() check before the unmount... Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel