On Thu, Jan 15, 2015 at 07:20:55PM +0100, Lennart Poettering wrote: > On Thu, 15.01.15 12:14, Stéphane Graber (stgra...@ubuntu.com) wrote: > > > Hello, > > > > The last big issue I'm running into when running systemd in an > > unprivileged LXC container is that it's crashing on an assert in the > > shutdown/reboot path right after unmounting all devices. > > > > That's because due to mknod not being allowed inside a user namespace, > > we have to bind-mount all the required device nodes from the host's /dev on > > top of empty files in the container's /dev. > > > > This all works great until systemd unmounts everything. At which point, > > all of those are 0 byte files. Systemd then opens /dev/urandom and > > attempts to read some bytes from there, gets 0 bytes back and trips an > > assertion. > > > > > > To fix that, I've got two different approaches, both with an associated > > patch attached to this e-mail: > > - 0001-Add-dev-urandom-to-ignore_paths.patch: > > This very simply adds /dev/urandom to the ignore_paths list alongside > > /dev/console. That way all the other mount entries are unmounted but > > /dev/urandom isn't, fixing the issue we're currently seeing. > > > > - 0001-Ignore-devices-bind-mounts.patch: > > This one is a more generic take on the problem and should be more > > future-proof. Rather than hardcoding /dev/urandom, it extends the > > existing mount_point_ignore function to ignore any mountpoint which is a > > character or block device. > > I think I'd prefer if we simply would avoid unmounting anything that > sits below /sys, /dev, /proc. i.e. a simple path_startswith() check > before the unmount... > > Lennart
Something like that? -- Stéphane Graber Ubuntu developer http://www.ubuntu.com
From efbb09d4b0be9a059e4a0444ceeedb873c598b31 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgra...@ubuntu.com>
Date: Thu, 15 Jan 2015 19:22:06 -0500
Subject: [PATCH] Skip anything in dev, sys or proc on unmount
When getting around to unmounting things, don't actually call
/sbin/umount for anything inside /dev, /sys or /proc.
You really shouldn't have any block device mounted in there and any
remaining mount may well be used by systemd itself during the last few
steps of shutdown.
---
src/core/mount.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/core/mount.c b/src/core/mount.c
index 612d150..4de878e 100644
--- a/src/core/mount.c
+++ b/src/core/mount.c
@@ -871,6 +871,14 @@ static void mount_enter_unmounting(Mount *m) {
m->control_command_id = MOUNT_EXEC_UNMOUNT;
m->control_command = m->exec_command + MOUNT_EXEC_UNMOUNT;
+ /* Ignore any mounts under /dev, /proc or /sys */
+ if (path_startswith(m->where, "/dev/") ||
+ path_startswith(m->where, "/proc/") ||
+ path_startswith(m->where, "/sys/")) {
+ mount_set_state(m, MOUNT_DEAD);
+ return;
+ }
+
r = exec_command_set(m->control_command, "/bin/umount", m->where, NULL);
if (r >= 0 && UNIT(m)->manager->running_as == SYSTEMD_SYSTEM)
r = exec_command_append(m->control_command, "-n", NULL);
--
1.9.1
signature.asc
Description: Digital signature
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
