[Bug 1589289] Re: fstrim: cannot open /dev/.lxd-mounts: Permission denied

Tue, 27 Aug 2019 07:35:12 -0700 

[Disco verification]

Confirming that I'm using a lxd container running Disco:

# systemd-detect-virt
lxc

# lsb_release -cs
disco

* rmadison:
 util-linux | 2.33.1-0.1ubuntu2    | disco           | source, amd64, arm64, 
armhf, i386, ppc64el, s390x
 util-linux | 2.33.1-0.1ubuntu3    | disco-proposed  | source, amd64, arm64, 
armhf, i386, ppc64el, s390x

* With current disco-updates package:

$ dpkg -l | grep -i util-linux
ii  util-linux                     2.33.1-0.1ubuntu2                 amd64      
  miscellaneous system utilities

$ systemctl status fstrim.timer 
● fstrim.timer - Discard unused blocks once a week
   Loaded: loaded (/lib/systemd/system/fstrim.timer; enabled; vendor preset: 
enabled)
   Active: active (waiting) since Tue 2019-08-27 14:18:00 UTC; 40s ago
  Trigger: Mon 2019-09-02 00:00:00 UTC; 5 days left
     Docs: man:fstrim

Aug 27 14:18:00 lxcdfstrim systemd[1]: Started Discard unused blocks
once a week.


* With current disco-proposed package:

$ dpkg -l | grep -i util-linux
ii  util-linux                     2.33.1-0.1ubuntu3                 amd64      
  miscellaneous system utilities

$ systemctl status fstrim.timer 
● fstrim.timer - Discard unused blocks once a week
   Loaded: loaded (/lib/systemd/system/fstrim.timer; enabled; vendor preset: 
enabled)
   Active: inactive (dead) since Tue 2019-08-27 14:19:25 UTC; 43s ago
  Trigger: n/a
Condition: start condition failed at Tue 2019-08-27 14:20:06 UTC; 2s ago
           └─ ConditionVirtualization=!container was not met
     Docs: man:fstrim

Aug 27 14:18:00 lxcdfstrim systemd[1]: Started Discard unused blocks once a 
week.
Aug 27 14:19:25 lxcdfstrim systemd[1]: fstrim.timer: Succeeded.
Aug 27 14:19:25 lxcdfstrim systemd[1]: Stopped Discard unused blocks once a 
week.
Aug 27 14:19:25 lxcdfstrim systemd[1]: Stopping Discard unused blocks once a 
week.
Aug 27 14:19:25 lxcdfstrim systemd[1]: Condition check resulted in Discard 
unused blocks once a week being skipped.
Aug 27 14:20:06 lxcdfstrim systemd[1]: Condition check resulted in Discard 
unused blocks once a week being skipped.

** Tags removed: verification-needed-disco verification-needed-xenial
** Tags added: verification-done-disco verification-done-xenial

** Description changed:

  [Impact]
  fstrim weekly cronjob output in an unprivileged LXD container:
  
  /etc/cron.weekly/fstrim:
  fstrim: cannot open /dev/.lxd-mounts: Permission denied
  fstrim: /dev/fuse: not a directory
  fstrim: /dev/lxd: FITRIM ioctl failed: Operation not permitted
  
  There is a github issue:
  
  https://github.com/lxc/lxd/issues/2030
  
  The outcome is that it's purely an fstrim misbehaviour, it could be
  smarter.
  
  Stephane Graber comment:
  
  As all of this is handled by the kernel, there isn't anything we can do
  about it in LXD.
  
  I think fstrim should be made slightly more clever:
  
  * Don't run on bind-mounts (you can detect bind-mounts by parsing 
/proc/self/mountinfo instead of /proc/mounts)
  * Maybe not be as noisy on expected errors like EACCES, EPERM and ENOENT, 
only log actual failures which would likely be EINVAL or memory related errors.
  
  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: util-linux 2.27.1-6ubuntu3
  ProcVersionSignature: Ubuntu 4.4.0-21.37-generic 4.4.6
  Uname: Linux 4.4.0-21-generic x86_64
  ApportVersion: 2.20.1-0ubuntu2.1
  Architecture: amd64
  Date: Sun Jun  5 19:49:04 2016
  ProcEnviron:
   LANGUAGE=en_US:en
   TERM=xterm
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: util-linux
  UpgradeStatus: No upgrade log present (probably fresh install)
  
  [Test Case]
  * Ubuntu lxd container
  * Wait for the scheduled fstrim run (X: cronjob, B and late: systemd timer)
  * fstrim will run and report errors "Operation not permitted" "Permission 
denied", ...
  
  Container shouldn't run fstrim, it should only be run at host level.
  
  [Potential Regression]
  
  None, the change will only block fstrim to be automatically run at
  scheduled time. One can still run fstrim on a container manually, even
  if there is no purpose of doing that.
  
  Xenial uses the cronjob approach /etc/cron.weekly/fstrim
  Bionic and late switched to a systemd timer.
  
  2 differents fixes (one for X, and one for B and late) will be needed,
  but they'll do same thing, which prevent fstrim to automatically run if
  inside a container both fixes using systemd-virt-detect.
  
  [Other Informations]
  
  * The systemd timer change upstream PR:
  https://github.com/karelzak/util-linux/pull/841
+ 
https://github.com/karelzak/util-linux/commit/0280d31a2bd6292acd9a4b86d0f6b5feb275a618

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1589289

Title:
  fstrim: cannot open /dev/.lxd-mounts: Permission denied

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1589289/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to