[lxc-devel] Patch: pivot_root, new version

Daniel Lezcano daniel.lezcano at free.fr
Wed Jan 6 22:32:24 UTC 2010 

Michael Holzt wrote:
>>> +		SYSERROR("strdup failed");
>>> +		return -1
>>>  
>> ";" is missing
> 
> Oops.
> 
>> Why the setup_rootfs_pivot_root_cb does not directly umount instead of 
>> creating a list and then browse the list to umount ?
> 
> Some umounts will fail because they are busy, e.g. /dev before /dev/pts
> is umounted. I need to store at least those failed umounts in a list to
> retry later. To keep it simple and clean i then decided to first put 
> all mounts in a list and then have one single loop which umounts instead
> of having umount happen at two different positions in code.
> 
>> I think you convinced with your demonstration the chroot is insane for a 
>> container, so IMO we can consider using always the pivot_root and 
>> definitively get rid of the chroot only.
> 
> Ok. I do not want to offend anybody, but it puzzles me why no one else
> noticed this before. Breaking chroot is a known problem and the stance
> by the kernel developers at least a few years ago that it won't be fixed,
> because root on the machine has other ways to break chroot.

Oh, that was reported one or two times, but I was busy on some other 
parts of lxc, especially in the scaling aspect - 4096 containers running 
on the same machine :P, so finally I didn't pay enough attention.

> This no longer holds true because the invent of namespaces/containers and 
> capabilities has now made it possible to restrict even uid=0 in a chroot
> context to a point where i believe the last point of failure is the damn
> chroot. So maybe the kernel developers might chance their mind on this
> but on the other hand we have a powerful alternative with pivot_root.

Right :)

>> Is it possible to not add the 
>> pivotdir configuration variable and keep this internally by creating in 
>> the /tmp/lxc-rootfs the pivotdir to be used ?
> 
> This would be possible, but by creating a temporary mount point in
> /tmp/lxc-rootfs i create the temporary mount point in the filesystem
> of the container which might be read only, also such modification
> might not be desired.

I was thinking to do something like:

/tmp/lxc-rootfs/pivotdir
/tmp/lxc-rootfs/rootfs

The mount of the rootfs is done in /tmp/lxc-rootfs/rootfs of course.

> Why not keep the variable optional and use it as the temporary mountpoint
> if specified, and create a tmp dir in root fs when not set?

Well that would be nice if the older configurations switch automatically 
to pivot_root with a new version of lxc.

More information about the lxc-devel mailing list