[lxc-devel] LXC container fails to start by complaining that it is unable to unmount the old pivot-root
Ciprian Dorin, Craciun
ciprian.craciun at gmail.com
Tue Mar 2 15:22:51 UTC 2010
On Tue, Feb 2, 2010 at 8:06 PM, Daniel Lezcano <daniel.lezcano at free.fr> wrote:
> Andrian Nord wrote:
>> On Mon, Feb 01, 2010 at 01:54:15PM -0500, Michael H. Warfield wrote:
>>
>>> On Mon, 2010-02-01 at 19:46 +0200, Ciprian Dorin, Craciun wrote:
>>>
>>>> Hello all!
>>>>
>>>> I have a quite strange problem: the container fails to start and
>>>> complains about being unable to unmount the old pivot root.
>>>> (What is strange is that I remember that one moth ago the same
>>>> setup worked (lxc binaries and config file, but maybe 2.6.31 kernel).
>>>> Now neither the old binaries or the latest ones from Git don't work.)
>>>>
>>
>> Taken from http://blog.flameeyes.eu/2010/01/31/lxc-s-unpolished-code
>> "So what about the 0.6.5 problem? Well the problem came to be because
>> 0.6.5 actually implements a nice feature (contributed by a non-core
>> developer it seems): root pivoting. The idea is to drop access to the
>> old root, so that the guest cannot in any way access the host’s
>> filesystem unless given access to. It’s a very good idea, but there are
>> two problems with it: it doesn’t really do it systematically, but rather
>> with a “try and hope” approach, and it failed under certain conditions,
>> saying that the original root is still busy (note here, since this
>> happens within the cgroup’s mount namespace, it doesn’t matter to the
>> rest of the system).
>>
>> At the end, last night I was able to identify the problem: I had this
>> line in the fstab file used by lxc itself:
>> none /tmp tmpfs size=200m 0 0
>>
>> What’s wrong with it? The mountpoint. The fstab (and lxc.mount commands)
>> are used without previous validation or handling, so this is not
>> mounting the /tmp for the guest, but the /tmp for the host, within the
>> guest’s mount namespace. The result is that /tmp gets mounted twice
>> (once inherited by the base mount namespace, once within the guest’s
>> namespace, but it’s only unmounted once (as the unmount list keeps each
>> mount point exactly once). This is quite an obvious error on my part, I
>> should have used /media/chroots/tinderbox/tmp as mountpoint, but LXC
>> being unable to catch the mistake in mountpoint (at least warning about
>> it) is a definite problem."
>>
>> That's Gentoo maintainer for lxc ebuilds. May you check if this is
>> source of the problem?
>>
>
> Ha ! Let's check ! :)
Hy there!
I just want to inform you that the latest master
7d9fb3e9d2b9722040f37f0e01e29d071f4c6fe8 (from 26th February) solves
the problem of unmounting. Now everything works perfectly.
Sorry for being late with the feedback!
Thanks,
Ciprian.
More information about the lxc-devel
mailing list