[lxc-devel] LXC container fails to start by complaining that it is unable to unmount the old pivot-root
Daniel Lezcano
daniel.lezcano at free.fr
Tue Mar 2 15:33:40 UTC 2010
Ciprian Dorin, Craciun wrote:
> On Tue, Feb 2, 2010 at 8:06 PM, Daniel Lezcano <daniel.lezcano at free.fr> wrote:
>
>> Andrian Nord wrote:
>>
>>> On Mon, Feb 01, 2010 at 01:54:15PM -0500, Michael H. Warfield wrote:
>>>
>>>
>>>> On Mon, 2010-02-01 at 19:46 +0200, Ciprian Dorin, Craciun wrote:
>>>>
>>>>
>>>>> Hello all!
>>>>>
>>>>> I have a quite strange problem: the container fails to start and
>>>>> complains about being unable to unmount the old pivot root.
>>>>> (What is strange is that I remember that one moth ago the same
>>>>> setup worked (lxc binaries and config file, but maybe 2.6.31 kernel).
>>>>> Now neither the old binaries or the latest ones from Git don't work.)
>>>>>
>>>>>
>>> Taken from http://blog.flameeyes.eu/2010/01/31/lxc-s-unpolished-code
>>> "So what about the 0.6.5 problem? Well the problem came to be because
>>> 0.6.5 actually implements a nice feature (contributed by a non-core
>>> developer it seems): root pivoting. The idea is to drop access to the
>>> old root, so that the guest cannot in any way access the host’s
>>> filesystem unless given access to. It’s a very good idea, but there are
>>> two problems with it: it doesn’t really do it systematically, but rather
>>> with a “try and hope” approach, and it failed under certain conditions,
>>> saying that the original root is still busy (note here, since this
>>> happens within the cgroup’s mount namespace, it doesn’t matter to the
>>> rest of the system).
>>>
>>> At the end, last night I was able to identify the problem: I had this
>>> line in the fstab file used by lxc itself:
>>> none /tmp tmpfs size=200m 0 0
>>>
>>> What’s wrong with it? The mountpoint. The fstab (and lxc.mount commands)
>>> are used without previous validation or handling, so this is not
>>> mounting the /tmp for the guest, but the /tmp for the host, within the
>>> guest’s mount namespace. The result is that /tmp gets mounted twice
>>> (once inherited by the base mount namespace, once within the guest’s
>>> namespace, but it’s only unmounted once (as the unmount list keeps each
>>> mount point exactly once). This is quite an obvious error on my part, I
>>> should have used /media/chroots/tinderbox/tmp as mountpoint, but LXC
>>> being unable to catch the mistake in mountpoint (at least warning about
>>> it) is a definite problem."
>>>
>>> That's Gentoo maintainer for lxc ebuilds. May you check if this is
>>> source of the problem?
>>>
>>>
>> Ha ! Let's check ! :)
>>
>
>
> Hy there!
>
> I just want to inform you that the latest master
> 7d9fb3e9d2b9722040f37f0e01e29d071f4c6fe8 (from 26th February) solves
> the problem of unmounting. Now everything works perfectly.
>
> Sorry for being late with the feedback!
>
> Thanks,
> Ciprian.
>
Thanks Ciprian !
More information about the lxc-devel
mailing list