[lxc-devel] mounting a crypted volume in a container

Daniel Lezcano daniel.lezcano at free.fr
Tue Mar 2 22:26:48 UTC 2010 

lxc at zitta.fr wrote:
> Le 02/03/2010 18:13, Daniel Lezcano a écrit :
>   
>> lxc at zitta.fr wrote:
>>     
>>> hi,
>>>
>>> I'm trying to provide a crypted volume to a container :
>>> - So i have added it to the container's fstab :
>>>         root at ksxxx:~# cat /var/lib/lxc/newzer.ovh2.p.zitta.fr/fstab
>>>         /lxc/root/newzer.ovh2.p.zitta.fr
>>> /var/lib/lxc/newzer.ovh2.p.zitta.fr/rootfs none rbind 0 0
>>>         /dev/mapper/crypt_newzer
>>> /var/lib/lxc/newzer.ovh2.p.zitta.fr/rootfs/home ext4 defaults 0 0
>>> - Looked which minor/major to allow
>>>         root at ksxxx:~# ls -l /dev/mapper/
>>>         total 0
>>>         crw-rw---- 1 root root  10, 60 2010-02-13 14:22 control
>>>         brw-rw---- 1 root disk 252,  3 2010-03-02 12:51 crypt_newzer
>>>         brw-rw---- 1 root disk 252,  3 2010-03-02 12:51
>>> crypt_newzer_unformatted
>>>         brw-rw---- 1 root disk 252,  1 2010-02-13 14:22
>>> vg0-backup_restore
>>>         brw-rw---- 1 root disk 252,  2 2010-03-02 12:22 vg0-cr_newzer
>>>         brw-rw---- 1 root disk 252,  0 2010-02-13 14:22 vg0-lxc
>>> - I have allowed it (i have deduced it from exemples)
>>>         root at ksxxx:~# cat /var/lib/lxc/newzer.ovh2.p.zitta.fr/config |
>>> grep 252:3
>>>         lxc.cgroup.devices.allow = b 252:3 rwm
>>> - And plouf, an error :(
>>>         root at ksxxx:~# lxc-start -n newzer.ovh2.p.zitta.fr
>>>         lxc-start: Operation not permitted - failed to mount
>>> '/dev/mapper/crypt_newzer' on
>>> '/var/lib/lxc/newzer.ovh2.p.zitta.fr/rootfs/home'
>>>         lxc-start: failed to setup the mounts for
>>> 'newzer.ovh2.p.zitta.fr'
>>>         lxc-start: failed to setup the container
>>>
>>> So I'm wondering if it is possible, if i have made a mistake... Voila
>>>
>>> Any idea?
>>> Thanks
>>>   
>>>       
>> You want to use an image to mount the rootfs, right ?
>> This is partly implemented but disabled in the code right now.
>> Do you have an example of the image I can download somewhere in the
>> net, so I can finish this part and test ?
>>
>> In the meantime, you can mount the image somewhere in a directory and
>> use it as the rootfs - I know this is not what you want to do but
>> anyway ... :)
>>
>>
>>
>>     
> I have done a what you need, URL will follow in a private mail.
>
> For my problem, it is a crypted datadir for a backup server, not a rootfs.
> I wanted to use /var/lib/lxc/container/fstab to have the block device
> mounted at lxc startup whitout use any wrapper around lxc-start.
>
> For my education, is there any differences between these two solutions :
> - using /var/lib/lxc/container/fstab
> - mknod in the container + use his /etc/fstab
>   
Do you mean rootfs in the container ?

More information about the lxc-devel mailing list