[lxc-devel] Strange problem (stray mounts) with lxc-create...

Serge Hallyn serge.hallyn at ubuntu.com
Fri Nov 1 17:19:11 UTC 2013 

Quoting Michael H. Warfield (mhw at WittsEnd.com):
> 14 15 0:13 / /proc/sys/fs/binfmt_misc rw,relatime shared:20 - autofs systemd-1 rw,fd=32,pgrp=1,timeout=300,minproto=5,maxproto=5,direct

D'oh.  D'oh.  D'oh.

I've been going over detect_shared_rootfs() again and again, confirming
that it should catch this line and return 1.  But your problem is during
lxc-create!  Stupid Serge!

Perhaps the clean solution here is to always do a mount --make-rslave /
before running the template.  Something like this:

>From 0edc092d852761a95d3fea8a4746a2c68fa91d84 Mon Sep 17 00:00:00 2001
From: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Fri, 1 Nov 2013 12:17:52 -0500
Subject: [PATCH 1/1] always remount / rslave before running creation template
 (if root)

If we're not root, our mounts in private userns won't get pushed
back anyway.  If we are root, we need to make sure that anything
the template does gets cleaned up.

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
---
 src/lxc/lxccontainer.c | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index 8b81a63..946133d 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -24,6 +24,7 @@
 #include <unistd.h>
 #include <sys/types.h>
 #include <sys/wait.h>
+#include <sys/mount.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <sched.h>
@@ -833,11 +834,23 @@ static bool create_run_template(struct lxc_container *c, char *tpath, bool quiet
 			exit(1);
 		}
 
-		if (strcmp(bdev->type, "dir") != 0) {
+		if (geteuid() == 0) {
 			if (unshare(CLONE_NEWNS) < 0) {
 				ERROR("error unsharing mounts");
 				exit(1);
 			}
+			if (detect_shared_rootfs()) {
+				if (mount("", "", NULL, MS_SLAVE|MS_REC, 0)) {
+					SYSERROR("Failed to make / rslave to run template");
+					ERROR("Continuing...");
+				}
+			}
+		}
+		if (strcmp(bdev->type, "dir") != 0) {
+			if (geteuid() != 0) {
+				ERROR("non-root users can only create directory-backed containers");
+				exit(1);
+			}
 			if (bdev->ops->mount(bdev) < 0) {
 				ERROR("Error mounting rootfs");
 				exit(1);
-- 
1.8.3.2

More information about the lxc-devel mailing list