[lxc-devel] Change rootfs pinning mechnism

Michael H. Warfield mhw at WittsEnd.com
Fri Sep 13 15:37:42 UTC 2013 

On Fri, 2013-09-13 at 10:28 -0500, Serge Hallyn wrote: 
> Quoting Michael H. Warfield (mhw at WittsEnd.com):
> > On Fri, 2013-09-13 at 07:56 -0500, Serge Hallyn wrote: 
> > > Quoting Jäkel, Guido (G.Jaekel at dnb.de):
> > > > Hello,
> > > > 
> > > > I'm late but I just want to mention that I expect that all this kind
> > > of "unlinking" on a NFS will show up as a stale NFS handle, i.e. a
> > > still visible hidden directory entry (.nfs00??????????????????????).
> > > Therefore, one have to take care of this (i.e. exclude) if he make a
> > > copy of such (for the purpose of cloning or even for backups). This
> > > isn't a LXC-, but a NFS-caveat. An NFS-aware will (should) know about
> > > to deal with this but there he should have to know (by the
> > > documentation) that LXC will use this unlinking mechanism to correlate
> > > this stale handle.
> > 
> > > Will it use the same name every time?  Will it eventually go away?
> > 
> > > I really don't want a new switch for this.  If we have to do something
> > > I'd rather detect nfs and do something different.
> > 
> > Jäkel beat me to the punch on that one but he's absolutely right.  The
> > whole delete a file with the file handle still open is known to NOT work
> > properly over NFS.

> So are a lot of other things :)

Yeah, no fooling...

> > In the back of my mind, I seem to recall some
> > discussion over whether NFS v3 would handle that case properly or not.
> > I could be wrong there but earlier versions would definitely NOT behave
> > as intended.  I have no clue if it works over AFS or SMB but I
> > definitely would not trust it over any network file system.  The results
> > could be unpredictable.

> I don't mind reverting that patch, but we're not putting in a config
> switch for it.  My preference is for lxc to detect a netfs and behave
> differently there.

Concur on the revert.

What is really gained by deleting that file?  I agree with the basic
idea of moving and renaming that file to hold the mount open but, are we
really that worried that someone will inadvertently delete that file?
It shouldn't be a security issue and I don't think I see someone
deleting it to be stupid (but then you're still holding it open and the
general case applies).  I'm just not sure what was being accomplished by
the whole delete while held action here.

Regards,
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20130913/9778ccc5/attachment.pgp>

More information about the lxc-devel mailing list