[lxc-devel] Change rootfs pinning mechnism
Stéphane Graber
stgraber at ubuntu.com
Fri Sep 13 16:18:29 UTC 2013
On Fri, Sep 13, 2013 at 05:11:37PM +0100, Christian Seiler wrote:
> Hi there,
>
> > Concur on the revert.
> >
> > What is really gained by deleting that file? I agree with the basic
> > idea of moving and renaming that file to hold the mount open but, are
> > we
> > really that worried that someone will inadvertently delete that file?
> > It shouldn't be a security issue and I don't think I see someone
> > deleting it to be stupid (but then you're still holding it open and
> > the
> > general case applies). I'm just not sure what was being accomplished
> > by
> > the whole delete while held action here.
>
> I see a consensus forming:
>
> - change name to something starting with a dort _inside_ the rootfs
> (e.g. .lxc-running)
> - don't delete it immediately
> - remove it at stop
>
> Agreed?
Whatever we end up with, please make sure we don't fail if the file
can't be created (read-only rootfs).
I'm not completely sure what a .lxc-running file would gain us since we
already have a unique abstract socket path which is much more reliable
to check if a given container is already running.
It's also not impossible that someone may actually want to run the same
container multiple times, so using the pin to prevent double-start seems
odd and would completely prevent shared rootfs.
I personally think that we shouldn't use the pin as an indication of the
container running at all, but only for its original purpose which is to
have a writable file open on the filesystem in order to prevent a
read-only remount of that fs.
>
> The only thing I'm not really sure about:
>
> - fail if it already exists
> => let's say one has an LXC running somewhere, the power goes
> out,
> no UPS, the host reboots after some time, tries to
> auto-start the
> LXC on boot but LXC won't start because .lxc-running
> exists...
> - perhaps we could write the pid of the lxc-start process in there, so
> that
> it may check whether the container is really running?
>
> -- Christian
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20130913/0a1fc578/attachment.pgp>
More information about the lxc-devel
mailing list