[lxc-devel] [RFC] rootfs pinning

Serge Hallyn serge.hallyn at ubuntu.com
Wed Sep 25 13:35:25 UTC 2013 

Quoting Christian Seiler (christian at iwakd.de):
> Hi there,
> 
> > No.  There's a change there, all right, and thank you for reminding 
> > me
> > of that, but (afaik) it's NOT in the kernel itself.  It's a mount
> > option.  It's that bloody MS_SHARED option and, to a lessor extent,
> > MS_SLAVE option that are behind how those things are propagated.
> > MS_SHARED will propagate certain things from a child mount to the 
> > mount
> > point and to other children, IIRC, while MS_SLAVE propagates in one
> > direction and MS_PRIVATE restricts it.  I think the trouble maker is
> > MS_SHARED and that's what caused all the "pivot_root" calls to face
> > plant when systemd started mounting everything with MS_SHARED in the
> > host system.  I was using bind mounts to avoid some of these problems
> > but then they changed systemd and its default mount options and broke 
> > a
> > number of things I had running.
> 
> This is not MS_SHARED. The 3.8 instance I'm testing this with is
> a Debian Wheezy with a custom kernel (the 3.8 from Serge's and/or
> Stéphane's repository for userns which floated around here half
> a year ago or so. (I never had a chance to upgrade, it's in a KVM,
> so that I don't break my main  system).
> 
> Look at the following:
> 
> root at lxcdev:~# mkdir /foo/bar /foo/baz -p
> root at lxcdev:~# mount --bind /foo/bar /foo/baz
> root at lxcdev:~# grep /foo /proc/self/mountinfo
> 25 20 253:1 /foo/bar /foo/baz rw,relatime - ext4 
> /dev/disk/by-uuid/b2e1ac13-e6d0-48e7-a3b0-9fcdf81db294 
> rw,errors=remount-ro,data=ordered
> root at lxcdev:~# grep ^20 /proc/self/mountinfo
> 20 1 253:1 / / rw,relatime - ext4 
> /dev/disk/by-uuid/b2e1ac13-e6d0-48e7-a3b0-9fcdf81db294 
> rw,errors=remount-ro,data=ordered
> root at lxcdev:~# mount /foo/baz -o remount,ro
> mount: /foo/baz is busy
> root at lxcdev:~# mount /foo/baz -o remount,bind,ro
> root at lxcdev:~# grep /foo /proc/self/mountinfo
> 25 20 253:1 /foo/bar /foo/baz ro,relatime - ext4 
> /dev/disk/by-uuid/b2e1ac13-e6d0-48e7-a3b0-9fcdf81db294 
> rw,errors=remount-ro,data=ordered
> root at lxcdev:~# uname -a
> Linux lxcdev 3.8.0-rc3+ #1 SMP Sun Jan 27 16:39:34 CET 2013 x86_64 
> GNU/Linux
> 
> I don't see any shared: in /proc/self/mountinfo. Obviously,
> this could be a side-effect of the specific kernel I'm using,
> but I don't recall the additional userns patches to change
> anything in that regard.
> 
> Also note that a mount --make-private / doesn't change
> anything. And that this isn't even in an own namespace.
> 
> I don't have that much time atm, so I won't be able to
> check with a current official kernel.

Hm, this looks like a bug (perhaps in a patch I ported).  I get:

serge at sergelap:~$ sudo mount -t tmpfs tmpfs /tmp/a
serge at sergelap:~$ sudo mkdir /tmp/a/{a,b}
serge at sergelap:~$ sudo mount --bind /tmp/a/a /tmp/a/b
serge at sergelap:~$ sudo mount -o remount,ro /tmp/a/b
serge at sergelap:~$ grep /tmp/a /proc/self/mountinfo
48 20 0:40 / /tmp/a rw,relatime - tmpfs tmpfs rw
49 48 0:40 /a /tmp/a/b ro,relatime - tmpfs tmpfs rw
serge at sergelap:~$ uname -a
Linux sergelap 3.11.0-8-generic #15-Ubuntu SMP Fri Sep 20 04:11:26 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

Drat I just deleted my userns vm, I'll set up a new one and shout if
I get different results there.

-serge

More information about the lxc-devel mailing list