[lxc-devel] Probably more of a user list than a devel lis question but ...
Serge Hallyn
serge.hallyn at ubuntu.com
Wed May 7 21:33:27 UTC 2014
Quoting Michael J Coss (michael.coss at alcatel-lucent.com):
> On 5/7/2014 3:38 PM, Serge Hallyn wrote:
> >1) mount a new instance of sysfs within the nework/process namespace
> >of the container on some host mount point
> >Why on a host mount point, out of curiosity?
> I really don't want the "real" container /sys to be directly
http://www.freedesktop.org/wiki/Software/systemd/ContainerInterface/
says that if /sys is pre-mounted readonly , then systemd will not
mount it. But of course if it's empty i could easily see systemd
hanging... i defer to our systemd experts for a few more weeks.
> accessible within the container's context, other than thru the FUSE.
> At some point I will want to not allow a new sysfs instance to be
> mounted within the container.
> >So how does it go wrong if you use lxc.hook.mount? That happens
> >in the container's namespace, but before the pivot_root. So
> >you can access both the host's and container's mounts, though
> >your mounts won't be propagated to the host mount namespace.
> >At this point the container rootfs is mounted at
> >$LXC_ROOTFS_MOUNT, so ${LXC_ROOTFS_MOUNT}/sys will be the
> >container's sys, for instance.
> Three observations.
>
> First, systemd hangs. Haven't tried it with my container that's
> using openRC. It is not the fact that I have the container's /sys
> mounted because I've had this work before when I was shadowing the
> host's /sys. The different behavior seems to stem the use of
> ROOTFS_MOUNT vs ROOTFS_PATH. Using the path variable, the FUSE
> properly shadows the host's /sys. Use of the ROOTFS_MOUNT
> variable, triggers a hang in systemd.
Not what I'd expect, as /sys should never be mounted under
$LXC_ROOTFS_PATH in any namespace. When I have a lxc.hook.mount
script look under $LXC_ROOTFS_{MOUNT,PATH}/sys, only MOUNT has
contents.
> Second, looking at the mount point of what should be the container's
> /sys shows an empty directory. There are two entries in the host
Looking when and how? The only valid test for this is to do it from the
lxc.hook.mount script. If it's still empty,then you'll need to
pre-mount /sys (using lxc.mount.auto, lxc.mount.entry, or just by hand
in your lxc.hook.mount script before mounting the fusefs).
> mount table, one for each of the mounts done in the hook. The sysfs
> entry points to the correct directory /etc/lxc/<container name>/sys,
> the fuse daemon responsible for the mount point is active, and the
> mount point for the fuse is shown as the what I believe is the
> pivot_root, /usr/lib64/lxc/rootfs/sys. If I switch to using
> ROOTFS_PATH, systemd runs but apparently ignores the mount (or
> doesn't see it) and mounts a new instance of sysfs. The odd thing
> is that
>
> Third, what should be the container's /sys (mount on
> /etc/lxc/<container name>/sys) is empty. This may be due to the
> fact that systemd is hung, but I would think the kernel would
> present the sysfs instance even if the init process is hung.
Which fusefs are you using?
More information about the lxc-devel
mailing list