[lxc-devel] [PATCH 2/3] execute: bind init.lxc.static into container

Serge Hallyn serge.hallyn at ubuntu.com
Sat May 31 14:00:57 UTC 2014


Quoting Stéphane Graber (stgraber at ubuntu.com):
> On Fri, May 30, 2014 at 09:39:46PM +0000, Serge Hallyn wrote:
> > Quoting Stéphane Graber (stgraber at ubuntu.com):
> > > On Mon, May 19, 2014 at 03:51:28PM +0000, Serge Hallyn wrote:
> > > > Quoting Stéphane Graber (stgraber at ubuntu.com):
> > > > > On Mon, May 12, 2014 at 06:04:00PM +0000, Serge Hallyn wrote:
> > > > > > Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> > > > > 
> > > > > So one concern here is that SBINDIR may be pretty much anything and may
> > > > > look pretty awkward in the container, can we have the bind-mount be done
> > > > > with say /lxc.init.static instead and only be done in the last resort
> > > > > case where an existing init couldn't be found?
> > > > 
> > > > Sure, that sounds good.
> > > 
> > > Your new patch does put it in /lxc.init.static but still appears to do
> > > it in all cases (even if it ends up unused). I'd really prefer we only
> > > do the bind-mount if we can't detect a suitable init in the rootfs and
> > > also remove the bind-mounted file from the rootfs on exit (at least in
> > > the non-error path).
> > 
> > We actually can't *easily* do this right now.  The rootfs is mounted only
> > from the task which becomes the container init.  So once the container
> > exits, the rootfs not available to us.
> > 
> > We also don't know from the parent (without sending the information back)
> > whether we bind-mounted the init.  So if this is worth it to us, then we
> > would have to always re-mount the rootfs (in a new namespace for safety)
> > just to remove the file.
> > 
> > I think having this file sitting around is a price worth paying for not
> > having to install liblxc in the container.
> > 
> > So if there are no other objections to the set, I'll push this set on monday.
> 
> Fair enough, however please don't push it just yet, it's regressed
> android build capability and I need to figure out why and how to fix it.

D'oh, I forgot about that.  Unfortunately the jenkins page with the failure
won't load for me.


More information about the lxc-devel mailing list