[lxc-devel] [PATCH 2/3] execute: bind init.lxc.static into container

Stéphane Graber stgraber at ubuntu.com
Sat May 31 23:52:47 UTC 2014 

On Sat, May 31, 2014 at 02:00:57PM +0000, Serge Hallyn wrote:
> Quoting Stéphane Graber (stgraber at ubuntu.com):
> > On Fri, May 30, 2014 at 09:39:46PM +0000, Serge Hallyn wrote:
> > > Quoting Stéphane Graber (stgraber at ubuntu.com):
> > > > On Mon, May 19, 2014 at 03:51:28PM +0000, Serge Hallyn wrote:
> > > > > Quoting Stéphane Graber (stgraber at ubuntu.com):
> > > > > > On Mon, May 12, 2014 at 06:04:00PM +0000, Serge Hallyn wrote:
> > > > > > > Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> > > > > > 
> > > > > > So one concern here is that SBINDIR may be pretty much anything and may
> > > > > > look pretty awkward in the container, can we have the bind-mount be done
> > > > > > with say /lxc.init.static instead and only be done in the last resort
> > > > > > case where an existing init couldn't be found?
> > > > > 
> > > > > Sure, that sounds good.
> > > > 
> > > > Your new patch does put it in /lxc.init.static but still appears to do
> > > > it in all cases (even if it ends up unused). I'd really prefer we only
> > > > do the bind-mount if we can't detect a suitable init in the rootfs and
> > > > also remove the bind-mounted file from the rootfs on exit (at least in
> > > > the non-error path).
> > > 
> > > We actually can't *easily* do this right now.  The rootfs is mounted only
> > > from the task which becomes the container init.  So once the container
> > > exits, the rootfs not available to us.
> > > 
> > > We also don't know from the parent (without sending the information back)
> > > whether we bind-mounted the init.  So if this is worth it to us, then we
> > > would have to always re-mount the rootfs (in a new namespace for safety)
> > > just to remove the file.
> > > 
> > > I think having this file sitting around is a price worth paying for not
> > > having to install liblxc in the container.
> > > 
> > > So if there are no other objections to the set, I'll push this set on monday.
> > 
> > Fair enough, however please don't push it just yet, it's regressed
> > android build capability and I need to figure out why and how to fix it.
> 
> D'oh, I forgot about that.  Unfortunately the jenkins page with the failure
> won't load for me.

Yeah, as usual, my ISP decided to do maintenance work while I was gone
(I swear they absolutely never do anything while I'm home...). So I just
got back home now and things should be returning to normal shortly.

The failure shouldn't be too hard to debug and resolve, I'll take a look
on Monday.

> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20140531/58f5fd3b/attachment.sig>

More information about the lxc-devel mailing list