[lxc-devel] Systemd creates btrfs subvolume under /var/lib/machines and makes lxc-destroy fail

Stéphane Graber stgraber at ubuntu.com
Sun Feb 15 16:28:23 UTC 2015 

On Sun, Feb 15, 2015 at 05:21:19PM +0100, Christian Brauner wrote:
> Hello,
> 
> I test the newest systemd from git on a regular basis by compiling it
> and installing it into a container and booting it. I did that with the
> several current systemd versions from git for the last couple of weeks.
> It seems that in the next version when booting a container with
> lxc-start, systemd creates a btrfs subvolume under
> 
>     rootfs/var/lib/machines
> 
> in every container. This will cause lxc-destroy for unprivileged containers to
> fail. (Because subvolumes can currently be created but not destroyed by
> unprivileged users.) There either needs to be a way to destroy btrfs subvolumes
> for unprivileged user with lxc-destroy or the creation of btrfs subvolumes
> during container boot needs to be prevented. Is the second option already
> available?
> 
> Best,
> Christian

Add user_subvol_rm_allowed to your fstab and unprivileged users will be
able to remove subvolumes.

> 
> From the man page of machinectl:
> (http://man7.org/linux/man-pages/man1/machinectl.1.html)
>     FILES AND DIRECTORIES         top
> 
>            Machine images are preferably stored in /var/lib/machines/, but are
>            also searched for in /usr/local/lib/machines/ and /usr/lib/machines/.
>            For compatibility reasons the directory /var/lib/container/ is
>            searched, too. Note that images stored below /usr are always
>            considered read-only. It is possible to symlink machines images from
>            other directories into /var/lib/machines/ to make them available for
>            control with machinectl.



> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel


-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20150215/54fc7c2c/attachment.sig>

More information about the lxc-devel mailing list