[lxc-devel] disable container start if lxcfs is not running

Stéphane Graber stgraber at ubuntu.com
Mon May 11 23:48:23 UTC 2015 

So if I remember well, the reason why I didn't make the hook fail on
missing lxcfs was for nested containers.

When installing lxc in a nested container, lxcfs is pulled in, however
it can't run in that environment.

Instead what the hook does in such a case is either nothing at all if
the parent container didn't have lxcfs (as would be the case if
cgroup:mixed wasn't in lxc.mount.auto) or if the parent container has
lxcfs, then proceed to bind-mount the stuff the host lxc mounted in the
parent container's /var/lib/lxcfs.


So specifically, the case where we will have the hook installed, yet no
lxcfs mounted in /var/lib/lxcfs and we still want containers to start
is:
 - nested container
 - parent container doesn't have lxcfs

The most common case of this would be installing LXC 1.1 in a container
running on a host using LXC 1.0.

On Mon, May 11, 2015 at 11:33:57PM +0000, Serge Hallyn wrote:
> Stéphane, before I apply this, do you have any objections?
> 
> It seems to me if the container is using this hook, then failing
> startup if lxcfs isn't running is right.  But it is a change in
> behavior.
> 
> Quoting Dietmar Maurer (dietmar at proxmox.com):
> > Signed-off-by: Dietmar Maurer <dietmar at proxmox.com>
> > Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
> > 
> > Index: new/share/lxc.mount.hook.in
> > ===================================================================
> > --- new.orig/share/lxc.mount.hook.in
> > +++ new/share/lxc.mount.hook.in
> > @@ -15,6 +15,9 @@ if [ -d @LXCFSTARGETDIR@/proc/ ]; then
> >          [ -e "${LXC_ROOTFS_MOUNT}/proc/$(basename $entry)" ] || continue
> >          mount -n --bind $entry ${LXC_ROOTFS_MOUNT}/proc/$(basename $entry)
> >      done
> > +else
> > +    >&2 echo "missing /var/lib/lxcfs/proc/ - lxcfs not running?"
> > +    exit 1
> >  fi
> >  
> >  # /sys/fs/cgroup files
> > 
> > _______________________________________________
> > lxc-devel mailing list
> > lxc-devel at lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-devel

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20150511/d68dbeac/attachment-0001.sig>

More information about the lxc-devel mailing list