[lxc-devel] disable container start if lxcfs is not running

Serge Hallyn serge.hallyn at ubuntu.com
Tue May 12 03:15:04 UTC 2015 

Oh, right  - so sounds like we should drop this then.  Thanks.

-serge

Quoting Stéphane Graber (stgraber at ubuntu.com):
> So if I remember well, the reason why I didn't make the hook fail on
> missing lxcfs was for nested containers.
> 
> When installing lxc in a nested container, lxcfs is pulled in, however
> it can't run in that environment.
> 
> Instead what the hook does in such a case is either nothing at all if
> the parent container didn't have lxcfs (as would be the case if
> cgroup:mixed wasn't in lxc.mount.auto) or if the parent container has
> lxcfs, then proceed to bind-mount the stuff the host lxc mounted in the
> parent container's /var/lib/lxcfs.
> 
> 
> So specifically, the case where we will have the hook installed, yet no
> lxcfs mounted in /var/lib/lxcfs and we still want containers to start
> is:
>  - nested container
>  - parent container doesn't have lxcfs
> 
> The most common case of this would be installing LXC 1.1 in a container
> running on a host using LXC 1.0.
> 
> On Mon, May 11, 2015 at 11:33:57PM +0000, Serge Hallyn wrote:
> > Stéphane, before I apply this, do you have any objections?
> > 
> > It seems to me if the container is using this hook, then failing
> > startup if lxcfs isn't running is right.  But it is a change in
> > behavior.
> > 
> > Quoting Dietmar Maurer (dietmar at proxmox.com):
> > > Signed-off-by: Dietmar Maurer <dietmar at proxmox.com>
> > > Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
> > > 
> > > Index: new/share/lxc.mount.hook.in
> > > ===================================================================
> > > --- new.orig/share/lxc.mount.hook.in
> > > +++ new/share/lxc.mount.hook.in
> > > @@ -15,6 +15,9 @@ if [ -d @LXCFSTARGETDIR@/proc/ ]; then
> > >          [ -e "${LXC_ROOTFS_MOUNT}/proc/$(basename $entry)" ] || continue
> > >          mount -n --bind $entry ${LXC_ROOTFS_MOUNT}/proc/$(basename $entry)
> > >      done
> > > +else
> > > +    >&2 echo "missing /var/lib/lxcfs/proc/ - lxcfs not running?"
> > > +    exit 1
> > >  fi
> > >  
> > >  # /sys/fs/cgroup files
> > > 
> > > _______________________________________________
> > > lxc-devel mailing list
> > > lxc-devel at lists.linuxcontainers.org
> > > http://lists.linuxcontainers.org/listinfo/lxc-devel
> 
> -- 
> Stéphane Graber
> Ubuntu developer
> http://www.ubuntu.com

More information about the lxc-devel mailing list