[Lxc-users] Lucid host & container - ignored fstab?

Daniel Lezcano daniel.lezcano at free.fr
Sun Apr 11 07:41:10 UTC 2010 

Roman Yepishev wrote:
> Hello all,
>
> I am trying to use LXC to run Ubuntu Lucid Lynx containers on Lucid Lynx
> hosts. I have succeeded in configuring the container properly so it
> starts, connects to the network etc.
>
> However, as described in [1], my container can remount the /srv
> partition read-only. I tried to fix it using the fstab entry that was
> given at [1] but in the end mount gives:
>
> rtg at lemon:~$ mount
> /dev/mapper/fridge-srv on / type ext4 (rw)
> ...
>
> "Ok, it might not work", I thought.
>
> However, after some time I decided to bind-mount /var/cache/apt to
> container's /var/cache/apt and now my fstab is:
>
> /srv/vm/lxc/lemon/rootfs /srv/vm/lxc/rootfs none bind 0 0
> /var/cache/apt    /srv/vm/lxc/lemon/rootfs/var/cache/apt none bind 0 0
>
> During startup the debug output has the following lines: 
> lxc-start 1270888370.767 DEBUG    lxc_conf - mounted /srv/vm/lxc/lemon/rootfs on /srv/vm/lxc/rootfs, type none
> lxc-start 1270888370.767 DEBUG    lxc_conf - mounted /var/cache/apt on /srv/vm/lxc/lemon/rootfs/var/cache/apt, type none
>
> So I guess it does mount something, however later on I see the
> following: 
> lxc-start 1270888370.773 DEBUG    lxc_conf - umounted '/lxc-oldrootfs-ib3iB1/srv/vm/lxc/lemon/rootfs/var/cache/apt'
>   

When the container starts, it setup the root filesystem. The rootfs is 
done with the pivot_root syscall, hence the old rootfs contains the 
mount points which are duplicates with the new rootfs. The code then 
umount these duplicates entry in the old rootfs without impacting the 
mount points of the new rootfs.

I am not sure I am very clear :) but in other words for each mount 
points you will see a corresponding line saying "umount 
old-rootfs/....", it's a normal behavior.
> I am not quite sure it should umount that directory, but here's how my
> mount looks when the system is booted: 
> rtg at lemon:/var/cache/apt$ mount
> /dev/mapper/fridge-srv on / type ext4 (rw)
> none on /proc type proc (rw,noexec,nosuid,nodev)
> none on /sys type sysfs (rw,noexec,nosuid,nodev)
> none on /dev/console type devpts (rw,noexec,nosuid,relatime,gid=5,mode=620,ptmxmode=000)
> none on /dev/tty1 type devpts (rw,noexec,nosuid,relatime,gid=5,mode=620,ptmxmode=000)
> none on /sys/fs/fuse/connections type fusectl (rw)
> none on /sys/kernel/debug type debugfs (rw)
> none on /sys/kernel/security type securityfs (rw)
> none on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
> none on /dev/shm type tmpfs (rw,nosuid,nodev)
> none on /var/run type tmpfs (rw,nosuid,mode=0755)
> none on /var/lock type tmpfs (rw,noexec,nosuid,nodev)
> none on /lib/init/rw type tmpfs (rw,nosuid,mode=0755)
>
> Is there anything wrong with my set up? It looks like my first attempt
> to protect /srv fails due to the same issue - bind mounts do not work in
> the container for me.
>   

The mount point specified in the configuration file is setup by lxc 
without using the "mount" command, so the /etc/mtab is not updated 
(which is normal). If you want to check if the mount point is 
effectively setup, you should check against /proc/mounts.

Thanks
  -- Daniel

More information about the lxc-users mailing list