[Lxc-users] lxc-start leaves temporary pivot dir behind

Ferenc Wagner wferi at niif.hu
Thu May 13 11:47:20 UTC 2010 

"Michael H. Warfield" <mhw at WittsEnd.com> writes:

> On Wed, 2010-05-12 at 23:18 +0200, Daniel Lezcano wrote: 
>
>> Ferenc Wagner wrote:
>>
>>> Daniel Lezcano <daniel.lezcano at free.fr> writes:
>>>   
>>>> Ferenc Wagner wrote:
>>>>
>>>>> Daniel Lezcano <daniel.lezcano at free.fr> writes:
>>>>>       
>>>>>> Ferenc Wagner wrote:
>>>>>>         
>>>>>>> Actually, I'm not sure you can fully solve this.  If rootfs is a
>>>>>>> separate file system, this is only much ado about nothing.  If rootfs
>>>>>>> isn't a separate filesystem, you can't automatically find a good
>>>>>>> place and also clean it up.
>>>>>>
>>>>>> Maybe a single /tmp/lxc directory may be used as the mount points are
>>>>>> private to the container. So it would be acceptable to have a single
>>>>>> directory for N containers, no ?
>>>>>
>>>>> Then why not /usr/lib/lxc/pivotdir or something like that?  Such a
>>>>> directory could belong to the lxc package and not clutter up /tmp.  As
>>>>> you pointed out, this directory would always be empty in the outer name
>>>>> space, so a single one would suffice.  Thus there would be no need
>>>>> cleaning it up, either.
>>>>
>>>> Agree. Shall we consider $(prefix)/var/run/lxc ?
>>>
>>> Hmm, /var/run/lxc is inconvenient, because it disappears on each reboot
>>> if /var/run is on tmpfs.  This isn't variable data either, that's why I
>>> recommended /usr above.
>>
>> Good point. I will change that to /usr/$(libdir)/lxc and let the distro 
>> maintainer to choose a better place if he wants with the configure option.
>
> Are you SURE you want /usr/${libdir}/lxc for this?  Some high security
> systems might mount /usr as a separate read-only partition (OK - I'm and
> old school old fart).  Part of the standard allows for /usr to be an RO
> file system.

Read-only /usr is a good thing, and stays perfectly possible with this
choice.  We're talking about an absolutely static directory, which
serves as a temporary mount point only.

> Wouldn't this be more appropriate in /var/${libdir}/lxc instead?  Maybe
> create a .tmp directory under it or .tmp.${CTID} or something?  Or,
> maybe, something under /var/${libdir}/lxc/${CTID}/tmp instead?  /var is
> for things that change and vary.  Wouldn't that be a better location and
> you've already got control of the /var/${libdir}/lxc location, don't
> you?

There's nothing variable in this directory, and we need a single one
only, and only when rootfs is the same file system as the current root
(looking forward a little bit).

I don't know the FHS by heart, maybe it has something to say about this.
I'd certainly be fine with /var/lib/lxc/oldroot or something like that
as well.
-- 
Regards,
Feri.

More information about the lxc-users mailing list