[Lxc-users] Mounting filesystem for container

Mon Sep 20 13:34:06 UTC 2010

On 09/20/2010 11:13 AM, lxc at jelmail.com wrote:
>    
>> As mentioned Serge, that maybe the cgroup device white list which
>> prevent you to do that.
>> You can check by temporarly comment out in /var/lib/lxc/mycontainer all
>> the lxc.cgroup.devices.... lines and then launch the container again. If
>> you are able to mount it, then you should add in the configuration file
>> the line:
>>      
>    
>> lxc.cgroup.devices.allow =<type>  <major>:<minor>  <perm>
>>      
> Well, yes, that fixed it. Thank you.
>
> I had a gap in my knowledge. I assumed incorrectly that the mount was
> handled in the Host Environment and that the container would just see the
> mounted file system, therefore not needing access to the file systems's
> device node.
>    

That's the case if the system mounts something in the container rootfs, 
the mount point will be inherited in the container creation. It's the 
behaviour of the mount namespace.

As soon as the container is created the new mount points will be 
isolated. There is a pending discussion with propagating the host mounts 
to the containers, but I am still looking at this if that fits the 
current design.

> However, I now see that is not the case - the mount is performed within the
> container and is not actually visible in the host environment (actually a
> good thing!). This leads me to ask some more questions though...
>
> 1) Why not just put the mount inside the container's /etc/fstab ?
>    
You can choose the better way of creating/configuring your container 
depending of your needs : add in the container's /etc/fstab, specify it 
in a local fstab or add a lxc.mount.entry option (which correspond to a 
line of fstab).

Providing different ways of mounting allows to create a container with 
or without a root filesystem. You can use the host fs with a set of 
private directories (/var/run, /etc, /home, /tmp, ...) bind mounted to a 
private directory tree and share the host binaries, this is good to 
launch a big number of containers (eg. 1024 containers take 2,3 GB of 
private data only while the rest is shared). You can either specify the 
mount points in the container's /etc/fstab and let the 'mount' command 
to update the /etc/mtab and have different distros with different binaries.

Another alternative is to launch an application only, like apache with 
its own configuration option bind mounted in a private directory, ... so 
you can launch several instances of apache and move you contained 
environment from one host to another host, etc ...

You can create a empty rootfs with an empty directories tree (/usr, 
/lib, etc ...) and then read-only bind mount, you host directory (/usr 
=> <rootfs>/usr, /lib => <rootfs>/lib, etc ...) while you keep private 
some other directories (eg. /home).

Well there are a lot of configurations for the containers, for this 
reason, there are several ways to configure it.
> 2) When do these mounts happen? I have a problem with a daemon not starting
> during boot because, I think, the filesystem it needs is not yet there.
>    

These mounts happens before jumping to the rootfs with pivot_root 
because we may want to mount host filesystem to the container's rootfs.

   -- Daniel