[Lxc-users] Mounting filesystem for container
Daniel Lezcano
daniel.lezcano at free.fr
Mon Sep 20 13:34:06 UTC 2010
On 09/20/2010 11:13 AM, lxc at jelmail.com wrote:
>
>> As mentioned Serge, that maybe the cgroup device white list which
>> prevent you to do that.
>> You can check by temporarly comment out in /var/lib/lxc/mycontainer all
>> the lxc.cgroup.devices.... lines and then launch the container again. If
>> you are able to mount it, then you should add in the configuration file
>> the line:
>>
>
>> lxc.cgroup.devices.allow =<type> <major>:<minor> <perm>
>>
> Well, yes, that fixed it. Thank you.
>
> I had a gap in my knowledge. I assumed incorrectly that the mount was
> handled in the Host Environment and that the container would just see the
> mounted file system, therefore not needing access to the file systems's
> device node.
>
That's the case if the system mounts something in the container rootfs,
the mount point will be inherited in the container creation. It's the
behaviour of the mount namespace.
As soon as the container is created the new mount points will be
isolated. There is a pending discussion with propagating the host mounts
to the containers, but I am still looking at this if that fits the
current design.
> However, I now see that is not the case - the mount is performed within the
> container and is not actually visible in the host environment (actually a
> good thing!). This leads me to ask some more questions though...
>
> 1) Why not just put the mount inside the container's /etc/fstab ?
>
You can choose the better way of creating/configuring your container
depending of your needs : add in the container's /etc/fstab, specify it
in a local fstab or add a lxc.mount.entry option (which correspond to a
line of fstab).
Providing different ways of mounting allows to create a container with
or without a root filesystem. You can use the host fs with a set of
private directories (/var/run, /etc, /home, /tmp, ...) bind mounted to a
private directory tree and share the host binaries, this is good to
launch a big number of containers (eg. 1024 containers take 2,3 GB of
private data only while the rest is shared). You can either specify the
mount points in the container's /etc/fstab and let the 'mount' command
to update the /etc/mtab and have different distros with different binaries.
Another alternative is to launch an application only, like apache with
its own configuration option bind mounted in a private directory, ... so
you can launch several instances of apache and move you contained
environment from one host to another host, etc ...
You can create a empty rootfs with an empty directories tree (/usr,
/lib, etc ...) and then read-only bind mount, you host directory (/usr
=> <rootfs>/usr, /lib => <rootfs>/lib, etc ...) while you keep private
some other directories (eg. /home).
Well there are a lot of configurations for the containers, for this
reason, there are several ways to configure it.
> 2) When do these mounts happen? I have a problem with a daemon not starting
> during boot because, I think, the filesystem it needs is not yet there.
>
These mounts happens before jumping to the rootfs with pivot_root
because we may want to mount host filesystem to the container's rootfs.
-- Daniel
More information about the lxc-users
mailing list