[Lxc-users] [lxc] [autofs nfs V4/V3] umount_autofs_indirect:279: ioctl failed: Permission denied

LACROIX Jean Marc jeanmarc.lacroix at free.fr
Fri Oct 14 06:05:18 UTC 2011


hi mailing list,

I am running Debian Squeeze (V6.02) container with lxc 0.7.2-1
I have a problem with autofs daemon on lxc container

------------------------test -------------------------------------

My kernel is the 2.6.39 backport from Debian testing on Debian squeeze 
runing
on one P4 X86/IA32 server.

In one container (srv-nis-1), i have installed NIS client, nfs-common 
and autofs package
in order to mount a remote file system on one external server on the LAN.

According autofs4 kernel module for user to kernel communication char 
device,....

local at vador:~$ sudo  modinfo autofs4
filename:       
/lib/modules/2.6.39-bpo.2-686-pae/kernel/fs/autofs4/autofs4.ko
license:        GPL
alias:          devname:autofs
alias:          char-major-10-235
depends:
intree:         Y
vermagic:       2.6.39-bpo.2-686-pae SMP mod_unload modversions 686

I have setup the correct permission in the config file
  grep 235 /etc/lxc/lxc_vm_0*
/etc/lxc/lxc_vm_01-srv-nis-1.conf:lxc.cgroup.devices.allow = c 10:235 rwm

and ...on the host on which lxc cointainer runs..

When booting the VM on the real host , is seems there is no problems.....

sudo lxc-start -n srv-nis-1 -f /etc/lxc/lxc_vm_01-srv-nis-1.conf


INIT: version 2.88 booting
Using makefile-style concurrent boot in runlevel S.
Activating swap...done.
Cleaning up ifupdown....
Loading kernel modules...done.
Setting up networking....
Activating lvm and md swap...done.
Checking file systems...fsck from util-linux-ng 2.17.2
done.
Mounting local filesystems...done.
Activating swapfile swap...done.
Cleaning up temporary files....
Setting kernel variables ...done.
Configuring network interfaces...Internet Systems Consortium DHCP Client 
4.1.1-P1
Copyright 2004-2010 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

Listening on LPF/eth0/02:00:00:01:01:00
Sending on   LPF/eth0/02:00:00:01:01:00
Sending on   Socket/fallback
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 5
DHCPOFFER from 192.168.9.8
DHCPREQUEST on eth0 to 255.255.255.255 port 67
DHCPACK from 192.168.9.8
bound to 192.168.9.239 -- renewal in 31 seconds.
Internet Systems Consortium DHCP Client 4.1.1-P1
Copyright 2004-2010 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

Listening on LPF/eth1/02:00:00:01:01:01
Sending on   LPF/eth1/02:00:00:01:01:01
Sending on   Socket/fallback
DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8
DHCPOFFER from 192.168.6.2
DHCPREQUEST on eth1 to 255.255.255.255 port 67
DHCPACK from 192.168.6.2
bound to 192.168.6.226 -- renewal in 27 seconds.
Internet Systems Consortium DHCP Client 4.1.1-P1
Copyright 2004-2010 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

Listening on LPF/eth2/02:00:00:01:01:02
Sending on   LPF/eth2/02:00:00:01:01:02
Sending on   Socket/fallback
DHCPDISCOVER on eth2 to 255.255.255.255 port 67 interval 7
DHCPOFFER from 192.168.8.11
DHCPREQUEST on eth2 to 255.255.255.255 port 67
DHCPACK from 192.168.8.11
bound to 192.168.8.249 -- renewal in 29 seconds.
done.
Starting portmap daemon....
Starting NFS common utilities: statd.
Cleaning up temporary files....
INIT: Entering runlevel: 3
Using makefile-style concurrent boot in runlevel 3.
Starting portmap daemon...Already running..
Starting NFS common utilities: statd.
Starting system logging: syslog-ng.
Starting system message bus: dbus.
Starting OpenBSD Secure Shell server: sshd.
Starting NIS services: ypserv yppasswdd ypxfrd ypbind.
Starting automount: done.
Starting periodic command scheduler: cron.

Debian GNU/Linux 6.0 srv-nis-1 console

srv-nis-1 login:

After booting, .....

root at srv-nis-1:~# ps auxww
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.0   2076   680 ?        Ss   06:30   0:00 init [3]
root       198  0.0  0.0   2508   800 ?        Ss   06:30   0:00 
dhclient -v -pf /var/run/dhclient.eth0.pid -lf 
/var/lib/dhcp/dhclient.eth0.leases eth
root       217  0.0  0.0   2508   800 ?        Ss   06:30   0:00 
dhclient -v -pf /var/run/dhclient.eth1.pid -lf 
/var/lib/dhcp/dhclient.eth1.leases eth
root       241  0.0  0.0   2508   812 ?        Ss   06:30   0:00 
dhclient -v -pf /var/run/dhclient.eth2.pid -lf 
/var/lib/dhcp/dhclient.eth2.leases eth
daemon     251  0.0  0.0   1852   536 ?        Ss   06:30   0:00 
/sbin/portmap
statd      263  0.0  0.0   2020   856 ?        Ss   06:30   0:00 
/sbin/rpc.statd
root       329  0.0  0.0   5416   508 ?        S    06:30   0:00 
supervising syslog-ng
root       332  0.0  0.1   5700  2208 ?        Ss   06:30   0:00 
/usr/sbin/syslog-ng -p /var/run/syslog-ng.pid
root       360  0.0  0.0   2148   792 ?        S    06:30   0:00 
/usr/sbin/ypserv --port 32770
root       362  0.0  0.0   2044   452 ?        S    06:30   0:00 
/usr/sbin/rpc.yppasswdd -D /var/yp/sources -e chsh -e chfn --port 32772
root       373  0.0  0.0   1920   504 ?        S    06:30   0:00 
/usr/sbin/rpc.ypxfrd -p 32773
103        384  0.0  0.0   2592   384 ?        Ss   06:30   0:00 
/usr/bin/dbus-daemon --system
root       388  0.0  0.0  20212   608 ?        Sl   06:30   0:00 
/usr/sbin/ypbind -p 32771 -broken-server -f /etc/yp.conf -ping-interval 
10 -no-dbus
root       391  0.0  0.0   5464   916 ?        Ss   06:30   0:00 
/usr/sbin/sshd
root       419  0.0  0.0  21780  1260 ?        Ssl  06:30   0:00 
/usr/sbin/automount
root       448  0.0  0.0   2172   652 ?        Ss   06:30   0:00 
/usr/sbin/cron
root       465  0.0  0.0   2604  1388 console  Ss   06:30   0:00 
/bin/login --
root       538  0.0  0.1   2884  1576 console  S    06:31   0:00 -bash
root       567  0.0  0.0   1748   624 ?        Ss   06:31   0:00 
/sbin/getty 38400 tty1 linux
root       568  0.0  0.0   1748   628 ?        Ss   06:31   0:00 
/sbin/getty 38400 tty2 linux
root       569  0.0  0.0   1748   624 ?        Ss   06:31   0:00 
/sbin/getty 38400 tty3 linux
root       570  0.0  0.0   1748   624 ?        Ss   06:31   0:00 
/sbin/getty 38400 tty4 linux
root       581  0.0  0.0   2232   820 console  R+   06:31   0:00 ps auxww

and after booting the VM, the /dev/autofs is correctly setup for autofs4 
kernel module

root at srv-nis-1:~# ls -altrn /dev/autofs
crw------- 1 0 0 10, 235 Oct  4 06:53 /dev/autofs

All nfs daemons are ok (?), it is possible to get all NIS data base, and 
i can mount
manually external mount in r/w as shown...

With NIS protocol, i can extract my auto.master  and auto.home map

root at srv-nis-1:~# ypcat auto.master
yp:auto.private    --timeout=20
yp:auto.home       --timeout=20

root at srv-nis-1:~# ypcat auto.home
-fstype=nfs,rw,tcp,exec srv-nfs-2-services.dns2:/exports/data/lv_home/&

The server srv-nfs-2-services is available...
root at srv-nis-1:~# rpcinfo -p srv-nfs-2-services.dns2
    program vers proto   port
     100000    2   tcp    111  portmapper
     100000    2   udp    111  portmapper
     100024    1   udp  32766  status
     100024    1   tcp  32766  status
     100007    2   udp  32771  ypbind
     100007    1   udp  32771  ypbind
     100007    2   tcp  32771  ypbind
     100007    1   tcp  32771  ypbind
     100003    2   tcp   2049  nfs
     100003    3   tcp   2049  nfs
     100003    4   tcp   2049  nfs
     100227    2   tcp   2049
     100227    3   tcp   2049
     100003    2   udp   2049  nfs
     100003    3   udp   2049  nfs
     100003    4   udp   2049  nfs
     100227    2   udp   2049
     100227    3   udp   2049
     100021    1   udp  47047  nlockmgr
     100021    3   udp  47047  nlockmgr
     100021    4   udp  47047  nlockmgr
     100021    1   tcp  46114  nlockmgr
     100021    3   tcp  46114  nlockmgr
     100021    4   tcp  46114  nlockmgr
     100005    1   udp  32767  mountd
     100005    1   tcp  32767  mountd
     100005    2   udp  32767  mountd
     100005    2   tcp  32767  mountd
     100005    3   udp  32767  mountd
     100005    3   tcp  32767  mountd

and....

root at srv-nis-1:~# mkdir /tmp/test-nfs
srv-nis-1:~# mount srv-nfs-2-services.dns2:/exports/data/lv_home/  
/tmp/test-nfs

root at srv-nis-1:~# mount
tmpfs on /lib/init/rw type tmpfs (rw,nosuid,mode=0755)
proc on /proc type proc (rw,noexec,nosuid,nodev)
sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=620)
rootfs on / type rootfs (rw)
/dev/mapper/vg_lxc_01-lv_tmp on /tmp type ext3 
(rw,relatime,errors=continue,barrier=0,data=ordered)
/dev/mapper/vg_lxc_01-lv_usr on /usr type ext3 
(rw,relatime,errors=continue,barrier=0,data=ordered)
/dev/mapper/vg_lxc_01-lv_var on /var type ext3 
(rw,relatime,errors=continue,barrier=0,data=ordered)
srv-nfs-2-services.dns2:/exports/data/lv_home/ on /tmp/test-nfs type nfs 
(rw,vers=4,addr=192.168.6.233,clientaddr=192.168.6.226)

and the mount point is correctly mounted without any errors in the console.
all access in read/write mode are ok on the /tmp/test-nfs device

At this point, for me, the nfs protocol is OK on both side of the 
connection
(server and VM lxc client).

As autofs seems started .....
root at srv-nis-1:~# fuser -muv /home
                      USER        PID ACCESS COMMAND
/home:               root     kernel mount (root)/home
                      root        419 f.... (root)automount

i try now to mount the /home/lacroix mount point via autofs and via NIS
with the ls command in order to force autromount access.

root at srv-nis-1:~# ls /home/lacroix
and the command is definitively suspended...

the same with strace ls /home/lacroix

root at srv-nis-1:~# strace  ls /home/lacroix..........

execve("/bin/ls", ["ls", "/home/lacroix"], [/* 12 vars */]) = 0
brk(0)                                  = 0x8944000
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or 
directory)
mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 
0) = 0xb7734000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or 
directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=8381, ...}) = 0
mmap2(NULL, 8381, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7731000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or 
directory)
open("/lib/libselinux.so.1", O_RDONLY)  = 3
read(3, 
"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0J\0\0004\0\0\0"..., 
512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=104276, ...}) = 0
mmap2(NULL, 109564, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 
0) = 0xb7716000
mmap2(0xb772f000, 8192, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18) = 0xb772f000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or 
directory)
open("/lib/librt.so.1", O_RDONLY)       = 3
read(3, 
"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300\30\0\0004\0\0\0"..., 512) 
= 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=30684, ...}) = 0
mmap2(NULL, 33364, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) 
= 0xb770d000
mmap2(0xb7714000, 8192, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6) = 0xb7714000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or 
directory)
open("/lib/libacl.so.1", O_RDONLY)      = 3
read(3, 
"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P\27\0\0004\0\0\0"..., 
512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=26492, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 
0) = 0xb770c000
mmap2(NULL, 25220, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) 
= 0xb7705000
mmap2(0xb770b000, 4096, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6) = 0xb770b000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or 
directory)
open("/lib/libc.so.6", O_RDONLY)        = 3
read(3, 
"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320m\1\0004\0\0\0"..., 
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1319176, ...}) = 0
mmap2(NULL, 1329480, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 
0) = 0xb75c0000
mprotect(0xb76fe000, 4096, PROT_NONE)   = 0
mmap2(0xb76ff000, 12288, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13e) = 0xb76ff000
mmap2(0xb7702000, 10568, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7702000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or 
directory)
open("/lib/libdl.so.2", O_RDONLY)       = 3
read(3, 
"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@\n\0\0004\0\0\0"..., 
512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=9736, ...}) = 0
mmap2(NULL, 12408, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) 
= 0xb75bc000
mmap2(0xb75be000, 8192, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb75be000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or 
directory)
open("/lib/libpthread.so.0", O_RDONLY)  = 3
read(3, 
"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`I\0\0004\0\0\0"..., 
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=117105, ...}) = 0
mmap2(NULL, 98784, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) 
= 0xb75a3000
mprotect(0xb75b7000, 4096, PROT_NONE)   = 0
mmap2(0xb75b8000, 8192, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14) = 0xb75b8000
mmap2(0xb75ba000, 4576, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb75ba000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or 
directory)
open("/lib/libattr.so.1", O_RDONLY)     = 3
read(3, 
"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@\17\0\0004\0\0\0"..., 
512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=14888, ...}) = 0
mmap2(NULL, 17696, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) 
= 0xb759e000
mmap2(0xb75a2000, 4096, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3) = 0xb75a2000
close(3)                                = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 
0) = 0xb759d000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 
0) = 0xb759c000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb759c720, 
limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, 
limit_in_pages:1, seg_not_present:0, useable:1}) = 0
mprotect(0xb75b8000, 4096, PROT_READ)   = 0
mprotect(0xb75be000, 4096, PROT_READ)   = 0
mprotect(0xb76ff000, 8192, PROT_READ)   = 0
mprotect(0xb7714000, 4096, PROT_READ)   = 0
mprotect(0xb772f000, 4096, PROT_READ)   = 0
mprotect(0xb7752000, 4096, PROT_READ)   = 0
munmap(0xb7731000, 8381)                = 0
set_tid_address(0xb759c788)             = 1631
set_robust_list(0xb759c790, 0xc)        = 0
futex(0xbf976cc0, FUTEX_WAKE_PRIVATE, 1) = 0
futex(0xbf976cc0, FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 1, 
NULL, bf976cd0) = -1 EAGAIN (Resource temporarily unavailable)
rt_sigaction(SIGRTMIN, {0xb75a73b0, [], SA_SIGINFO}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {0xb75a7840, [], SA_RESTART|SA_SIGINFO}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0
uname({sys="Linux", node="srv-nis-1", ...}) = 0
statfs64("/selinux", 84, {f_type="EXT2_SUPER_MAGIC", f_bsize=1024, 
f_blocks=99150, f_bfree=68458, f_bavail=63338, f_files=25688, 
f_ffree=23209, f_fsid={634740073, -854635489}, f_namelen=255, 
f_frsize=1024}) = 0
brk(0)                                  = 0x8944000
brk(0x8965000)                          = 0x8965000
open("/proc/filesystems", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 
0) = 0xb7733000
read(3, "nodev\tsysfs\nnodev\trootfs\nnodev\tb"..., 1024) = 323
read(3, "", 1024)                       = 0
close(3)                                = 0
munmap(0xb7733000, 4096)                = 0
ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo 
...}) = 0
ioctl(1, TIOCGWINSZ, {ws_row=24, ws_col=80, ws_xpixel=0, ws_ypixel=0}) = 0
stat64("/home/lacroix",


I suspect a problem in autofs module kernel when started a thread or 
equivalent ...
probably a mismatch in cgroup implementation (??)

Furthermore, when trying to stop the automounter, i have ...
root at srv-nis-1:~# /etc/init.d/autofs stop
Stopping automount: 2011 Oct 14 07:06:00 s_src at srv-nis-1 
umount_autofs_indirect:279: ioctl failed: Permission denied
2011 Oct 14 07:06:00 s_src at srv-nis-1 umount_autofs_indirect:279: ioctl 
failed: Permission denied
2011 Oct 14 07:06:03 s_src at srv-nis-1 umount_autofs_indirect:279: ioctl 
failed: Permission denied
2011 Oct 14 07:06:03 s_src at srv-nis-1 umount_autofs_indirect:279: ioctl 
failed: Permission denied

I have change nfs version in order to force release 3 in NIS auto map, 
but , the result is the same...
ypcat auto.home
root at srv-nis-1:~# ypcat auto.home
-fstype=nfs,rw,tcp,exec,nfsvers=3 
srv-nfs-2-services.dns2:/exports/data/lv_home/&

any idea ?????



-- 
--------------------------------------
  -- Jean-Marc LACROIX                 --
   -- mailto : jeanmarc.lacroix at free.fr --
     ---------------------------------------





More information about the lxc-users mailing list