[Lxc-users] Mounting filesystems

CLOSE Dave Dave.Close at us.thalesgroup.com
Thu Sep 15 20:54:55 UTC 2011 

Thanks to Greg for the quick fix for the configure prefix problem. I'm 
now running build 165015211fa9506b11ea1f4540d54b8a99a2f468
(lxc-0.7.5-17-g1650152) with his patches.

I apologize if my unfamiliarity with the project means I've done 
something obviously wrong. I'm trying to setup a container for network 
isolation only. Since my host is running Fedora 14 x86_64, I used 
lxc-fedora to create the container.

I want to share the root filesystem with the host. So I have the 
following in my configuration file.

   lxc.arch = x86_64
   lxc.utsname = lx1
   lxc.network.type = veth
   lxc.network.flags = up
   lxc.network.link = br0
   lxc.network.name = eth0
   lxc.network.ipv4 = 172.17.32.3/23
   lxc.network.ipv4.gateway = auto
   lxc.tty = 1
   lxc.pts = 1024
   lxc.rootfs = /

The container never comes fully up. Examining the process table, I see 
it is trying to run fsck on / but isn't using any CPU time doing so.

If I change the last line to,

   lxc.rootfs = /usr/local/lib/lxc/lx1/lx1/rootfs

the container comes up. But the eth0 interface comes up trying DHCP, 
ignoring the static address I gave it. I fixed this by manually editing 
/usr/local/lib/lxc/lx1/lx1/rootfs/etc/sysconfig/network-scripts/ifcfg-eth0. 
In order to connect with lxc-console, I also had to add,

   lxc.mount.entry = /etc/passwd 
/usr/local/lib/lxc/lx1/lx1/rootfs/etc/passwd none defaults,bind,ro 0 0
   lxc.mount.entry = /etc/shadow 
/usr/local/lib/lxc/lx1/lx1/rootfs/etc/shadow none defaults,bind,ro 0 0

But now, of course, I'm not sharing the root filesystem. In fact, df 
does not show /any/ filesystems mounted and mount shows only 
/proc/sys/fs/binfmt_misc. But I can run ls and see the rootfs contents 
and I was able to edit ifcfg-eth0.

I'm sure there is some document somewhere on the net that explains how 
to accomplish my objective. I keep finding more and learning more. But 
thus far I haven't seen a cookbook for my issue and I'm stumped.
-- 
Dave Close, Thales Avionics, Irvine California USA
cell +1 949 394 2124, dave.close at us.thalesgroup.com

I don't send HTML email and I prefer not to receive it.
HTML email is ugly and a significant security exposure.

More information about the lxc-users mailing list