[Lxc-users] unwanted (wrong?) lxc-execute mount behaviour

[Serge Hallyn]

Quoting Rob van der Hoeven (robvanderhoeven at ziggo.nl):
> Hi,
> 
> I want to use lxc-execute to isolate programs from the users data. For
> this I created the following  lxc configuration file:
> 
> Name: /home/rob/lxctest/lxc02.conf
> 
> Contents:
> 
> lxc.utsname=lxc02
> lxc.mount.entry=/home/rob/lxctest/home /home none bind,defaults 0 0
> 
> The lxctest/home directory is empty and I expected that this would make
> the home directory of the host inaccessible. To test this I used
> lxc-execute to start bash: 
> 
> lxc-execute -n lxc02 -f ./lxc02.conf bash
> 
> If I execute a ls command in this shell I can still see all files in
> the /home/rob/lxctest directory (the directory from which I issued the
> command). When I execute cd ~ I get the result I expected:
> 
> bash: cd: /home/rob: No such file or directory
> 
> So the lxc.mount.entry statement works but lxc-execute does not change
> its working directory to a valid entry inside the containers filesystem.
> It's a small problem, maybe i'm doing something wrong?

Not really.  It is doing what you think it's doing.  But I'm not sure
how it should know to do anything better.

If you specify a lxc.rootfs, then lxc will end up doing a chdir and
pivot_root into the new /.  But that will leave you in '/'.

If you don't specify a lxc.rootfs, as you've done, then it just doesn't
do that.  So you stay in the directory you were in, even if that is
no longer accessible from your new /.

There is no option to specify which directory you want to end up in.
Should we support one?

Or should we just require that if userspace expects it's CWD to be
different, it change it itself?

Note a simple chdir('.') won't work...  so we would probably have
to store the getcwd() result before setting up mounts, then chdir
to that (if possible) after.

-serge