[Lxc-users] unwanted (wrong?) lxc-execute mount behaviour

Rob van der Hoeven robvanderhoeven at ziggo.nl
Wed Dec 12 11:29:37 UTC 2012


> > So the lxc.mount.entry statement works but lxc-execute does not change
> > its working directory to a valid entry inside the containers filesystem.
> > It's a small problem, maybe i'm doing something wrong?
> 
> Not really.  It is doing what you think it's doing.  But I'm not sure
> how it should know to do anything better.
> 
> If you specify a lxc.rootfs, then lxc will end up doing a chdir and
> pivot_root into the new /.  But that will leave you in '/'.
> 
> If you don't specify a lxc.rootfs, as you've done, then it just doesn't
> do that.  So you stay in the directory you were in, even if that is
> no longer accessible from your new /.
> 
> There is no option to specify which directory you want to end up in.
> Should we support one?
> 
> Or should we just require that if userspace expects it's CWD to be
> different, it change it itself?
> 
> Note a simple chdir('.') won't work...  so we would probably have
> to store the getcwd() result before setting up mounts, then chdir
> to that (if possible) after.
> 

Here are my thoughts about this: 

First i thought its a small problem, i can always change the working
directory to a directory that is valid inside the container before i
start lxc-execute. But, what if someone else who is not aware of the
problem adds some extra mount entries to the configuration that make my
new working directory invalid? That person would not know that
directories he wanted to hide from the container are still visible.  

I think that lxc-execute should check the working directory after the
mounting operations. If it is outside the container defined filesystem
then lxc-execute should abort with an error message, something like "the
mount entries you have specified render the current working directory
invalid, it is now outside the containers filesystem"

I would really like an extra lxc.mount.cwd entry in the configuration
file. Maybe this entry should be mandatory if the containers filesystem
is different from the host filesystem because in this case the cwd
cannot be inherited safely.

Rob.
http://freedomboxblog.nl

For anyone involved in the development of LXC - Thank you, i really
appreciate your work!






More information about the lxc-users mailing list