[Lxc-users] unwanted (wrong?) lxc-execute mount behaviour
Rob van der Hoeven
robvanderhoeven at ziggo.nl
Wed Dec 12 19:38:38 UTC 2012
On Wed, 2012-12-12 at 08:52 -0600, Serge Hallyn wrote:
> Quoting Rob van der Hoeven (robvanderhoeven at ziggo.nl):
> > I would really like an extra lxc.mount.cwd entry in the configuration
> > file. Maybe this entry should be mandatory if the containers filesystem
> > is different from the host filesystem because in this case the cwd
>
> By container fs is different you mean cwd is unreachable from
> container's / right?
No. I'm not familiar with LXC internals but i assumed that a container
setup that specifies mounts has its own mount namespace? If this is true
then the container has its own private view of the filesystem (different
from the host), and you can not safely copy/inherit filesystem state
like the cwd from the host. (I was surprised that my setup gave me
access to a directory on the host that should not have been accessible
from the container)
> > cannot be inherited safely.
>
> Adding a lxc.mount.cwd or lxc.chdir should be easy enough. I don't
> think it should be required, as I could imagine a case where keeping
> the init task in a now-unreachable dir is actually desired. But we
> could support lxc.chdir = none for that case, whereas by default
> (lxc.chdir = unspecified) it refuses to start if $cwd becomes
> unreachable.
The filesystem inside a container should *always* have a valid cwd (just
like the filesystem of the host).
I will be very happy with a lxc.chdir option! (I like the name, its
better than lxc.mount.cwd) Will probably use it in all my lxc-execute
configurations...
Rob.
http://freedomboxblog.nl
More information about the lxc-users
mailing list