[Lxc-users] Container start unmounts shared bind mounts
Ivan Vilata i Balaguer
ivan at selidor.net
Fri Feb 10 09:21:22 UTC 2012
Serge Hallyn (2012-02-09 19:30:29 +0100) wrote:
> Quoting Ivan Vilata i Balaguer (ivan at selidor.net):
>> Hi all. I'm running Debian's LXC 0.7.5 under Linux 3.2.0. I've set up
>> a shared mountpoint to dynamically export some host directories into one
>> container, like this::
>>
>> # mkdir -p /lxc-shared
>> # mount --bind /lxc-shared /lxc-shared
>> # mount --make-unbindable /lxc-shared
>> # mount --make-shared /lxc-shared
>
> (I should think more before answering, but ...)
>
> What if you do 'mount --make-rslave /lxc-shared' here? That should
> prevent the container's mount actions from being forwarded to the
> host.
Thanks for the suggestion! That does prevent a starting container from
unmounting bind mounts under /lxc-shared in the host, *however* it also
renders (un)mounts performed after the --make-rslave invisible to any
container which had access to the directory. E.g. imagine myvm has a
/shared directory and this config line::
lxc.mount.entry = /lxc-shared/myvm/ /var/lib/lxc/debtest/rootfs/shared/ none defaults,bind 0 0
Then::
host# mkdir -p /lxc-shared
host# mount --bind /lxc-shared /lxc-shared
host# mount --make-shared /lxc-shared
host# lxc-start -n myvm -d
# myvm sees /lxc-shared/myvm at /shared
host# mkdir -p /lxc-shared/myvm/foo
host# mount --bind /tmp /lxc-shared/myvm/foo
# myvm sees mounted /shared/foo
host# mount --make-rslave /lxc-shared
# myvm still sees mounted /shared/foo
host# lxc-start -n myothervm -d
# myvm still sees mounted /shared/foo
host# mkdir -p /lxc-shared/myvm/bar
host# mount --bind /tmp /lxc-shared/myvm/bar
# myvm sees /shared/bar but nothing mounted on it!
A workaround I found is bind mounting the desired directory *in the
container* (which requires not dropping the sys_admin capability)::
host# mkdir -p /lxc-shared
host# mount --bind /lxc-shared /lxc-shared
host# mount --make-shared /lxc-shared
host# lxc-start -n myvm -d
# myvm sees /lxc-shared/myvm at /shared
host# mkdir -p /lxc-shared/myvm/foo
host# mount --bind /tmp /lxc-shared/myvm/foo
# myvm sees mounted /shared/foo
myvm# mount --bind /shared/foo /mnt/foo
host# lxc-start -n myothervm -d
# host's /lxc-shared/myvm/foo gets unmounted
# myvm sees /shared/foo but nothing mounted on it
# myvm still sees mounted /mnt/foo
host# mkdir -p /lxc-shared/myvm/bar
host# mount --bind /tmp /lxc-shared/myvm/bar
# myvm sees mounted /shared/bar
myvm# mount --bind /shared/bar /mnt/bar
# and so on...
However, the question still remains: *Why on Earth does starting a
container unmount all bind mounts under a shared mount???*
Doesn't it look like a bug to you?
Thanks & cheers!
>> Now I bind mount the host directory under the shared directory::
>>
>> # mkdir -p /lxc-shared/myvm/foo
>> # mount --bind /tmp /lxc-shared/myvm/foo
>> The problem is that whenever I start any container, /lxc-shared/myvm/foo
>> gets unmounted (even if it has processes working under it!). This
>> affects bind mounts only if they are under shared mountpoints, e.g. if I
>> also do this mount on the host::
>>
>> # mount --bind /tmp /mnt
>>
>> It survives after starting the container.
>>
>> Does anyone know why does this happen? Should I file a bug report?
>> Thanks a lot!
--
Ivan Vilata i Balaguer -- https://elvil.net/
More information about the lxc-users
mailing list