[Lxc-users] Container start unmounts shared bind mounts
Ivan Vilata i Balaguer
ivan at selidor.net
Sat Feb 11 19:55:56 UTC 2012
Serge Hallyn (2012-02-11 00:08:10 +0100) wrote:
> Quoting Ivan Vilata i Balaguer (ivan at selidor.net):
>> Serge Hallyn (2012-02-10 16:05:19 +0100) wrote:
>>
>> > mv /usr/bin/lxc-start /usr/bin/lxc-start.real
>> >
>> > cat > /usr/bin/lxc-start.mid << EOF
>> > mount --make-unbindable /lxc-shared
>> > mount --make-shared /lxc-shared
>
> Oops, this isn't right. I think I just meant
>
> cat > /usr/bin/lxc-start.mid << EOF
> mount --make-rslave /lxc-shared
> exec /usr/bin/lxc-start.real $*
> EOF
>
>> > exec /usr/bin/lxc-start.real $*
>> > EOF
>> >
>> > cat > /usr/bin/lxc-start << EOF
>> > lxc-unshare -s MOUNT -- /usr/bin/lxc-start.mid $*
>> > EOF
>> >
>> > chmod ugo+x /usr/bin/lxc-start{,.mid}
Yup, the new one did work! :)
>> Well, I'm actually trying on the host to mount and unmount file systems
>> I don't know beforehand *while myvm is running* under subdirectories in
>> /lxc-shared,
>
> You've lost me here (I don't understand what you're saying), but
Sorry, tried to stuff too much into too few words. :D
What I want to do is set up a shared directory /lxc-shared in the host,
which will appear as /shared in myvm. While myvm is running, I'll be
binding host directories to /lxc-shared/foo, /lxc-shared/bar and other
subdirs I don't know beforehand so that they become visible as
/shared/foo, /shared/bar etc. at myvm. I don't need other containers to
access /lxc-shared (and of course I don't want them to accidentaly
unmount things from it when starting).
>> but running myvm through the scripts you suggest creates a
>> new namespace so that myvm no longer sees mounts done by the host.
>
> Note that you're still supposed to do
>
> mount --bind /lxc-shared /lxc-shared
> mount --make-shared /lxc-shared /lxc-shared
>
> at host boot. Then creating a new namespace shouldn't stop myvm from
> seeing new mounts done by the host. The reason I was creating that new
> namespace was so that the mount --make-rslave wouldn't happen in the
> host's namespace.
Yes, I was already doing that before starting myvm. Indeed, your fix
above made the sharing work as expected.
> But in any case, like I say I think it'd be worth adding explicit
> support through the config file for this.
Running the containers through your scripts do the trick, but having an
option in myvm's config file to make the host's /lxc-shared directory
shared only for this container (so that other containers don't need to
go through lxc-unshare & --make-rslave) would be great. Does that fit
the behaviour of the new config entries you suggest?
Anyway, thanks a lot for you help!
--
Ivan Vilata i Balaguer -- https://elvil.net/
More information about the lxc-users
mailing list