[Lxc-users] Container start unmounts shared bind mounts

Mon Feb 13 15:23:43 UTC 2012

Quoting Ivan Vilata i Balaguer (ivan at selidor.net):
> Serge Hallyn (2012-02-11 00:08:10 +0100) wrote:
> 
> > Quoting Ivan Vilata i Balaguer (ivan at selidor.net):
> >> Serge Hallyn (2012-02-10 16:05:19 +0100) wrote:
> >> 
> >> > mv /usr/bin/lxc-start /usr/bin/lxc-start.real
> >> >
> >> > cat > /usr/bin/lxc-start.mid << EOF
> >> > mount --make-unbindable /lxc-shared
> >> > mount --make-shared /lxc-shared
> >
> > Oops, this isn't right.  I think I just meant
> >
> > cat > /usr/bin/lxc-start.mid << EOF
> > mount --make-rslave /lxc-shared
> > exec /usr/bin/lxc-start.real $*
> > EOF
> >
> >> > exec /usr/bin/lxc-start.real $*
> >> > EOF
> >> >
> >> > cat > /usr/bin/lxc-start << EOF
> >> > lxc-unshare -s MOUNT -- /usr/bin/lxc-start.mid $*
> >> > EOF
> >> >
> >> > chmod ugo+x /usr/bin/lxc-start{,.mid}
> 
> Yup, the new one did work! :)
> 
> >> Well, I'm actually trying on the host to mount and unmount file systems
> >> I don't know beforehand *while myvm is running* under subdirectories in
> >> /lxc-shared,
> >
> > You've lost me here (I don't understand what you're saying), but
> 
> Sorry, tried to stuff too much into too few words. :D
> 
> What I want to do is set up a shared directory /lxc-shared in the host,
> which will appear as /shared in myvm.  While myvm is running, I'll be
> binding host directories to /lxc-shared/foo, /lxc-shared/bar and other
> subdirs I don't know beforehand so that they become visible as
> /shared/foo, /shared/bar etc. at myvm.  I don't need other containers to
> access /lxc-shared (and of course I don't want them to accidentaly
> unmount things from it when starting).
> 
> >> but running myvm through the scripts you suggest creates a
> >> new namespace so that myvm no longer sees mounts done by the host.
> >
> > Note that you're still supposed to do
> >
> > 	mount --bind /lxc-shared /lxc-shared
> > 	mount --make-shared /lxc-shared /lxc-shared
> >
> > at host boot.  Then creating a new namespace shouldn't stop myvm from
> > seeing new mounts done by the host.  The reason I was creating that new
> > namespace was so that the mount --make-rslave wouldn't happen in the
> > host's namespace.
> 
> Yes, I was already doing that before starting myvm.  Indeed, your fix
> above made the sharing work as expected.
> 
> > But in any case, like I say I think it'd be worth adding explicit
> > support through the config file for this.
> 
> Running the containers through your scripts do the trick, but having an
> option in myvm's config file to make the host's /lxc-shared directory
> shared only for this container (so that other containers don't need to
> go through lxc-unshare & --make-rslave) would be great.  Does that fit
> the behaviour of the new config entries you suggest?

I think so.  I've put it down on the list of things to consider for
next cycle.

> Anyway, thanks a lot for you help!

My pleasure.  It's a good feature to have.

-serge