[Lxc-users] Mounting the rootfs as read-only in Ubuntu
Martin Konečný
martin.konecny at sourcefabric.org
Mon Jan 30 18:55:59 UTC 2012
Hi,
I know there have been a few threads on this, such as
http://comments.gmane.org/gmane.linux.kernel.containers.lxc.general/2167
http://comments.gmane.org/gmane.linux.kernel.containers.lxc.general/1673
but none have been able to solve my problem so far.
My problem: In Ubuntu 11.10, I'm using the default lxc-ubuntu template
script to create a rootfs + setup container config. As soon as this script
finishes, I open the config file and change lxc.rootfs to point to a
directory that is empty.
I then modify the fstab so that the rootfs that was generated by
debootstrap is mounted into this empty directory as read-only.
Now when I try to start the container. I get a warning the /lib/init/fstab
is mounted as read-only and Ubuntu fails to start (I read something about
lxcguest trying to replace this file with a empty version).
So then modify the fstab a second time to mount a RW mount onto
/lib/init/fstab, and the warning disappears. But Ubuntu still does not
start.
Note that if I mount the filesystem as RW, then it starts up correctly.
Here are my config/fstab/log files
*config:*
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br0
lxc.network.ipv4 = 0.0.0.0/24
lxc.utsname = amd64
lxc.tty = 4
lxc.pts = 1024
lxc.rootfs = /var/lib/lxc/xxx/rootfs
lxc.mount = /var/lib/lxc/xxx/fstab
lxc.arch = amd64
lxc.cgroup.devices.deny = a
# Allow any mknod (but not using the node)
lxc.cgroup.devices.allow = c *:* m
lxc.cgroup.devices.allow = b *:* m
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
#lxc.cgroup.devices.allow = c 4:0 rwm
#lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 254:0 rwm
#fuse
lxc.cgroup.devices.allow = c 10:229 rwm
*fstab:*
#/home/martin/rootfs contains the files downloaded by debootstrap
#/var/lib/lxc/xxx/rootfs is an empty directory
/home/martin/rootfs /var/lib/lxc/xxx/rootfs
none ro,bind 0 0
#/home/martin/init was copied from /home/martin/rootfs/init. It is mounted
as rw so that lxcguest can do its thing with /lib/init/fstab
/home/martin/init /var/lib/lxc/xxx/rootfs/lib/init/
none rw,bind 0 0
proc /var/lib/lxc/xxx/rootfs/proc proc
nodev,noexec,nosuid 0 0
sysfs /var/lib/lxc/xxx/rootfs/sys sysfs
defaults 0 0
*Log file on startup*
lxc-start 1327948980.704 DEBUG lxc_conf - allocated pty
'/dev/pts/1' (4/5)
lxc-start 1327948980.704 DEBUG lxc_conf - allocated pty
'/dev/pts/2' (6/7)
lxc-start 1327948980.704 DEBUG lxc_conf - allocated pty
'/dev/pts/3' (8/9)
lxc-start 1327948980.704 DEBUG lxc_conf - allocated pty
'/dev/pts/4' (10/11)
lxc-start 1327948980.704 INFO lxc_conf - tty's configured
lxc-start 1327948980.704 DEBUG lxc_console - using '/dev/tty' as
console
lxc-start 1327948980.704 DEBUG lxc_start - sigchild handler set
lxc-start 1327948980.704 INFO lxc_start - 'xxx' is initialized
lxc-start 1327948980.708 DEBUG lxc_conf - instanciated veth
'vetha5XM5V/vethaTEtvU', index is '10'
lxc-start 1327948980.709 DEBUG lxc_cgroup - checking '/' (rootfs)
lxc-start 1327948980.709 DEBUG lxc_cgroup - checking '/sys' (sysfs)
lxc-start 1327948980.709 DEBUG lxc_cgroup - checking '/proc' (proc)
lxc-start 1327948980.709 DEBUG lxc_cgroup - checking '/dev'
(devtmpfs)
lxc-start 1327948980.709 DEBUG lxc_cgroup - checking '/dev/pts'
(devpts)
lxc-start 1327948980.709 DEBUG lxc_cgroup - checking '/run' (tmpfs)
lxc-start 1327948980.709 DEBUG lxc_cgroup - checking
'/sys/fs/fuse/connections' (fusectl)
lxc-start 1327948980.709 DEBUG lxc_cgroup - checking '/' (ext4)
lxc-start 1327948980.709 DEBUG lxc_cgroup - checking
'/sys/fs/cgroup' (tmpfs)
lxc-start 1327948980.709 DEBUG lxc_cgroup - checking
'/sys/fs/cgroup/cpuset' (cgroup)
lxc-start 1327948980.709 INFO lxc_cgroup - found cgroup mounted
at '/sys/fs/cgroup/cpuset'
lxc-start 1327948980.709 DEBUG lxc_cgroup - cgroup
/sys/fs/cgroup/cpuset has flags 0x2
lxc-start 1327948980.709 INFO lxc_cgroup - created cgroup
'/sys/fs/cgroup/cpuset/xxx'
lxc-start 1327948980.709 DEBUG lxc_cgroup - checking
'/sys/fs/cgroup/cpu' (cgroup)
lxc-start 1327948980.709 INFO lxc_cgroup - found cgroup mounted
at '/sys/fs/cgroup/cpu'
lxc-start 1327948980.709 DEBUG lxc_cgroup - cgroup
/sys/fs/cgroup/cpu has flags 0x2
lxc-start 1327948980.709 INFO lxc_cgroup - created cgroup
'/sys/fs/cgroup/cpu/xxx'
lxc-start 1327948980.709 DEBUG lxc_cgroup - checking
'/sys/fs/cgroup/cpuacct' (cgroup)
lxc-start 1327948980.709 INFO lxc_cgroup - found cgroup mounted
at '/sys/fs/cgroup/cpuacct'
lxc-start 1327948980.709 DEBUG lxc_cgroup - cgroup
/sys/fs/cgroup/cpuacct has flags 0x2
lxc-start 1327948980.710 INFO lxc_cgroup - created cgroup
'/sys/fs/cgroup/cpuacct/xxx'
lxc-start 1327948980.710 DEBUG lxc_cgroup - checking
'/sys/fs/cgroup/memory' (cgroup)
lxc-start 1327948980.710 INFO lxc_cgroup - found cgroup mounted
at '/sys/fs/cgroup/memory'
lxc-start 1327948980.710 DEBUG lxc_cgroup - cgroup
/sys/fs/cgroup/memory has flags 0x2
lxc-start 1327948980.710 INFO lxc_cgroup - created cgroup
'/sys/fs/cgroup/memory/xxx'
lxc-start 1327948980.710 DEBUG lxc_cgroup - checking
'/sys/fs/cgroup/devices' (cgroup)
lxc-start 1327948980.710 INFO lxc_cgroup - found cgroup mounted
at '/sys/fs/cgroup/devices'
lxc-start 1327948980.710 DEBUG lxc_cgroup - cgroup
/sys/fs/cgroup/devices has flags 0x2
lxc-start 1327948980.710 INFO lxc_cgroup - created cgroup
'/sys/fs/cgroup/devices/xxx'
lxc-start 1327948980.710 DEBUG lxc_cgroup - checking
'/sys/fs/cgroup/freezer' (cgroup)
lxc-start 1327948980.710 INFO lxc_cgroup - found cgroup mounted
at '/sys/fs/cgroup/freezer'
lxc-start 1327948980.710 DEBUG lxc_cgroup - cgroup
/sys/fs/cgroup/freezer has flags 0x2
lxc-start 1327948980.710 INFO lxc_cgroup - created cgroup
'/sys/fs/cgroup/freezer/xxx'
lxc-start 1327948980.710 DEBUG lxc_cgroup - checking
'/sys/fs/cgroup/net_cls' (cgroup)
lxc-start 1327948980.710 INFO lxc_cgroup - found cgroup mounted
at '/sys/fs/cgroup/net_cls'
lxc-start 1327948980.710 DEBUG lxc_cgroup - cgroup
/sys/fs/cgroup/net_cls has flags 0x2
lxc-start 1327948980.710 INFO lxc_cgroup - created cgroup
'/sys/fs/cgroup/net_cls/xxx'
lxc-start 1327948980.710 DEBUG lxc_cgroup - checking
'/sys/fs/cgroup/blkio' (cgroup)
lxc-start 1327948980.710 INFO lxc_cgroup - found cgroup mounted
at '/sys/fs/cgroup/blkio'
lxc-start 1327948980.710 DEBUG lxc_cgroup - cgroup
/sys/fs/cgroup/blkio has flags 0x2
lxc-start 1327948980.710 INFO lxc_cgroup - created cgroup
'/sys/fs/cgroup/blkio/xxx'
lxc-start 1327948980.710 DEBUG lxc_cgroup - checking
'/sys/fs/cgroup/perf_event' (cgroup)
lxc-start 1327948980.710 INFO lxc_cgroup - found cgroup mounted
at '/sys/fs/cgroup/perf_event'
lxc-start 1327948980.710 DEBUG lxc_cgroup - cgroup
/sys/fs/cgroup/perf_event has flags 0x2
lxc-start 1327948980.710 INFO lxc_cgroup - created cgroup
'/sys/fs/cgroup/perf_event/xxx'
lxc-start 1327948980.710 DEBUG lxc_cgroup - checking
'/sys/kernel/debug' (debugfs)
lxc-start 1327948980.710 DEBUG lxc_cgroup - checking
'/sys/kernel/security' (securityfs)
lxc-start 1327948980.710 DEBUG lxc_cgroup - checking '/run/lock'
(tmpfs)
lxc-start 1327948980.710 DEBUG lxc_cgroup - checking '/run/shm'
(tmpfs)
lxc-start 1327948980.713 DEBUG lxc_conf - move '(null)' to '7944'
lxc-start 1327948980.713 INFO lxc_conf - 'amd64' hostname has
been setup
lxc-start 1327948980.713 DEBUG lxc_conf - 'eth0' has been setup
lxc-start 1327948980.713 INFO lxc_conf - network has been setup
lxc-start 1327948980.713 DEBUG lxc_conf - mounted
'/var/lib/lxc/xxx/rootfs' on '/usr/lib/lxc/root'
lxc-start 1327948980.713 DEBUG lxc_conf - remounting
/usr/lib/lxc/rootfs on /usr/lib/lxc/root/ to respect bind or remount options
lxc-start 1327948980.713 DEBUG lxc_conf - mounted
'/usr/lib/lxc/rootfs' on '/usr/lib/lxc/root/', type 'none'
lxc-start 1327948980.713 DEBUG lxc_conf - remounting
/home/martin/init on /usr/lib/lxc/root//lib/init/ to respect bind or
remount options
lxc-start 1327948980.713 DEBUG lxc_conf - mounted
'/home/martin/init' on '/usr/lib/lxc/root//lib/init/', type 'none'
lxc-start 1327948980.713 DEBUG lxc_conf - mounted 'proc' on
'/usr/lib/lxc/root//proc', type 'proc'
lxc-start 1327948980.713 DEBUG lxc_conf - mounted 'sysfs' on
'/usr/lib/lxc/root//sys', type 'sysfs'
lxc-start 1327948980.713 INFO lxc_conf - mount points have been
setup
lxc-start 1327948980.713 INFO lxc_conf - mount points have been
setup
lxc-start 1327948980.713 DEBUG lxc_cgroup - lxc_cgroup_path_get:
called for subsys devices name xxx
lxc-start 1327948980.713 DEBUG lxc_cgroup - using cgroup mounted
at '/sys/fs/cgroup/devices'
lxc-start 1327948980.713 DEBUG lxc_cgroup - lxc_cgroup_path_get:
returning /sys/fs/cgroup/devices/xxx for subsystem devices.deny
lxc-start 1327948980.713 DEBUG lxc_conf - cgroup 'devices.deny'
set to 'a'
lxc-start 1327948980.714 DEBUG lxc_cgroup - lxc_cgroup_path_get:
called for subsys devices name xxx
lxc-start 1327948980.714 DEBUG lxc_cgroup - using cgroup mounted
at '/sys/fs/cgroup/devices'
lxc-start 1327948980.714 DEBUG lxc_cgroup - lxc_cgroup_path_get:
returning /sys/fs/cgroup/devices/xxx for subsystem devices.allow
lxc-start 1327948980.714 DEBUG lxc_conf - cgroup 'devices.allow'
set to 'c *:* m'
lxc-start 1327948980.714 DEBUG lxc_cgroup - lxc_cgroup_path_get:
called for subsys devices name xxx
lxc-start 1327948980.714 DEBUG lxc_cgroup - using cgroup mounted
at '/sys/fs/cgroup/devices'
lxc-start 1327948980.714 DEBUG lxc_cgroup - lxc_cgroup_path_get:
returning /sys/fs/cgroup/devices/xxx for subsystem devices.allow
lxc-start 1327948980.714 DEBUG lxc_conf - cgroup 'devices.allow'
set to 'b *:* m'
lxc-start 1327948980.714 DEBUG lxc_cgroup - lxc_cgroup_path_get:
called for subsys devices name xxx
lxc-start 1327948980.714 DEBUG lxc_cgroup - using cgroup mounted
at '/sys/fs/cgroup/devices'
lxc-start 1327948980.714 DEBUG lxc_cgroup - lxc_cgroup_path_get:
returning /sys/fs/cgroup/devices/xxx for subsystem devices.allow
lxc-start 1327948980.714 DEBUG lxc_conf - cgroup 'devices.allow'
set to 'c 1:3 rwm'
lxc-start 1327948980.714 DEBUG lxc_cgroup - lxc_cgroup_path_get:
called for subsys devices name xxx
lxc-start 1327948980.714 DEBUG lxc_cgroup - using cgroup mounted
at '/sys/fs/cgroup/devices'
lxc-start 1327948980.714 DEBUG lxc_cgroup - lxc_cgroup_path_get:
returning /sys/fs/cgroup/devices/xxx for subsystem devices.allow
lxc-start 1327948980.714 DEBUG lxc_conf - cgroup 'devices.allow'
set to 'c 1:5 rwm'
lxc-start 1327948980.714 DEBUG lxc_cgroup - lxc_cgroup_path_get:
called for subsys devices name xxx
lxc-start 1327948980.714 DEBUG lxc_cgroup - using cgroup mounted
at '/sys/fs/cgroup/devices'
lxc-start 1327948980.714 DEBUG lxc_cgroup - lxc_cgroup_path_get:
returning /sys/fs/cgroup/devices/xxx for subsystem devices.allow
lxc-start 1327948980.714 DEBUG lxc_conf - cgroup 'devices.allow'
set to 'c 5:1 rwm'
lxc-start 1327948980.714 DEBUG lxc_cgroup - lxc_cgroup_path_get:
called for subsys devices name xxx
lxc-start 1327948980.714 DEBUG lxc_cgroup - using cgroup mounted
at '/sys/fs/cgroup/devices'
lxc-start 1327948980.714 DEBUG lxc_cgroup - lxc_cgroup_path_get:
returning /sys/fs/cgroup/devices/xxx for subsystem devices.allow
lxc-start 1327948980.714 DEBUG lxc_conf - cgroup 'devices.allow'
set to 'c 5:0 rwm'
lxc-start 1327948980.714 DEBUG lxc_cgroup - lxc_cgroup_path_get:
called for subsys devices name xxx
lxc-start 1327948980.714 DEBUG lxc_cgroup - using cgroup mounted
at '/sys/fs/cgroup/devices'
lxc-start 1327948980.714 DEBUG lxc_cgroup - lxc_cgroup_path_get:
returning /sys/fs/cgroup/devices/xxx for subsystem devices.allow
lxc-start 1327948980.714 DEBUG lxc_conf - cgroup 'devices.allow'
set to 'c 1:9 rwm'
lxc-start 1327948980.714 DEBUG lxc_cgroup - lxc_cgroup_path_get:
called for subsys devices name xxx
lxc-start 1327948980.714 DEBUG lxc_cgroup - using cgroup mounted
at '/sys/fs/cgroup/devices'
lxc-start 1327948980.714 DEBUG lxc_cgroup - lxc_cgroup_path_get:
returning /sys/fs/cgroup/devices/xxx for subsystem devices.allow
lxc-start 1327948980.714 DEBUG lxc_conf - cgroup 'devices.allow'
set to 'c 1:8 rwm'
lxc-start 1327948980.714 DEBUG lxc_cgroup - lxc_cgroup_path_get:
called for subsys devices name xxx
lxc-start 1327948980.714 DEBUG lxc_cgroup - using cgroup mounted
at '/sys/fs/cgroup/devices'
lxc-start 1327948980.714 DEBUG lxc_cgroup - lxc_cgroup_path_get:
returning /sys/fs/cgroup/devices/xxx for subsystem devices.allow
lxc-start 1327948980.714 DEBUG lxc_conf - cgroup 'devices.allow'
set to 'c 136:* rwm'
lxc-start 1327948980.714 DEBUG lxc_cgroup - lxc_cgroup_path_get:
called for subsys devices name xxx
lxc-start 1327948980.714 DEBUG lxc_cgroup - using cgroup mounted
at '/sys/fs/cgroup/devices'
lxc-start 1327948980.714 DEBUG lxc_cgroup - lxc_cgroup_path_get:
returning /sys/fs/cgroup/devices/xxx for subsystem devices.allow
lxc-start 1327948980.714 DEBUG lxc_conf - cgroup 'devices.allow'
set to 'c 5:2 rwm'
lxc-start 1327948980.714 DEBUG lxc_cgroup - lxc_cgroup_path_get:
called for subsys devices name xxx
lxc-start 1327948980.714 DEBUG lxc_cgroup - using cgroup mounted
at '/sys/fs/cgroup/devices'
lxc-start 1327948980.714 DEBUG lxc_cgroup - lxc_cgroup_path_get:
returning /sys/fs/cgroup/devices/xxx for subsystem devices.allow
lxc-start 1327948980.714 DEBUG lxc_conf - cgroup 'devices.allow'
set to 'c 254:0 rwm'
lxc-start 1327948980.714 DEBUG lxc_cgroup - lxc_cgroup_path_get:
called for subsys devices name xxx
lxc-start 1327948980.714 DEBUG lxc_cgroup - using cgroup mounted
at '/sys/fs/cgroup/devices'
lxc-start 1327948980.714 DEBUG lxc_cgroup - lxc_cgroup_path_get:
returning /sys/fs/cgroup/devices/xxx for subsystem devices.allow
lxc-start 1327948980.714 DEBUG lxc_conf - cgroup 'devices.allow'
set to 'c 10:229 rwm'
lxc-start 1327948980.714 INFO lxc_conf - cgroup has been setup
lxc-start 1327948980.714 INFO lxc_conf - console has been setup
lxc-start 1327948980.714 INFO lxc_conf - 4 tty(s) has been setup
lxc-start 1327948980.714 DEBUG lxc_conf - mountpoint for old
rootfs is '/usr/lib/lxc/root/mnt'
lxc-start 1327948980.714 DEBUG lxc_conf - pivot_root syscall to
'/usr/lib/lxc/root' successful
lxc-start 1327948980.715 DEBUG lxc_conf - umounted '/mnt/dev/pts'
lxc-start 1327948980.715 DEBUG lxc_conf - umounted '/mnt/run/lock'
lxc-start 1327948980.715 DEBUG lxc_conf - umounted '/mnt/run/shm'
lxc-start 1327948980.715 DEBUG lxc_conf - umounted
'/mnt/sys/fs/fuse/connections'
lxc-start 1327948980.715 DEBUG lxc_conf - umounted
'/mnt/sys/fs/cgroup/cpuset'
lxc-start 1327948980.715 DEBUG lxc_conf - umounted
'/mnt/sys/fs/cgroup/cpu'
lxc-start 1327948980.715 DEBUG lxc_conf - umounted
'/mnt/sys/fs/cgroup/cpuacct'
lxc-start 1327948980.715 DEBUG lxc_conf - umounted
'/mnt/sys/fs/cgroup/memory'
lxc-start 1327948980.715 DEBUG lxc_conf - umounted
'/mnt/sys/fs/cgroup/devices'
lxc-start 1327948980.715 DEBUG lxc_conf - umounted
'/mnt/sys/fs/cgroup/freezer'
lxc-start 1327948980.715 DEBUG lxc_conf - umounted
'/mnt/sys/fs/cgroup/net_cls'
lxc-start 1327948980.715 DEBUG lxc_conf - umounted
'/mnt/sys/fs/cgroup/blkio'
lxc-start 1327948980.715 DEBUG lxc_conf - umounted
'/mnt/sys/fs/cgroup/perf_event'
lxc-start 1327948980.715 DEBUG lxc_conf - umounted
'/mnt/sys/kernel/debug'
lxc-start 1327948980.715 DEBUG lxc_conf - umounted
'/mnt/sys/kernel/security'
lxc-start 1327948980.715 DEBUG lxc_conf - umounted '/mnt/proc'
lxc-start 1327948980.715 DEBUG lxc_conf - umounted
'/mnt/usr/lib/lxc/root'
lxc-start 1327948980.715 DEBUG lxc_conf - umounted '/mnt/dev'
lxc-start 1327948980.715 DEBUG lxc_conf - umounted '/mnt/run'
lxc-start 1327948980.715 DEBUG lxc_conf - umounted
'/mnt/sys/fs/cgroup'
lxc-start 1327948980.715 DEBUG lxc_conf - umounted '/mnt/sys'
lxc-start 1327948980.715 DEBUG lxc_conf - umounted '/mnt'
lxc-start 1327948980.715 INFO lxc_conf - created new pts instance
lxc-start 1327948980.715 INFO lxc_conf - set personality to '0x0'
lxc-start 1327948980.715 DEBUG lxc_conf - capabilities has been
setup
lxc-start 1327948980.715 NOTICE lxc_conf - 'xxx' is setup.
lxc-start 1327948980.715 NOTICE lxc_start - exec'ing '/sbin/init'
lxc-start 1327948980.716 NOTICE lxc_start - '/sbin/init' started
with pid '7944'
lxc-start 1327948980.716 DEBUG lxc_utmp - Added
'/proc/7944/root/run' to inotifywatch
lxc-start 1327949218.361 DEBUG lxc_commands - peer has disconnected
--
Open source radio in the cloud. Get yours now! ---> http://airtime.pro
Martin Konecny
Software Developer, Sourcefabric
martin.konecny at sourcefabric.org
720 Bathurst St. Suite 203
M5S 2R4, Toronto, ON, Canada
+1 (416) 892-8420 (Cell)
Skype: martin.konecny15
http://www.sourcefabric.org
http://www.twitter.com/Sourcefabric
--
Open source radio in the cloud. Get yours now! ---> http://airtime.pro
Martin Konecny
Software Developer, Sourcefabric
martin.konecny at sourcefabric.org
720 Bathurst St. Suite 203
M5S 2R4, Toronto, ON, Canada
+1 (416) 892-8420 (Cell)
Skype: martin.konecny15
http://www.sourcefabric.org
http://www.twitter.com/Sourcefabric
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20120130/f5d1dd78/attachment.html>
More information about the lxc-users
mailing list