[Lxc-users] pivot root failures when "/" is mounted as "shared"

Michael H. Warfield mhw at WittsEnd.com
Sat Nov 3 13:51:16 UTC 2012


On Sat, 2012-11-03 at 12:01 +0100, Peter Simons wrote:
> Hi guys,
> 
> I've been using lxc for a while now, and it's a great tool. Thank you
> very much for the time and effort you have been dedicating to the
> development of that software!
> 
> My Linux distribution (NixOS) is about to switch from upstart to
> systemd, and it this switch in the host system is going to break all my
> containers. It appears this is a well known problem that's been reported
> at

>   http://sourceforge.net/tracker/?func=detail&aid=3559833&group_id=163076&atid=826303

> and

>   https://github.com/lxc/lxc/issues/4.

> Now, I wonder what the status of this issue is. Is it clear how that
> problem can be remedied? Is there maybe a patch that fixes this problem?
> Does anyone know a work-around that I could use to keep my containers
> running when that switch to systemd occurs on the host system?

Having JUST been up to my ears in this (and still am to some extent)
working with Serge and hammering out some of these issues over the last
couple of weeks, I think I can speak to some of this.

The issue regarding pivot root is not your only problem and may not yet
be a current problem.  It's really, more or less, something that's going
to become a problem (Fedora 19 time frame if I understand it properly
from the systemd gang).  Not sure what version of systemd where this
becomes a problem in but I'm running Fedora 17 with systemd 44 in the
host for some time with no problem.  If you've tested that and you've
seen how it breaks, could you post the version of systemd you are
running and the error messages along with some config examples here so
we can see them?

A real problem is in the systemd based containers where it wants to
mount devtmpfs on top of /dev and that breaks all sorts of things
(console conflicts, restarts X in the host, all sorts of mess).  Serge
was finally able to whip together a patch this last week that I've been
testing and I now have Fedora 17 containers using systemd running.
We've still got some minor gotchas like console ttys not working yet
(systemd won't start them in a container).  Currently lxc-console will
not work with a systemd container because of the systemd behavior wrt
starting getty processes on ttys when it detects that it's in a
container.

For your distro, the pivot root when / is mounted shared may or may not
be a problem but, as of systemd 44 for sure it is not.  I still need to
do some retesting with systemd 195 (Fedora Rawhide) but my early
indications are that it's not a problem or hasn't been for me (but then
my container / may not be mounted shared).  IAC, you're getting nowhere
with it (if you have systemd in the container) until you have the
devtmpfs fixes.

Right now...  To get this to work, you need Serge's autodev branch from
git here:

git://github.com/hallyn/lxc called upstream.nov1.2012.autodev

Build lxc from that.

Then, in your systemd based containers, you must add the parameter
lxc.autodev = 1 to the config.  That will cause tmpfs to be mounted on
top of /dev and populated with the device entries which are needed.
Adding that to your non-systemd containers should have no negative
impact but I have yet to test that fully.

Daniel is getting ready to cut the 0.8.0 release which will NOT have the
autodev fixes but we're hoping to get a quicker turnaround to get 0.9.0
or something similar out with them and other systemd fixes.

If you are having the pivot root problem, this may not help.  That will
probably have to be addressed sooner or later from what I've read from
the systemd guys.

> Take care,
> Peter

Regards,
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20121103/d0e507fc/attachment.pgp>


More information about the lxc-users mailing list