[lxc-users] Cannot unlink/rename over host-level file that has been bind-mounted out of a container
Barry Jaspan
barry.jaspan at acquia.com
Mon Dec 15 18:56:25 UTC 2014
I have reduced the problem I described in my previous message to a much
smaller test case. Here is an LXC config file that bind-mounts a single
file, /other_file, from the host's root filesystem on top of another file,
/empty, also from the host's root filesystem:
lxc.console = none
lxc.rootfs = /
lxc.mount.entry=/other_file empty none rw,bind 0 0
While the container is running, the host's /empty cannot be unlinked:
host# rm /empty /other_file
host# touch /empty /other_file
host# lxc-execute -n test -f test.config -- sleep 30 &
[1] 2419
host# strace -o rm.out rm /empty
rm: cannot remove `/empty': Device or resource busy
host# grep EBUSY rm.out
unlinkat(AT_FDCWD, "/empty", 0) = -1 EBUSY (Device or resource busy)
host# fg
lxc-execute -n test -f test.config -- sleep 30
^C
host# rm /empty
host#
Can anyone explain why the host's /empty cannot be unlinked even though it
is bind-mounted out of the running container? Why is it "busy"?
Thanks,
Barry
On Mon, Dec 8, 2014 at 5:53 PM, Barry Jaspan <barry.jaspan at acquia.com>
wrote:
>
> I'm using LXC on Ubuntu 12.04 (Precise) on EC2. I am creating a container
> that uses the host's root filesystem. In the lxc config, I am bind-mounting
> a different passwd file on top of /etc/passwd:
>
> lxc.mount.entry=/container/passwd etc/passwd none rw,bind 0 0
>
> As expected, /etc/passwd on the host and /etc/passwd in the container are
> different inodes:
>
> host# ls -i /etc/passwd
> 58046 /etc/passwd
> host# ls -i /container/passwd
> 287145 /container/passwd
>
> container# ls -i /etc/passwd
> 287145 /etc/passwd
>
> What I did not expect is that now it is not possible to unlink /etc/passwd
> at the host level (or inside the container, although I don't care about
> that):
>
> host# rm /etc/passwd
> rm: cannot remove `/etc/passwd': Device or resource busy
> host# chsh -s /bin/false root
> chsh: failure while writing changes to /etc/passwd
>
> strace confirms that unlinkat() and rename() are returning EBUSY. (chsh
> creates a replacement for /etc/passwd and then rename()'s it into place.)
>
> So, somehow, the fact that the host's /etc/passwd is *not* present in the
> container marks its inode as busy. I do not think it is as simple as "an
> inode that has been bind-mounted out of a namespace is busy" because a
> simple bind-mount test case does not reproduce it:
>
> # echo foo > foo
> # touch bar
> # mount --bind ./foo ./bar
> # cat bar
> foo
> # touch new
> # mv new foo
> #
>
> This seems related to http://lwn.net/Articles/570338/. However, in that
> article, a file which is bind-mounted into another namespace causes EBUSY
> from unlink/rename(). In my case, a file which is *not* bind-mounted into
> another namespace is causing EBUSY.
>
> Can someone explain what is going on?
>
> Thanks,
>
> Barry
>
> --
> Barry Jaspan
> Senior Architect | Acquia <http://acquia.com>
> barry.jaspan at acquia.com | (c) 617.905.2208 | (w) 781-313-8298
>
> Acquia Dev Cloud: You build killer websites. We do the rest.
> <http://www.acquia.com/dev-cloud> <http://acquia.com/dev-cloud>
> Acquia ranked #1 Software Vendor on the 2012 Inc 500
> <http://www.acquia.com/about-us/newsroom/press-releases/inc-magazine-unveils-31st-annual-list-america-s-fastest-growing>
>
>
--
Barry Jaspan
Senior Architect | Acquia <http://acquia.com>
barry.jaspan at acquia.com | (c) 617.905.2208 | (w) 781-313-8298
Acquia Dev Cloud: You build killer websites. We do the rest.
<http://www.acquia.com/dev-cloud> <http://acquia.com/dev-cloud>
Acquia ranked #1 Software Vendor on the 2012 Inc 500
<http://www.acquia.com/about-us/newsroom/press-releases/inc-magazine-unveils-31st-annual-list-america-s-fastest-growing>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20141215/075e9c92/attachment-0003.html>
More information about the lxc-users
mailing list