[lxc-users] shared mount and umount propogation.

Craig Ruff cruff at ucar.edu
Fri Mar 7 22:53:05 UTC 2014


On Thu, Mar 06, 2014 at 12:03:53PM -0600, Serge Hallyn wrote:
> That should now be fixed in git, as all of / gets mounted MS_SLAVE
> if / is found to be shared.  Now if only /media is shared and not
> /, I suppose that's a different case.

I am seeing a similar issue, where the host's / itself is not shared
(i.e. the container has a private root file system), and a a directory
below root with sharing set has anything mounted below it.

Example:

Host setup (/d is used on the host itself, / is not shared):
    mount --bind /d /d
    mount --make-shared /d
    mount --bind /d /containers/d
    mount --make-slave /containers/d
    mount --make-shared /containers/d
    mount x /d/a

Container configuration file contains:
    lxc.rootfs = /containers/s/rootfs
    lxc.mount = /containers/s/lxc.fstab
    lxc.hook.pre-mount = /usr/local/containers/hooks/premount

Container lxc.fstab contains:
    /containers/d /containers/s/rootfs/d none rbind,create=dir 0 0

Using this setup, anything mounted under /d will then appear in the
container regardless of the ordering of the mount and container start.
Mounts and unmounts done on the host will propagate into the containers.
Unless the premount hook runs a "mount --make-rshared /" (or in this
case "mount --make-rshared /d" would suffice), the lxc-start will
cause /d/a to be unmounted from the host's /d/a.

That was certainly unexpected behavior!  Since I have not used
LXC containers extensively, I don't know if this is the desired
behavior, but it certainly needs better documentation if that
is the case.


More information about the lxc-users mailing list