[lxc-users] after stopping container, mountpoint is still there
Florian Klink
flokli at flokli.de
Tue Mar 25 20:13:24 UTC 2014
Am 25.03.2014 20:30, schrieb Serge Hallyn:
> Quoting Florian Klink (flokli at flokli.de):
>> Hi,
>>
>> I have the problem that filesystems mounted with lxc.hook.pre-mount stay
>> mounted the whole time, even after the container is stopped.
>>
>> According to my understandinding, mountpoints mounted by these hook
>> scripts will be private to the container and cleaned up on container
>> stop automatically (man lxc.container.conf):
>>
>> lxc.hook.pre-mount
>> A hook to be run in the container's fs namespace but before the rootfs
>> has been set up. This allows for manipulation of the rootfs, i.e. to
>> mount an encrypted filesystem. Mounts done in this hook will not be
>> reflected on the host (apart from mounts propagation), so they will be
>> automatically cleaned up when the container shuts down.
>>
>>
>>
>> However, I can see them when running `df` or `mount` on the host, and
>> they stay mounted even when the container is stopped (which creates
>> weird errors when you try to start the container again).
>>
>>
>> A bit more information about my setup:
>>
>> Arch Linux amd64, systemd 211, kernel 3.13.6
>>
>> I created an archlinux "base image"
>> (using pacstrap -d /path/to/base-image base base-devel), and union-mount
>> it together with a cow/ directory to the new root.
>>
>> The hook looks similar to the provided "hooks/mountecryptfsroot":
>>
>> mount-aufs:
>>
>> #!/bin/sh
>> LXC_COW_PATH=$(echo $LXC_ROOTFS_PATH | sed 's/root$/cow/')
>> mount -n -t aufs none ${LXC_ROOTFS_PATH} -o br=${LXC_COW_PATH}=rw:$1=ro
>>
>>
>> container config:
>>
>> [...]
>> lxc.autodev = 1
>> lxc.hook.pre-mount = /var/lib/lxc/container-name/mount-aufs
>> /path/to/base/image
>> lxc.rootfs = /var/lxc/containers/container-name/root
>> [...]
>>
>>
>>
>> I also tried to hook an lxc.hook.post-stop script that umounts it, but
>> that's also working not reliable...
>>
>>
>> Is this intended behaviour or a bug?
>
> Sounds like your / is shared. (grep shared /proc/self/mountinfo).
> Perhas you can just 'mount --make-rslave /' at the top of
> the pre-mount hook.
This one works, thank you :-)
Is there any possibility to make this work "out of the box"?
Florian
More information about the lxc-users
mailing list