[lxc-users] lxc-attach runs in root fs, not container chroot
Noel Burton-Krahn
noel at pistoncloud.com
Wed Nov 19 23:46:09 UTC 2014
Hi,
I'm running lxc-1.0.6-r1 on Gentoo. I can create my lxc container and ssh
into it and everything looks fine.
lxc-create -n u1 -t download -- --no-validate --dist ubuntu --release
trusty --arch amd64
lxc-start -n u1
However, lxc-attach runs programs in the host's root, not in the container
root:
lxc-attach -n u1 ls /tmp
This lists files in the *hosts* /tmp. The guest's /tmp is empty
Looking at /proc/$PID/mountinfo in host and guest, I see that processes
created inside the guest are chrooted to the right place:
(in lxc guest, init is chrooted)
head -1 /proc/1/mountinfo
81 124 0:2 /etc/lxc/u1/rootfs / rw - rootfs rootfs
rw,size=16332604k,nr_inodes=4083151
However, programs run by lxc-attach are not chrooted
lxc-attach -n u1 -- head -1 /proc/self/mountinfo
82 82 0:2 / / rw - rootfs rootfs rw,size=16332604k,nr_inodes=4083151
What config options could break this?
I created a small program that just does nsexec [1], and it has the same
behaviour. somehow, setns() is not setting the root fs properly using
processes running in lxc.
[1] https://gist.github.com/noelbk/b6964f8c55d5f6258819
PS
This all works fine on stock ubuntu-14.04/
Cheers,
--
Noel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20141119/5faa516e/attachment.html>
More information about the lxc-users
mailing list