[lxc-users] udevadm trigger corrupts the container

Serge Hallyn serge.hallyn at ubuntu.com
Mon Aug 3 14:30:24 UTC 2015


Quoting Christoph Mathys (eraserix at gmail.com):
> On Wed, Jul 29, 2015 at 4:14 AM, Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
> > The host should be protected from udevadm trigger by your container
> > being under an apparmor profile and/or readonly sys.
> 
> But if udevadm trigger is executed on the host for some reason, this
> will still break all containers that use lxc.autodev = 1? A quick test

Ah that's not what i thought you were saying.  That doesn't happen on
my systems, and I can't recall offhand why.  I'll have to play with it.

So you're saying you have lvm backed containers, not running udev,
and when you run udevadm trigger on the host your containers die?

> seems to suggest this... I thought about removing the call, but this
> means duplicating udev logic in my maintainer scripts. I also could
> not find anything in the debian policy that forbids running udevadm
> trigger with the "change" action.
> 
> I tried with apparmor on 3.18, but this does not seem to change
> anything. Is there a way to override some of the defaults in
> "ubuntu.common.conf" in order to mount sysfs readonly?
> 
> Christoph
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users


More information about the lxc-users mailing list