[lxc-users] udevadm trigger corrupts the container

Christoph Mathys eraserix at gmail.com
Mon Aug 3 15:09:07 UTC 2015


On Mon, Aug 3, 2015 at 4:30 PM, Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
> Quoting Christoph Mathys (eraserix at gmail.com):
>> On Wed, Jul 29, 2015 at 4:14 AM, Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
>> > The host should be protected from udevadm trigger by your container
>> > being under an apparmor profile and/or readonly sys.
>>
>> But if udevadm trigger is executed on the host for some reason, this
>> will still break all containers that use lxc.autodev = 1? A quick test
>
> Ah that's not what i thought you were saying.  That doesn't happen on
> my systems, and I can't recall offhand why.  I'll have to play with it.

Hi Serge, thanks for taking the time!

I've stated that I have the problem inside the container, and your
hint about readonly sysfs inside the container is of course correct.
But my containers also go nuts if the udevadm trigger is executed on
the host directly, so making the containers safe only "masks" the
problem.

> So you're saying you have lvm backed containers, not running udev,
> and when you run udevadm trigger on the host your containers die?

No, the container is not on lvm, its a simple ext4 partition. They do
run udev (its a standard ubuntu precise), and the only thing halfway
special is that my "/dev/"-directory is on a tmpfs (by means of the
flag lxc.autodev in the containers config). The containers do not die,
but it seems like devfs inside the container gets at least partly
fucked up (I can no longer get a pty inside the container).

I'll try to reproduce it tomorrow and provide a small script.

Christoph


More information about the lxc-users mailing list