[lxc-users] Mounting additional volume on container

Serge Hallyn serge.hallyn at ubuntu.com
Mon Oct 5 15:32:54 UTC 2015 

Quoting Christian Benke (benkokakao at gmail.com):
> Hello!
> 
> Planning to move from OpenVZ to LXC, I started playing with containers
> on my workstation yesterday. In the past hours I've been trying to
> mount an additional volume to a container, but don't seem to get this
> apparently trivial task right and I have difficulties identifying the
> cause of the issue.
> 
> This is my mostly vanilla container-config (Using LVM as backingstore):
> 
> lxc.include = /usr/share/lxc/config/ubuntu.common.conf
> lxc.include = /usr/share/lxc/config/ubuntu.userns.conf
> lxc.arch = x86_64
> lxc.id_map = u 0 100000 65536
> lxc.id_map = g 0 100000 65536
> lxc.rootfs = /dev/lxc/lxc_test_ubuntu
> lxc.utsname = lxc_test_ubuntu
> lxc.network.type = veth
> lxc.network.flags = up
> lxc.network.link = lxcbr0
> lxc.network.hwaddr = 00:16:3e:b5:11:fb
> lxc.cgroup.devices.allow = b 252:2 rwm
> lxc.mount.entry = /media/benke/755f788b-3930-44e9-b7b8-cb93a3ec5af0
> bla none bind 0 0
> 
> 
> When the mount-point "/bla" has not been created in the container, the error is:
> 
> "lxc-start 1443952415.367 ERROR    lxc_utils - utils.c:safe_mount:1419
> - No such file or directory - Mount of
> '/media/benke/755f788b-3930-44e9-b7b8-cb93a3ec5af0' onto
> '/usr/lib/x86_64-linux-gnu/lxc/bla' failed"

The 'lxc.mount.entry's are mounted after the user namespace unshare,
therefore you are not allowed to mount a device.  You could mount the
device somewhere onto the host and bind-mount it into the container.

How to enable this is not clear.  In lxd we can support this
using the 'disk' device, which is mounted into place by first
mounting it, on the host, into a directory which is ms-shared
with the container, then mount --moving it in the container.  In
lxc we aren't guaranteed to have such a shared directory.  You
can certainly do it yourself, but I don't know that we can do it
generically.

> and when I create the mount-point "/bla" in the container, I get the error:
> 
> "lxc-start 1443952688.974 ERROR    lxc_utils - utils.c:safe_mount:1419
> - Permission denied - Mount of
> '/media/benke/755f788b-3930-44e9-b7b8-cb93a3ec5af0' onto
> '/usr/lib/x86_64-linux-gnu/lxc/bla' failed."
> 
> 
> Using "lxc.mount.entry = /dev/lxc/mount_test bla ext4 defaults 0 0"
> instead of bind gives error "Operation not permitted" as well.
> I've also tried to use "dir=create" as a mount-option, mounting a
> block-device instead of using bind or a lv (WIth the correct
> cgroup-settings of course), tested it on a container with the regular
> filesystem as backingstore instead of lvm, tried "lxc.aa_profile =
> unconfined", used  and manually created
> "/usr/lib/x86_64-linux-gnu/lxc/bla" chmodded with the unprivileged
> users rights out of desperation, even tried it with a privileged
> container, but none of that made a difference. The error-messages
> where always the same.
> 
> Reading all the threads and blogposts about this issue make it out to
> be straightforward after ironing out typos or
> cgroup-settings[1][2][3][4], but I'm not getting anywhere with the
> changes.
> 
> What confuses me is the intransparency of how the mount is supposed to
> work according to the lxc-logfile. Why is it trying to mount to
> "/usr/lib/x86_64-linux-gnu/lxc/bla", not mounting to
> /var/lib/lxc/lxc_test_ubuntu/rootfs/ or the real lvm-root?

/var/lib/lxc/lxc_test_ubuntu/rootfs is the source of the rootfs mount
(when using a directory backed container), not the destination.  The
container rootfs is always mounted onto /usr/lib/x86_64-linux-gnu/lxc.

-serge

More information about the lxc-users mailing list