[lxc-users] Regression in ephemeral containers

Christian Brauner christianvanbrauner at gmail.com
Mon Oct 12 12:17:46 UTC 2015


Hm, both work without a problem when I try it. safe_mount() is a function that
has been added recently to protect containers against symlinks. Specifically, it
prevents two things:

        1. do not allow mounts to paths containing symbolic links

        2. do not allow bind mounts from relative paths containing symbolic
           links.

You can read more about it here
(https://github.com/lxc/lxc/commit/592fd47a6245508b79fe6ac819fe6d3b2c1289be).
Maybe your problem relates to this. Also, I find this line:

        > '/usr/lib/x86_64-linux-gnu/lxc/home/ubuntu/test.txt'

in the debug output odd. Did you change your temporary rootfs when pivot_dir is
called to /usr/lib/x86_64-linux-gnu/lxc? Standardly, I would expect
/usr/lib/lxc/rootfs.

Christian

On Mon, Oct 12, 2015 at 10:34:16PM +1100, overlay fs wrote:
> Regression
> ---------------
> It is no longer possible to bind-mount a file into an ephemeral
> container, using the version of lxc in the lxc-daily ppa.  This used
> to work; the regression was introduced some time after September 15.
> 
> Details
> ---------
> If the following entry is added to the config file of an ubuntu-14.04
> container named 'trusty',
> 
>    lxc.mount.entry = /home/oleg/test.txt home/ubuntu/test.txt none
> bind,create=file 0 0
> 
> then lxc-start works ok,
> 
>    lxc-start -d -n trusty
> 
> but lxc-start-ephemeral fails to start,
> 
>    lxc-start-ephemeral -d -o trusty -n debug
> 
> The error message in the logfile is,
> 
>    lxc_utils - utils.c:safe_mount:1641 - Invalid argument - Failed to
> mount /home/oleg/test.txt onto
> /usr/lib/x86_64-linux-gnu/lxc/home/ubuntu/test.txt
>    lxc_conf - conf.c:mount_entry:1731 - Invalid argument - failed to
> mount '/home/oleg/test.txt' on
> '/usr/lib/x86_64-linux-gnu/lxc/home/ubuntu/test.txt'
>    lxc_conf - conf.c:lxc_setup:3762 - failed to setup the mount
> entries for 'debug'    lxc_start - start.c:do_start:722 - failed to
> setup the container
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20151012/d5fccf22/attachment.sig>


More information about the lxc-users mailing list