[lxc-users] Regression in ephemeral containers
Christian Brauner
christianvanbrauner at gmail.com
Mon Oct 12 12:17:46 UTC 2015
Hm, both work without a problem when I try it. safe_mount() is a function that
has been added recently to protect containers against symlinks. Specifically, it
prevents two things:
1. do not allow mounts to paths containing symbolic links
2. do not allow bind mounts from relative paths containing symbolic
links.
You can read more about it here
(https://github.com/lxc/lxc/commit/592fd47a6245508b79fe6ac819fe6d3b2c1289be).
Maybe your problem relates to this. Also, I find this line:
> '/usr/lib/x86_64-linux-gnu/lxc/home/ubuntu/test.txt'
in the debug output odd. Did you change your temporary rootfs when pivot_dir is
called to /usr/lib/x86_64-linux-gnu/lxc? Standardly, I would expect
/usr/lib/lxc/rootfs.
Christian
On Mon, Oct 12, 2015 at 10:34:16PM +1100, overlay fs wrote:
> Regression
> ---------------
> It is no longer possible to bind-mount a file into an ephemeral
> container, using the version of lxc in the lxc-daily ppa. This used
> to work; the regression was introduced some time after September 15.
>
> Details
> ---------
> If the following entry is added to the config file of an ubuntu-14.04
> container named 'trusty',
>
> lxc.mount.entry = /home/oleg/test.txt home/ubuntu/test.txt none
> bind,create=file 0 0
>
> then lxc-start works ok,
>
> lxc-start -d -n trusty
>
> but lxc-start-ephemeral fails to start,
>
> lxc-start-ephemeral -d -o trusty -n debug
>
> The error message in the logfile is,
>
> lxc_utils - utils.c:safe_mount:1641 - Invalid argument - Failed to
> mount /home/oleg/test.txt onto
> /usr/lib/x86_64-linux-gnu/lxc/home/ubuntu/test.txt
> lxc_conf - conf.c:mount_entry:1731 - Invalid argument - failed to
> mount '/home/oleg/test.txt' on
> '/usr/lib/x86_64-linux-gnu/lxc/home/ubuntu/test.txt'
> lxc_conf - conf.c:lxc_setup:3762 - failed to setup the mount
> entries for 'debug' lxc_start - start.c:do_start:722 - failed to
> setup the container
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20151012/d5fccf22/attachment.sig>
More information about the lxc-users
mailing list