[lxc-users] Regression in ephemeral containers

Christian Brauner christianvanbrauner at gmail.com
Mon Oct 12 12:17:46 UTC 2015

Hm, both work without a problem when I try it. safe_mount() is a function that
has been added recently to protect containers against symlinks. Specifically, it
prevents two things:

        1. do not allow mounts to paths containing symbolic links

        2. do not allow bind mounts from relative paths containing symbolic

You can read more about it here
Maybe your problem relates to this. Also, I find this line:

        > '/usr/lib/x86_64-linux-gnu/lxc/home/ubuntu/test.txt'

in the debug output odd. Did you change your temporary rootfs when pivot_dir is
called to /usr/lib/x86_64-linux-gnu/lxc? Standardly, I would expect


On Mon, Oct 12, 2015 at 10:34:16PM +1100, overlay fs wrote:
> Regression
> ---------------
> It is no longer possible to bind-mount a file into an ephemeral
> container, using the version of lxc in the lxc-daily ppa.  This used
> to work; the regression was introduced some time after September 15.
> Details
> ---------
> If the following entry is added to the config file of an ubuntu-14.04
> container named 'trusty',
>    lxc.mount.entry = /home/oleg/test.txt home/ubuntu/test.txt none
> bind,create=file 0 0
> then lxc-start works ok,
>    lxc-start -d -n trusty
> but lxc-start-ephemeral fails to start,
>    lxc-start-ephemeral -d -o trusty -n debug
> The error message in the logfile is,
>    lxc_utils - utils.c:safe_mount:1641 - Invalid argument - Failed to
> mount /home/oleg/test.txt onto
> /usr/lib/x86_64-linux-gnu/lxc/home/ubuntu/test.txt
>    lxc_conf - conf.c:mount_entry:1731 - Invalid argument - failed to
> mount '/home/oleg/test.txt' on
> '/usr/lib/x86_64-linux-gnu/lxc/home/ubuntu/test.txt'
>    lxc_conf - conf.c:lxc_setup:3762 - failed to setup the mount
> entries for 'debug'    lxc_start - start.c:do_start:722 - failed to
> setup the container
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20151012/d5fccf22/attachment.sig>

More information about the lxc-users mailing list