[lxc-users] Regression in ephemeral containers
overlayfs at gmail.com
Mon Oct 12 15:21:24 UTC 2015
On Mon, Oct 12, 2015 at 11:17 PM, Christian Brauner
<christianvanbrauner at gmail.com> wrote:
> Hm, both work without a problem when I try it.
That's good to hear! I'll create a fresh copy of lxc in a vm and see
whether it resolves the problem.
> safe_mount() is a function that has been added recently to protect containers
> against symlinks. Specifically, it prevents two things:
> 1. do not allow mounts to paths containing symbolic links
> 2. do not allow bind mounts from relative paths containing symbolic
> You can read more about it here
> Maybe your problem relates to this. Also, I find this line:
> > '/usr/lib/x86_64-linux-gnu/lxc/home/ubuntu/test.txt'
> in the debug output odd. Did you change your temporary rootfs when pivot_dir is
> called to /usr/lib/x86_64-linux-gnu/lxc? Standardly, I would expect
I'm using the default pivot_dir, AFAIK.
> On Mon, Oct 12, 2015 at 10:34:16PM +1100, overlay fs wrote:
>> It is no longer possible to bind-mount a file into an ephemeral
>> container, using the version of lxc in the lxc-daily ppa. This used
>> to work; the regression was introduced some time after September 15.
>> If the following entry is added to the config file of an ubuntu-14.04
>> container named 'trusty',
>> lxc.mount.entry = /home/oleg/test.txt home/ubuntu/test.txt none
>> bind,create=file 0 0
>> then lxc-start works ok,
>> lxc-start -d -n trusty
>> but lxc-start-ephemeral fails to start,
>> lxc-start-ephemeral -d -o trusty -n debug
>> The error message in the logfile is,
>> lxc_utils - utils.c:safe_mount:1641 - Invalid argument - Failed to
>> mount /home/oleg/test.txt onto
>> lxc_conf - conf.c:mount_entry:1731 - Invalid argument - failed to
>> mount '/home/oleg/test.txt' on
>> lxc_conf - conf.c:lxc_setup:3762 - failed to setup the mount
>> entries for 'debug' lxc_start - start.c:do_start:722 - failed to
>> setup the container
More information about the lxc-users