[lxc-users] Regression in ephemeral containers

overlay fs overlayfs at gmail.com
Mon Oct 12 15:21:24 UTC 2015


On Mon, Oct 12, 2015 at 11:17 PM, Christian Brauner
<christianvanbrauner at gmail.com> wrote:
> Hm, both work without a problem when I try it.

That's good to hear!  I'll create a fresh copy of lxc in a vm and see
whether it resolves the problem.

> safe_mount() is a function that has been added recently to protect containers
> against symlinks. Specifically, it prevents two things:
>
>         1. do not allow mounts to paths containing symbolic links
>
>         2. do not allow bind mounts from relative paths containing symbolic
>            links.
>
> You can read more about it here
> (https://github.com/lxc/lxc/commit/592fd47a6245508b79fe6ac819fe6d3b2c1289be).
> Maybe your problem relates to this. Also, I find this line:
>
>         > '/usr/lib/x86_64-linux-gnu/lxc/home/ubuntu/test.txt'
>
> in the debug output odd. Did you change your temporary rootfs when pivot_dir is
> called to /usr/lib/x86_64-linux-gnu/lxc? Standardly, I would expect
> /usr/lib/lxc/rootfs.

I'm using the default pivot_dir, AFAIK.

>
> Christian
>
> On Mon, Oct 12, 2015 at 10:34:16PM +1100, overlay fs wrote:
>> Regression
>> ---------------
>> It is no longer possible to bind-mount a file into an ephemeral
>> container, using the version of lxc in the lxc-daily ppa.  This used
>> to work; the regression was introduced some time after September 15.
>>
>> Details
>> ---------
>> If the following entry is added to the config file of an ubuntu-14.04
>> container named 'trusty',
>>
>>    lxc.mount.entry = /home/oleg/test.txt home/ubuntu/test.txt none
>> bind,create=file 0 0
>>
>> then lxc-start works ok,
>>
>>    lxc-start -d -n trusty
>>
>> but lxc-start-ephemeral fails to start,
>>
>>    lxc-start-ephemeral -d -o trusty -n debug
>>
>> The error message in the logfile is,
>>
>>    lxc_utils - utils.c:safe_mount:1641 - Invalid argument - Failed to
>> mount /home/oleg/test.txt onto
>> /usr/lib/x86_64-linux-gnu/lxc/home/ubuntu/test.txt
>>    lxc_conf - conf.c:mount_entry:1731 - Invalid argument - failed to
>> mount '/home/oleg/test.txt' on
>> '/usr/lib/x86_64-linux-gnu/lxc/home/ubuntu/test.txt'
>>    lxc_conf - conf.c:lxc_setup:3762 - failed to setup the mount
>> entries for 'debug'    lxc_start - start.c:do_start:722 - failed to
>> setup the container


More information about the lxc-users mailing list