[lxc-users] Regression in ephemeral containers
overlay fs
overlayfs at gmail.com
Mon Oct 12 15:21:24 UTC 2015
On Mon, Oct 12, 2015 at 11:17 PM, Christian Brauner
<christianvanbrauner at gmail.com> wrote:
> Hm, both work without a problem when I try it.
That's good to hear! I'll create a fresh copy of lxc in a vm and see
whether it resolves the problem.
> safe_mount() is a function that has been added recently to protect containers
> against symlinks. Specifically, it prevents two things:
>
> 1. do not allow mounts to paths containing symbolic links
>
> 2. do not allow bind mounts from relative paths containing symbolic
> links.
>
> You can read more about it here
> (https://github.com/lxc/lxc/commit/592fd47a6245508b79fe6ac819fe6d3b2c1289be).
> Maybe your problem relates to this. Also, I find this line:
>
> > '/usr/lib/x86_64-linux-gnu/lxc/home/ubuntu/test.txt'
>
> in the debug output odd. Did you change your temporary rootfs when pivot_dir is
> called to /usr/lib/x86_64-linux-gnu/lxc? Standardly, I would expect
> /usr/lib/lxc/rootfs.
I'm using the default pivot_dir, AFAIK.
>
> Christian
>
> On Mon, Oct 12, 2015 at 10:34:16PM +1100, overlay fs wrote:
>> Regression
>> ---------------
>> It is no longer possible to bind-mount a file into an ephemeral
>> container, using the version of lxc in the lxc-daily ppa. This used
>> to work; the regression was introduced some time after September 15.
>>
>> Details
>> ---------
>> If the following entry is added to the config file of an ubuntu-14.04
>> container named 'trusty',
>>
>> lxc.mount.entry = /home/oleg/test.txt home/ubuntu/test.txt none
>> bind,create=file 0 0
>>
>> then lxc-start works ok,
>>
>> lxc-start -d -n trusty
>>
>> but lxc-start-ephemeral fails to start,
>>
>> lxc-start-ephemeral -d -o trusty -n debug
>>
>> The error message in the logfile is,
>>
>> lxc_utils - utils.c:safe_mount:1641 - Invalid argument - Failed to
>> mount /home/oleg/test.txt onto
>> /usr/lib/x86_64-linux-gnu/lxc/home/ubuntu/test.txt
>> lxc_conf - conf.c:mount_entry:1731 - Invalid argument - failed to
>> mount '/home/oleg/test.txt' on
>> '/usr/lib/x86_64-linux-gnu/lxc/home/ubuntu/test.txt'
>> lxc_conf - conf.c:lxc_setup:3762 - failed to setup the mount
>> entries for 'debug' lxc_start - start.c:do_start:722 - failed to
>> setup the container
More information about the lxc-users
mailing list