Roman Yepishev wrote: > Hello all, > > I am trying to use LXC to run Ubuntu Lucid Lynx containers on Lucid Lynx > hosts. I have succeeded in configuring the container properly so it > starts, connects to the network etc. > > However, as described in [1], my container can remount the /srv > partition read-only. I tried to fix it using the fstab entry that was > given at [1] but in the end mount gives: > > r...@lemon:~$ mount > /dev/mapper/fridge-srv on / type ext4 (rw) > ... > > "Ok, it might not work", I thought. > > However, after some time I decided to bind-mount /var/cache/apt to > container's /var/cache/apt and now my fstab is: > > /srv/vm/lxc/lemon/rootfs /srv/vm/lxc/rootfs none bind 0 0 > /var/cache/apt /srv/vm/lxc/lemon/rootfs/var/cache/apt none bind 0 0 > > During startup the debug output has the following lines: > lxc-start 1270888370.767 DEBUG lxc_conf - mounted /srv/vm/lxc/lemon/rootfs > on /srv/vm/lxc/rootfs, type none > lxc-start 1270888370.767 DEBUG lxc_conf - mounted /var/cache/apt on > /srv/vm/lxc/lemon/rootfs/var/cache/apt, type none > > So I guess it does mount something, however later on I see the > following: > lxc-start 1270888370.773 DEBUG lxc_conf - umounted > '/lxc-oldrootfs-ib3iB1/srv/vm/lxc/lemon/rootfs/var/cache/apt' >
When the container starts, it setup the root filesystem. The rootfs is done with the pivot_root syscall, hence the old rootfs contains the mount points which are duplicates with the new rootfs. The code then umount these duplicates entry in the old rootfs without impacting the mount points of the new rootfs. I am not sure I am very clear :) but in other words for each mount points you will see a corresponding line saying "umount old-rootfs/....", it's a normal behavior. > I am not quite sure it should umount that directory, but here's how my > mount looks when the system is booted: > r...@lemon:/var/cache/apt$ mount > /dev/mapper/fridge-srv on / type ext4 (rw) > none on /proc type proc (rw,noexec,nosuid,nodev) > none on /sys type sysfs (rw,noexec,nosuid,nodev) > none on /dev/console type devpts > (rw,noexec,nosuid,relatime,gid=5,mode=620,ptmxmode=000) > none on /dev/tty1 type devpts > (rw,noexec,nosuid,relatime,gid=5,mode=620,ptmxmode=000) > none on /sys/fs/fuse/connections type fusectl (rw) > none on /sys/kernel/debug type debugfs (rw) > none on /sys/kernel/security type securityfs (rw) > none on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620) > none on /dev/shm type tmpfs (rw,nosuid,nodev) > none on /var/run type tmpfs (rw,nosuid,mode=0755) > none on /var/lock type tmpfs (rw,noexec,nosuid,nodev) > none on /lib/init/rw type tmpfs (rw,nosuid,mode=0755) > > Is there anything wrong with my set up? It looks like my first attempt > to protect /srv fails due to the same issue - bind mounts do not work in > the container for me. > The mount point specified in the configuration file is setup by lxc without using the "mount" command, so the /etc/mtab is not updated (which is normal). If you want to check if the mount point is effectively setup, you should check against /proc/mounts. Thanks -- Daniel ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users