Andrian Nord wrote: > On Mon, Feb 01, 2010 at 01:54:15PM -0500, Michael H. Warfield wrote: > >> On Mon, 2010-02-01 at 19:46 +0200, Ciprian Dorin, Craciun wrote: >> >>> Hello all! >>> >>> I have a quite strange problem: the container fails to start and >>> complains about being unable to unmount the old pivot root. >>> (What is strange is that I remember that one moth ago the same >>> setup worked (lxc binaries and config file, but maybe 2.6.31 kernel). >>> Now neither the old binaries or the latest ones from Git don't work.) >>> > > Taken from http://blog.flameeyes.eu/2010/01/31/lxc-s-unpolished-code > "So what about the 0.6.5 problem? Well the problem came to be because > 0.6.5 actually implements a nice feature (contributed by a non-core > developer it seems): root pivoting. The idea is to drop access to the > old root, so that the guest cannot in any way access the host’s > filesystem unless given access to. It’s a very good idea, but there are > two problems with it: it doesn’t really do it systematically, but rather > with a “try and hope” approach, and it failed under certain conditions, > saying that the original root is still busy (note here, since this > happens within the cgroup’s mount namespace, it doesn’t matter to the > rest of the system). > > At the end, last night I was able to identify the problem: I had this > line in the fstab file used by lxc itself: > none /tmp tmpfs size=200m 0 0 > > What’s wrong with it? The mountpoint. The fstab (and lxc.mount commands) > are used without previous validation or handling, so this is not > mounting the /tmp for the guest, but the /tmp for the host, within the > guest’s mount namespace. The result is that /tmp gets mounted twice > (once inherited by the base mount namespace, once within the guest’s > namespace, but it’s only unmounted once (as the unmount list keeps each > mount point exactly once). This is quite an obvious error on my part, I > should have used /media/chroots/tinderbox/tmp as mountpoint, but LXC > being unable to catch the mistake in mountpoint (at least warning about > it) is a definite problem." > > That's Gentoo maintainer for lxc ebuilds. May you check if this is > source of the problem? >
Ha ! Let's check ! :) ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel