[lxc-devel] [PATCH 1/1] ubuntu templates: add some kernel filesystems to container fstab

Wed, 17 Jul 2013 07:41:49 -0700 

The debugfs, fusectl, and securityfs may not be mounted inside a
non-init userns.  But mountall hangs waiting for them to be
mounted.  So just pre-mount them using $lxcpath/$name/fstab as
bind mounts, which will prevent mountall from trying to mount
them.

If the kernel doesn't provide them, then the bind mount failure
will be ignored, and mountall in the container will proceed
without the mount since it is 'optional'.  But without these
bind mounts, starting a container inside a user namespace
hangs.

Signed-off-by: Serge Hallyn <serge.hal...@ubuntu.com>
---
 templates/lxc-ubuntu-cloud.in | 3 +++
 templates/lxc-ubuntu.in       | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/templates/lxc-ubuntu-cloud.in b/templates/lxc-ubuntu-cloud.in
index 5ffb5ba..480ef14 100644
--- a/templates/lxc-ubuntu-cloud.in
+++ b/templates/lxc-ubuntu-cloud.in
@@ -96,6 +96,9 @@ EOF
     cat <<EOF > $path/fstab
 proc            proc         proc    nodev,noexec,nosuid 0 0
 sysfs           sys          sysfs defaults  0 0
+/sys/fs/fuse/connections sys/fs/fuse/connections none bind 0 0
+/sys/kernel/debug sys/kernel/debug none bind 0 0
+/sys/kernel/security sys/kernel/security none bind 0 0
 EOF
 
     # rmdir /dev/shm for containers that have /run/shm
diff --git a/templates/lxc-ubuntu.in b/templates/lxc-ubuntu.in
index 0b73529..af3c2b3 100644
--- a/templates/lxc-ubuntu.in
+++ b/templates/lxc-ubuntu.in
@@ -427,6 +427,9 @@ EOF
     cat <<EOF > $path/fstab
 proc            proc         proc    nodev,noexec,nosuid 0 0
 sysfs           sys          sysfs defaults  0 0
+/sys/fs/fuse/connections sys/fs/fuse/connections none bind 0 0
+/sys/kernel/debug sys/kernel/debug none bind 0 0
+/sys/kernel/security sys/kernel/security none bind 0 0
 EOF
 
     if [ $? -ne 0 ]; then
-- 
1.8.1.2


------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

Reply via email to