Am 25.03.2014 20:30, schrieb Serge Hallyn: > Quoting Florian Klink ([email protected]): >> Hi, >> >> I have the problem that filesystems mounted with lxc.hook.pre-mount stay >> mounted the whole time, even after the container is stopped. >> >> According to my understandinding, mountpoints mounted by these hook >> scripts will be private to the container and cleaned up on container >> stop automatically (man lxc.container.conf): >> >> lxc.hook.pre-mount >> A hook to be run in the container's fs namespace but before the rootfs >> has been set up. This allows for manipulation of the rootfs, i.e. to >> mount an encrypted filesystem. Mounts done in this hook will not be >> reflected on the host (apart from mounts propagation), so they will be >> automatically cleaned up when the container shuts down. >> >> >> >> However, I can see them when running `df` or `mount` on the host, and >> they stay mounted even when the container is stopped (which creates >> weird errors when you try to start the container again). >> >> >> A bit more information about my setup: >> >> Arch Linux amd64, systemd 211, kernel 3.13.6 >> >> I created an archlinux "base image" >> (using pacstrap -d /path/to/base-image base base-devel), and union-mount >> it together with a cow/ directory to the new root. >> >> The hook looks similar to the provided "hooks/mountecryptfsroot": >> >> mount-aufs: >> >> #!/bin/sh >> LXC_COW_PATH=$(echo $LXC_ROOTFS_PATH | sed 's/root$/cow/') >> mount -n -t aufs none ${LXC_ROOTFS_PATH} -o br=${LXC_COW_PATH}=rw:$1=ro >> >> >> container config: >> >> [...] >> lxc.autodev = 1 >> lxc.hook.pre-mount = /var/lib/lxc/container-name/mount-aufs >> /path/to/base/image >> lxc.rootfs = /var/lxc/containers/container-name/root >> [...] >> >> >> >> I also tried to hook an lxc.hook.post-stop script that umounts it, but >> that's also working not reliable... >> >> >> Is this intended behaviour or a bug? > > Sounds like your / is shared. (grep shared /proc/self/mountinfo). > Perhas you can just 'mount --make-rslave /' at the top of > the pre-mount hook.
This one works, thank you :-) Is there any possibility to make this work "out of the box"? Florian _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
