Quoting Christian Brauner ([email protected]): > On Sun, Feb 01, 2015 at 12:00:01PM +0000, > [email protected] wrote: > > Date: Sun, 1 Feb 2015 07:38:57 +0000 > > From: Serge Hallyn <[email protected]> > > To: LXC users mailing-list <[email protected]> > > Subject: Re: [lxc-users] Block devices not permitted on file system > > > > Quoting Christian Brauner ([email protected]): > > > Hello, > > > > > > booting unprivileged ubuntu trusty and vivid container I get the > > > following messaged when shutting them down: > > > > > > umount: /dev/zero: block devices are not permitted on filesystem > > > > Apparently this is an error emitted by umount.c in util-linux when it > > gets a -EACCES. My guess is that your underlying fs has real blockdevs, > > and the fs is MS_NODEV, and umount is somehow finding that unmounting > > the file mounted over those files would violate MS_NODEV. I say somehow > > bc I don't see the code doing that check. > > > > Though it's also possible that umount is misdiagnosing the EACCES. > > Just to be sure, you could try booting the container without apparmor: > > > > lxc.aa_profile = unconfined > > > > and see if that still does it. > That won't help as I'm on an Archlinux box which does not use Apparmor and I > did not compile it into my kernel. My lxc version is 1.1, cgmanger 0.35, lxcfs > 0.5
Ah, well that's just as helpful :) Which kernel version are you using? > At least the output of findmnt does not show any "nodev" for /dev/sda2: Is this from the host or container? (looks like the host; if it is, can you show /proc/1/mountinfo in the container?) I was wondering whether https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3e1866410f11356a9fd869beb3e95983dc79c067 or https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9566d6742852c527bf5af38af5cbb878dad75705 could be involved, though looking more closely i guess probably not. > [chb@conventiont ~]$ findmnt > TARGET SOURCE FSTYPE OPTIONS > / /dev/sda2[/@] btrfs > rw,relatime,compress-force=lzo,space_cache,autodefrag > ├─/proc proc proc > rw,nosuid,nodev,noexec,relatime > │ └─/proc/sys/fs/binfmt_misc systemd-1 autofs > rw,relatime,fd=28,pgrp=1,timeout=300,minproto=5,maxproto=5,direct > │ └─/proc/sys/fs/binfmt_misc binfmt_misc binfmt_misc rw,relatime > ├─/sys sys sysfs > rw,nosuid,nodev,noexec,relatime > │ ├─/sys/kernel/security securityfs securityfs > rw,nosuid,nodev,noexec,relatime > │ ├─/sys/fs/cgroup tmpfs tmpfs rw,mode=755 > │ │ ├─/sys/fs/cgroup/systemd cgroup cgroup > rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd > │ │ ├─/sys/fs/cgroup/cpu,cpuacct cgroup cgroup > rw,nosuid,nodev,noexec,relatime,cpu,cpuacct > │ │ ├─/sys/fs/cgroup/devices cgroup cgroup > rw,nosuid,nodev,noexec,relatime,devices > │ │ ├─/sys/fs/cgroup/freezer cgroup cgroup > rw,nosuid,nodev,noexec,relatime,freezer > │ │ ├─/sys/fs/cgroup/hugetlb cgroup cgroup > rw,nosuid,nodev,noexec,relatime,hugetlb,release_agent=/run/cgmanager/agents/cgm-release-agent.hugetlb > │ │ ├─/sys/fs/cgroup/cpuset cgroup cgroup > rw,nosuid,nodev,noexec,relatime,cpuset,clone_children > │ │ ├─/sys/fs/cgroup/blkio cgroup cgroup > rw,nosuid,nodev,noexec,relatime,blkio > │ │ ├─/sys/fs/cgroup/memory cgroup cgroup > rw,nosuid,nodev,noexec,relatime,memory > │ │ ├─/sys/fs/cgroup/debug cgroup cgroup > rw,nosuid,nodev,noexec,relatime,debug > │ │ ├─/sys/fs/cgroup/net_cls cgroup cgroup > rw,nosuid,nodev,noexec,relatime,net_cls > │ │ └─/sys/fs/cgroup/perf_event cgroup cgroup > rw,nosuid,nodev,noexec,relatime,perf_event,release_agent=/run/cgmanager/agents/cgm-release-agent.perf_event > │ ├─/sys/fs/pstore pstore pstore > rw,nosuid,nodev,noexec,relatime > │ ├─/sys/firmware/efi/efivars efivarfs efivarfs > rw,nosuid,nodev,noexec,relatime > │ ├─/sys/kernel/debug debugfs debugfs rw,relatime > │ ├─/sys/fs/fuse/connections fusectl fusectl rw,relatime > │ └─/sys/kernel/config configfs configfs rw,relatime > ├─/dev dev devtmpfs > rw,nosuid,relatime,size=4035240k,nr_inodes=1008810,mode=755 > │ ├─/dev/shm tmpfs tmpfs rw,nosuid,nodev > │ ├─/dev/pts devpts devpts > rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 > │ ├─/dev/hugepages hugetlbfs hugetlbfs rw,relatime > │ └─/dev/mqueue mqueue mqueue rw,relatime > ├─/run run tmpfs > rw,nosuid,nodev,relatime,mode=755 > │ └─/run/user/1000 tmpfs tmpfs > rw,nosuid,nodev,relatime,size=807664k,mode=700,uid=1000,gid=1000 > ├─/tmp tmpfs tmpfs rw > ├─/boot /dev/sda1 vfat > rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro > └─/var/lib/docker/btrfs /dev/sda2[/@/var/lib/docker/btrfs] > > > > > > > > umount: /dev/urandom: block devices are not permitted on filesystem > > > umount: /dev/tty: block devices are not permitted on filesystem > > > umount: /dev/random: block devices are not permitted on filesystem > > > umount: /dev/null: block devices are not permitted on filesystem > > > umount: /dev/full: block devices are not permitted on filesystem > > > umount: /dev/console: block devices are not permitted on filesystem > > > > > > that goes for basically all device bind-mounts: > > > > > > umount: /dev/fb0: block devices are not permitted on filesystem > > > umount: /dev/video0: block devices are not permitted on filesystem > > > umount: /dev/dri: block devices are not permitted on filesystem > > > umount: /dev/snd: block devices are not permitted on filesystem > > > umount: /dev/zero: block devices are not permitted on filesystem > > > umount: /dev/urandom: block devices are not permitted on filesystem > > > umount: /dev/tty: block devices are not permitted on filesystem > > > umount: /dev/random: block devices are not permitted on filesystem > > > umount: /dev/null: block devices are not permitted on filesystem > > > umount: /dev/full: block devices are not permitted on filesystem > > > umount: /dev/console: block devices are not permitted on filesystem > > > > > > Can someone explain this? > > > > > > Best, > > > Christian > > > _______________________________________________ > > > lxc-users mailing list > > > [email protected] > > > http://lists.linuxcontainers.org/listinfo/lxc-users > > > > > > _______________________________________________ > > lxc-users mailing list > > [email protected] > > http://lists.linuxcontainers.org/listinfo/lxc-users > > _______________________________________________ > lxc-users mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-users _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
