On Sat, Feb 07, 2015 at 06:44:31PM +0100, Christian Brauner wrote: > When an init such as systemd mounts a folder as a tmpfs during startup and the > lxc defines a bind-mount on the same folder in the containers config it will > be > overmounted on container startup. Here is an example. Create an archlinux (or > fedora) container with: > > sudo lxc-create -t archlinux -n arch > > define a bind-mount on /tmp in the containers config in: > > /var/lib/lxc/arch/config > > with > > lxc.mount.entry=/tmp/.X11-unix tmp/.X11-unix none ro,bind,create=dir 0 0 > > to mount the X0 socket of the X-server for e.g. graphical output. Now boot the > container. Altough lxc creates the bind-mount as can be seen e.g. from the > logs, the X0 socker will not show up under /tmp/.X11-unix as systemd's > tmp.mount unit mounts /tmp as a tmpfs over lxc's bind mount. This can be > verified in two steps. By doing > > findmnt --target /tmp > > in the container. This will show: > > [root@arch ~]# findmnt --target /tmp/ > TARGET SOURCE FSTYPE OPTIONS > /tmp tmpfs tmpfs rw > > And then by unmounting /tmp with: > > umount /tmp > > After this, the X0 socket will show up under /tmp/.X11-unix. I think Ubuntu > has > a downstream patch because tmp is somehow treated differently on Debian-based > distros. (It must either be > Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch or > Don-t-mount-tmp-as-tmpfs-by-default.patch as seen in the source code of > systemd_218-7ubuntu1.debian.tar.xz.) But for any other distro not using this > downstream patch this is a problem. When you want to have the default behavior > of having /tmp cleaned out on shutdown or reboot it is neither a good option > to > disable nor to mask the service. Maybe, there is a workaround such that lxc' s > bind-mounts are respected/reflected even when on a mountpoint that gets > mounted > as tmpfs during boot? > > I also filed this as a github issue but a) I'm unsure whether it's lxc's job > or > upstream systemd-related and b) is there an easy workaround apart from > disabling/masking tmp.mount or doing umount /tmp everytime after the container > has been started. > > Christian
There isn't really anything LXC can do to prevent over-mounting. You could drop the capability and thus prevent systemd from mounting anything, but I'm pretty sure that'd just fail your container boot entirely. One thing that may however work, depending on how clever systemd is, is to add: lxc.mount.entry = tmpfs /tmp tmpfs defaults Before the bind-mount line. This will cause lxc to mount your /tmp before starting init. If systemd is clever, it'll detect it was already mounted and will leave it alone. If that trick doesn't work, then you've got two solutions: - Patch systemd - Bind-mount to some other path which doesn't get over-mounted, then have a systemd job mount --move it back to place during boot. -- Stéphane Graber Ubuntu developer http://www.ubuntu.com
signature.asc
Description: Digital signature
_______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
