> On Sat, Feb 07, 2015 at 06:44:31PM +0100, Christian Brauner wrote: > > When an init such as systemd mounts a folder as a tmpfs during startup and > > the > > lxc defines a bind-mount on the same folder in the containers config it > > will be > > overmounted on container startup. Here is an example. Create an archlinux > > (or > > fedora) container with: > > > > sudo lxc-create -t archlinux -n arch > > > > define a bind-mount on /tmp in the containers config in: > > > > /var/lib/lxc/arch/config > > > > with > > > > lxc.mount.entry=/tmp/.X11-unix tmp/.X11-unix none ro,bind,create=dir 0 0 > > > > to mount the X0 socket of the X-server for e.g. graphical output. Now boot > > the > > container. Altough lxc creates the bind-mount as can be seen e.g. from the > > logs, the X0 socker will not show up under /tmp/.X11-unix as systemd's > > tmp.mount unit mounts /tmp as a tmpfs over lxc's bind mount. This can be > > verified in two steps. By doing > > > > findmnt --target /tmp > > > > in the container. This will show: > > > > [root at arch ~]# findmnt --target /tmp/ > > TARGET SOURCE FSTYPE OPTIONS > > /tmp tmpfs tmpfs rw > > > > And then by unmounting /tmp with: > > > > umount /tmp > > > > After this, the X0 socket will show up under /tmp/.X11-unix. I think Ubuntu > > has > > a downstream patch because tmp is somehow treated differently on > > Debian-based > > distros. (It must either be > > Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch or > > Don-t-mount-tmp-as-tmpfs-by-default.patch as seen in the source code of > > systemd_218-7ubuntu1.debian.tar.xz.) But for any other distro not using this > > downstream patch this is a problem. When you want to have the default > > behavior > > of having /tmp cleaned out on shutdown or reboot it is neither a good > > option to > > disable nor to mask the service. Maybe, there is a workaround such that > > lxc' s > > bind-mounts are respected/reflected even when on a mountpoint that gets > > mounted > > as tmpfs during boot? > > > > I also filed this as a github issue but a) I'm unsure whether it's lxc's > > job or > > upstream systemd-related and b) is there an easy workaround apart from > > disabling/masking tmp.mount or doing umount /tmp everytime after the > > container > > has been started. > > > > Christian > > There isn't really anything LXC can do to prevent over-mounting. You > could drop the capability and thus prevent systemd from mounting > anything, but I'm pretty sure that'd just fail your container boot > entirely. > > One thing that may however work, depending on how clever systemd is, is to > add: > lxc.mount.entry = tmpfs /tmp tmpfs defaults >
That actually does work with a slight modification:
lxc.mount.entry = tmpfs tmp tmpfs defaults
systemd seems smart enough :)
Thank you very much!
> Before the bind-mount line. This will cause lxc to mount your /tmp
> before starting init. If systemd is clever, it'll detect it was already
> mounted and will leave it alone.
>
>
> If that trick doesn't work, then you've got two solutions:
> - Patch systemd
> - Bind-mount to some other path which doesn't get over-mounted, then
> have a systemd job mount --move it back to place during boot.
>
>
> --
> Stéphane Graber
> Ubuntu developer
> http://www.ubuntu.com
>
pgp846Hd4cpUb.pgp
Description: PGP signature
_______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
