Serge Hallyn (2012-02-09 19:30:29 +0100) wrote: > Quoting Ivan Vilata i Balaguer (i...@selidor.net): >> Hi all. I'm running Debian's LXC 0.7.5 under Linux 3.2.0. I've set up >> a shared mountpoint to dynamically export some host directories into one >> container, like this:: >> >> # mkdir -p /lxc-shared >> # mount --bind /lxc-shared /lxc-shared >> # mount --make-unbindable /lxc-shared >> # mount --make-shared /lxc-shared > > (I should think more before answering, but ...) > > What if you do 'mount --make-rslave /lxc-shared' here? That should > prevent the container's mount actions from being forwarded to the > host.
Thanks for the suggestion! That does prevent a starting container from unmounting bind mounts under /lxc-shared in the host, *however* it also renders (un)mounts performed after the --make-rslave invisible to any container which had access to the directory. E.g. imagine myvm has a /shared directory and this config line:: lxc.mount.entry = /lxc-shared/myvm/ /var/lib/lxc/debtest/rootfs/shared/ none defaults,bind 0 0 Then:: host# mkdir -p /lxc-shared host# mount --bind /lxc-shared /lxc-shared host# mount --make-shared /lxc-shared host# lxc-start -n myvm -d # myvm sees /lxc-shared/myvm at /shared host# mkdir -p /lxc-shared/myvm/foo host# mount --bind /tmp /lxc-shared/myvm/foo # myvm sees mounted /shared/foo host# mount --make-rslave /lxc-shared # myvm still sees mounted /shared/foo host# lxc-start -n myothervm -d # myvm still sees mounted /shared/foo host# mkdir -p /lxc-shared/myvm/bar host# mount --bind /tmp /lxc-shared/myvm/bar # myvm sees /shared/bar but nothing mounted on it! A workaround I found is bind mounting the desired directory *in the container* (which requires not dropping the sys_admin capability):: host# mkdir -p /lxc-shared host# mount --bind /lxc-shared /lxc-shared host# mount --make-shared /lxc-shared host# lxc-start -n myvm -d # myvm sees /lxc-shared/myvm at /shared host# mkdir -p /lxc-shared/myvm/foo host# mount --bind /tmp /lxc-shared/myvm/foo # myvm sees mounted /shared/foo myvm# mount --bind /shared/foo /mnt/foo host# lxc-start -n myothervm -d # host's /lxc-shared/myvm/foo gets unmounted # myvm sees /shared/foo but nothing mounted on it # myvm still sees mounted /mnt/foo host# mkdir -p /lxc-shared/myvm/bar host# mount --bind /tmp /lxc-shared/myvm/bar # myvm sees mounted /shared/bar myvm# mount --bind /shared/bar /mnt/bar # and so on... However, the question still remains: *Why on Earth does starting a container unmount all bind mounts under a shared mount???* Doesn't it look like a bug to you? Thanks & cheers! >> Now I bind mount the host directory under the shared directory:: >> >> # mkdir -p /lxc-shared/myvm/foo >> # mount --bind /tmp /lxc-shared/myvm/foo >> The problem is that whenever I start any container, /lxc-shared/myvm/foo >> gets unmounted (even if it has processes working under it!). This >> affects bind mounts only if they are under shared mountpoints, e.g. if I >> also do this mount on the host:: >> >> # mount --bind /tmp /mnt >> >> It survives after starting the container. >> >> Does anyone know why does this happen? Should I file a bug report? >> Thanks a lot! -- Ivan Vilata i Balaguer -- https://elvil.net/ ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
