Re: [Lxc-users] Lucid host container - ignored fstab?
Roman Yepishev wrote: Hello, Daniel. Thanks for your reply! On Sun, 2010-04-11 at 09:41 +0200, Daniel Lezcano wrote: When the container starts, it setup the root filesystem. The rootfs is done with the pivot_root syscall, hence the old rootfs contains the mount points which are duplicates with the new rootfs. The code then umount these duplicates entry in the old rootfs without impacting the mount points of the new rootfs. Ok, this makes sense. The mount point specified in the configuration file is setup by lxc without using the mount command, so the /etc/mtab is not updated (which is normal). If you want to check if the mount point is effectively setup, you should check against /proc/mounts. Unfortunately it looks like /proc/mounts provides the same info as the mount command for me - /dev/mapper/fridge-srv / ext4 rw,relatime,barrier=1,data=ordered 0 0 none /dev/console\040(deleted) devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0 none /dev/tty1\040(deleted) devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0 none /proc proc rw,nosuid,nodev,noexec,relatime 0 0 none /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0 none /sys/fs/fuse/connections fusectl rw,relatime 0 0 none /sys/kernel/debug debugfs rw,relatime 0 0 none /sys/kernel/security securityfs rw,relatime 0 0 none /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0 none /dev/shm tmpfs rw,nosuid,nodev,relatime 0 0 none /var/run tmpfs rw,nosuid,relatime,mode=755 0 0 none /var/lock tmpfs rw,nosuid,nodev,noexec,relatime 0 0 none /lib/init/rw tmpfs rw,nosuid,relatime,mode=755 0 0 So the entries from the lxc.mount fstab: /srv/vm/lxc/lemon/rootfs /srv/vm/lxc/rootfs none bind 0 0 /var/cache/apt /srv/vm/lxc/lemon/rootfs/var/cache/apt none bind 0 0 do not appear to be effective. I tried creating the file in /var/cache/apt of the container and it did not appear in the host filesystem so it looks like they are really separated. Is there anything that can be done to debug this problem? And even more interesting, is there anybody else experiencing such kind of issue? I was not able to reproduce the problem with the git head. Maybe the problem was fixed between the 0.6.5 and the git head, but I don't see what commit it could be. What looks weird is you have the log saying the directory was effectively mounted. Is it possible the container's distro unmounts this directory ? Can you check by doing 'lxc-start -n lemon /bin/bash' ? We get ride of the system init script and you can check the content of /proc/mounts, that will give a clear idea of where is coming from the problem (lxc or os). BTW, you will have to mount /proc in the container. Thanks -- Daniel -- Download Intel#174; Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Lucid host container - ignored fstab?
Roman Yepishev wrote: Hello all, I am trying to use LXC to run Ubuntu Lucid Lynx containers on Lucid Lynx hosts. I have succeeded in configuring the container properly so it starts, connects to the network etc. However, as described in [1], my container can remount the /srv partition read-only. I tried to fix it using the fstab entry that was given at [1] but in the end mount gives: r...@lemon:~$ mount /dev/mapper/fridge-srv on / type ext4 (rw) ... Ok, it might not work, I thought. However, after some time I decided to bind-mount /var/cache/apt to container's /var/cache/apt and now my fstab is: /srv/vm/lxc/lemon/rootfs /srv/vm/lxc/rootfs none bind 0 0 /var/cache/apt/srv/vm/lxc/lemon/rootfs/var/cache/apt none bind 0 0 During startup the debug output has the following lines: lxc-start 1270888370.767 DEBUGlxc_conf - mounted /srv/vm/lxc/lemon/rootfs on /srv/vm/lxc/rootfs, type none lxc-start 1270888370.767 DEBUGlxc_conf - mounted /var/cache/apt on /srv/vm/lxc/lemon/rootfs/var/cache/apt, type none So I guess it does mount something, however later on I see the following: lxc-start 1270888370.773 DEBUGlxc_conf - umounted '/lxc-oldrootfs-ib3iB1/srv/vm/lxc/lemon/rootfs/var/cache/apt' When the container starts, it setup the root filesystem. The rootfs is done with the pivot_root syscall, hence the old rootfs contains the mount points which are duplicates with the new rootfs. The code then umount these duplicates entry in the old rootfs without impacting the mount points of the new rootfs. I am not sure I am very clear :) but in other words for each mount points you will see a corresponding line saying umount old-rootfs/, it's a normal behavior. I am not quite sure it should umount that directory, but here's how my mount looks when the system is booted: r...@lemon:/var/cache/apt$ mount /dev/mapper/fridge-srv on / type ext4 (rw) none on /proc type proc (rw,noexec,nosuid,nodev) none on /sys type sysfs (rw,noexec,nosuid,nodev) none on /dev/console type devpts (rw,noexec,nosuid,relatime,gid=5,mode=620,ptmxmode=000) none on /dev/tty1 type devpts (rw,noexec,nosuid,relatime,gid=5,mode=620,ptmxmode=000) none on /sys/fs/fuse/connections type fusectl (rw) none on /sys/kernel/debug type debugfs (rw) none on /sys/kernel/security type securityfs (rw) none on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620) none on /dev/shm type tmpfs (rw,nosuid,nodev) none on /var/run type tmpfs (rw,nosuid,mode=0755) none on /var/lock type tmpfs (rw,noexec,nosuid,nodev) none on /lib/init/rw type tmpfs (rw,nosuid,mode=0755) Is there anything wrong with my set up? It looks like my first attempt to protect /srv fails due to the same issue - bind mounts do not work in the container for me. The mount point specified in the configuration file is setup by lxc without using the mount command, so the /etc/mtab is not updated (which is normal). If you want to check if the mount point is effectively setup, you should check against /proc/mounts. Thanks -- Daniel -- Download Intel#174; Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] Lucid host container - ignored fstab?
Hello all, I am trying to use LXC to run Ubuntu Lucid Lynx containers on Lucid Lynx hosts. I have succeeded in configuring the container properly so it starts, connects to the network etc. However, as described in [1], my container can remount the /srv partition read-only. I tried to fix it using the fstab entry that was given at [1] but in the end mount gives: r...@lemon:~$ mount /dev/mapper/fridge-srv on / type ext4 (rw) ... Ok, it might not work, I thought. However, after some time I decided to bind-mount /var/cache/apt to container's /var/cache/apt and now my fstab is: /srv/vm/lxc/lemon/rootfs /srv/vm/lxc/rootfs none bind 0 0 /var/cache/apt/srv/vm/lxc/lemon/rootfs/var/cache/apt none bind 0 0 During startup the debug output has the following lines: lxc-start 1270888370.767 DEBUGlxc_conf - mounted /srv/vm/lxc/lemon/rootfs on /srv/vm/lxc/rootfs, type none lxc-start 1270888370.767 DEBUGlxc_conf - mounted /var/cache/apt on /srv/vm/lxc/lemon/rootfs/var/cache/apt, type none So I guess it does mount something, however later on I see the following: lxc-start 1270888370.773 DEBUGlxc_conf - umounted '/lxc-oldrootfs-ib3iB1/srv/vm/lxc/lemon/rootfs/var/cache/apt' I am not quite sure it should umount that directory, but here's how my mount looks when the system is booted: r...@lemon:/var/cache/apt$ mount /dev/mapper/fridge-srv on / type ext4 (rw) none on /proc type proc (rw,noexec,nosuid,nodev) none on /sys type sysfs (rw,noexec,nosuid,nodev) none on /dev/console type devpts (rw,noexec,nosuid,relatime,gid=5,mode=620,ptmxmode=000) none on /dev/tty1 type devpts (rw,noexec,nosuid,relatime,gid=5,mode=620,ptmxmode=000) none on /sys/fs/fuse/connections type fusectl (rw) none on /sys/kernel/debug type debugfs (rw) none on /sys/kernel/security type securityfs (rw) none on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620) none on /dev/shm type tmpfs (rw,nosuid,nodev) none on /var/run type tmpfs (rw,nosuid,mode=0755) none on /var/lock type tmpfs (rw,noexec,nosuid,nodev) none on /lib/init/rw type tmpfs (rw,nosuid,mode=0755) Is there anything wrong with my set up? It looks like my first attempt to protect /srv fails due to the same issue - bind mounts do not work in the container for me. I am using the version of lxc userspace tools that is bundled with Lucid Lynx, 0.6.5-1 on 2.6.32-19-server kernel. [1] http://www.mail-archive.com/lxc-de...@lists.sourceforge.net/msg00126.html -- Roman Yepishev roman.yepis...@yandex.ua signature.asc Description: This is a digitally signed message part -- Download Intel#174; Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
