Re: [lxc-devel] LXC container fails to start by complaining that it is unable to unmount the old pivot-root
On Mon, Feb 01, 2010 at 01:54:15PM -0500, Michael H. Warfield wrote: On Mon, 2010-02-01 at 19:46 +0200, Ciprian Dorin, Craciun wrote: Hello all! I have a quite strange problem: the container fails to start and complains about being unable to unmount the old pivot root. (What is strange is that I remember that one moth ago the same setup worked (lxc binaries and config file, but maybe 2.6.31 kernel). Now neither the old binaries or the latest ones from Git don't work.) Taken from http://blog.flameeyes.eu/2010/01/31/lxc-s-unpolished-code So what about the 0.6.5 problem? Well the problem came to be because 0.6.5 actually implements a nice feature (contributed by a non-core developer it seems): root pivoting. The idea is to drop access to the old root, so that the guest cannot in any way access the host’s filesystem unless given access to. It’s a very good idea, but there are two problems with it: it doesn’t really do it systematically, but rather with a “try and hope” approach, and it failed under certain conditions, saying that the original root is still busy (note here, since this happens within the cgroup’s mount namespace, it doesn’t matter to the rest of the system). At the end, last night I was able to identify the problem: I had this line in the fstab file used by lxc itself: none /tmp tmpfs size=200m 0 0 What’s wrong with it? The mountpoint. The fstab (and lxc.mount commands) are used without previous validation or handling, so this is not mounting the /tmp for the guest, but the /tmp for the host, within the guest’s mount namespace. The result is that /tmp gets mounted twice (once inherited by the base mount namespace, once within the guest’s namespace, but it’s only unmounted once (as the unmount list keeps each mount point exactly once). This is quite an obvious error on my part, I should have used /media/chroots/tinderbox/tmp as mountpoint, but LXC being unable to catch the mistake in mountpoint (at least warning about it) is a definite problem. That's Gentoo maintainer for lxc ebuilds. May you check if this is source of the problem? -- The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] LXC container fails to start by complaining that it is unable to unmount the old pivot-root
Andrian Nord wrote: On Mon, Feb 01, 2010 at 01:54:15PM -0500, Michael H. Warfield wrote: On Mon, 2010-02-01 at 19:46 +0200, Ciprian Dorin, Craciun wrote: Hello all! I have a quite strange problem: the container fails to start and complains about being unable to unmount the old pivot root. (What is strange is that I remember that one moth ago the same setup worked (lxc binaries and config file, but maybe 2.6.31 kernel). Now neither the old binaries or the latest ones from Git don't work.) Taken from http://blog.flameeyes.eu/2010/01/31/lxc-s-unpolished-code So what about the 0.6.5 problem? Well the problem came to be because 0.6.5 actually implements a nice feature (contributed by a non-core developer it seems): root pivoting. The idea is to drop access to the old root, so that the guest cannot in any way access the host’s filesystem unless given access to. It’s a very good idea, but there are two problems with it: it doesn’t really do it systematically, but rather with a “try and hope” approach, and it failed under certain conditions, saying that the original root is still busy (note here, since this happens within the cgroup’s mount namespace, it doesn’t matter to the rest of the system). At the end, last night I was able to identify the problem: I had this line in the fstab file used by lxc itself: none /tmp tmpfs size=200m 0 0 What’s wrong with it? The mountpoint. The fstab (and lxc.mount commands) are used without previous validation or handling, so this is not mounting the /tmp for the guest, but the /tmp for the host, within the guest’s mount namespace. The result is that /tmp gets mounted twice (once inherited by the base mount namespace, once within the guest’s namespace, but it’s only unmounted once (as the unmount list keeps each mount point exactly once). This is quite an obvious error on my part, I should have used /media/chroots/tinderbox/tmp as mountpoint, but LXC being unable to catch the mistake in mountpoint (at least warning about it) is a definite problem. That's Gentoo maintainer for lxc ebuilds. May you check if this is source of the problem? Ha ! Let's check ! :) -- The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
