During my testing I ran back into the issue of lxc-stop marking /var/lib/lxc read-only.
So here is the deal. When a container shuts down, it tries to remount its / readonly. That doesn't work if the mount is busy (i.e. a file is held open for write). If /var/lib/lxc is on the same fs as '/', or if a second container is running, you'll see mount: / is busy on the console, and /var/lib/lxc won't be set to readonly. But if you create a new fs and mount it onto /var/lib/lxc, and start only a single container there, then /var/lib/lxc is marked readonly after shutdown (and the '/ is busy' message doesn't show up). Now as Dave has several times helped us to remember, this happens because mount --bind -o remount,ro / sets the mount's readonly flag, but mount -o remount,ro / sets the superblock's readonly flag. And there is only one sb for all the bind mounts. This gets particularly nasty when you develop dreams of using btrfs snapshots for containers. Because all the subvolumes will share a sb. So - a workaround, for now, is to have /etc/init.d/lxc on the host make sure that a file under /var/lib/lxc is always held open :) A proper fix is possible though. Thanks again to Dave for thinking of it. In the kernel source, at fs/namespace.c:do_remount(), there is: if (flags & MS_BIND) err = change_mount_flags(path->mnt, flags); else err = do_remount_sb(sb, flags, data, 0); I think it would be conceptually clean to do something like: if (flags & MS_BIND || devcgroup_write_allowed(sb)) err = change_mount_flags(path->mnt, flags); else err = do_remount_sb(sb, flags, data, 0); where devcgroup_write_allowed() would be much like security/device_cgroup:__devcgroup_inode_permission(), but using the sb->s_dev. The idea would be, the devices cgroup isn't letting you mount that major:minor, so why would you be able to change an existing mount? If someone cares to work on the proper kernel patch, please send an email to make sure there's no duplicate effort. I don't expect to do it this week though. -serge ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users