Hi all,
The following patch, to vservers.functions in the util-vserver distribution, will do something of a `namespace cleanup' in lieu of the rework to the vserver startup and mount cleanup process that Enrico has planned (I'm told).
That is, with this patch, any filesystems which are NOT within the vserver vdir, or one of its parents, will be unmounted before the vserver's fstab is processed, which certainly isn't as tidy as can be done outside of a shell hack, but will probably work for many.
This is necessary, so that running vservers don't hold a filesystem which is outside their chroot open due to namespaces.
If you are not using namespaces, it will try and unmount virtually every filesystem on your system when you start a vserver. Be warned.
In case it is not clear THIS IS A HACK NOT AN ENDORSED PATCH! :-)
clunker:/usr/local/lib/util-vserver# diff -u vserver.functions{.orig,}
--- vserver.functions.orig 2004-11-02 12:47:33.000000000 +1300
+++ vserver.functions 2004-11-02 12:48:27.000000000 +1300
@@ -667,6 +667,29 @@
test -z "$NAMESPACE_CLEANUP" || isAvoidNamespace "$cfgdir" || \
$_VNAMESPACE --cleanup+ real_vdir=`cd "$vdir" && pwd -P`
+ avoid="$real_vdir(/[^ ]*)?"
+ while [ -n "$real_vdir" ]
+ do
+ real_vdir=`expr $real_vdir : '\(/.*\)/[^/]*'`
+ if [ -n "$real_vdir" ]
+ then
+ avoid="$avoid|$real_vdir"
+ fi
+ done
+
+ pattern="^[^ ]* ($avoid|/) "
+
+ #echo IGNORED MOUNTS "($pattern)":
+ #cat /proc/mounts | tac | egrep "$pattern"
+ #echo REMOVED MOUNTS:
+ cat /proc/mounts | tac | egrep -v "$pattern" |
+ while read dev mntpoint junk
+ do
+ #echo unmounting $mntpoint
+ umount $mntpoint
+ done
+
_mountVserverInternal "$cfgdir"/fstab $_CHBIND "[EMAIL PROTECTED]"
_mountVserverInternal "$cfgdir"/fstab.local
An alternative, if you are not comfortable changing distributed files
(and who is?) is to use something akin to this in /etc/vservers/.defaults/pre-start:
/etc/vservers/.defaults/scripts/pre-start: #!/bin/sh # NOTE: this script will not work in the default configuration VS=`pwd | sed -e 's/\/vdir//;s/.*\///'`
cat /proc/mounts | tac | perl -nlaF/\\s+/ -e 'BEGIN{$VS=shift};
($dev, $loc) = @F;
if ($loc =~ m{^/(vservers(/$VS(/.*)?)?)?$}) {
print "not unmounting $loc ($dev)"
} else {
print "unmounting $loc ($dev)";
system("umount", "-nv", $loc)
}
' $VS
---However, this does not work, because (for example) `/proc' will appear in /proc/mounts three times - once for the root server on /, once for the vserver on /vservers/foo/proc, and then the same mount again which has been overlaid in the VFS table with the recursive bind mount that binds /vservers/foo to /.
That is, there are at pre-start time, two mounts on /proc according to /proc/mounts.
A simple workaround, to keep with the above approach, assumes that all
mounts that fit into the above category don't have a device that has `/dev' in their name, and you don't care about those that are in the above category appearing an extra time in /proc/mounts.
/etc/vservers/.defaults/scripts/pre-start: #!/bin/sh
VS=`pwd | sed -e 's/\/vdir//;s/.*\///'`
cat /proc/mounts | tac | perl -nlaF/\\s+/ -e 'BEGIN{$VS=shift};
($dev, $loc) = @F;
if ($loc =~ m{^/(vservers(/$VS(/.*)?)?)?$} or $dev !~ /dev/) {
print "not unmounting $loc ($dev)"
} else {
print "unmounting $loc ($dev)";
system("umount", "-nv", $loc)
}
' $VS
---
-- Sam Vilain, sam /\T vilain |><>T net, PGP key ID: 0x05B52F13 (include my PGP key ID in personal replies to avoid spam filtering) _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
