[libvirt] [PATCH] LXC: create a bind mount for sysfs when enable userns but disable netns
Daniel P. Berrange
berrange at redhat.com
Thu Mar 19 17:28:27 UTC 2015
On Thu, Mar 19, 2015 at 06:04:57PM +0100, Richard Weinberger wrote:
> Am 19.03.2015 um 17:58 schrieb Daniel P. Berrange:
> > On Thu, Mar 19, 2015 at 05:54:32PM +0100, Richard Weinberger wrote:
> >> Am 11.03.2015 um 10:36 schrieb Richard Weinberger:
> >>> Am 11.03.2015 um 03:30 schrieb Chen, Hanxiao:
> >>>>>> @@ -826,8 +829,25 @@ static int lxcContainerMountBasicFS(bool userns_enabled)
> >>>>>> bool bindOverReadonly;
> >>>>>> virLXCBasicMountInfo const *mnt = &lxcBasicMounts[i];
> >>>>>>
> >>>>>> + /* When enable userns but disable netns, kernel will
> >>>>>> + * forbid us doing a new fresh mount for sysfs.
> >>>>>> + * So we had to do a bind mount for sysfs instead.
> >>>>>> + */
> >>>>>> + if (userns_enabled && netns_disabled &&
> >>>>>> + STREQ(mnt->src, "sysfs")) {
> >>>>>> + if (VIR_STRDUP(mnt_src, "/sys") < 0) {
> >>>>>> + goto cleanup;
> >>>>>> + }
> >>>>>
> >>>>> This is clearly broken and looks very untested to me.
> >>>>>
> >>>> It's broken now.
> >>>> But when I submitted this patch last year, it's not.
> >>>
> >>> Are you sure?
> >>> Just built libvirt v1.2.6-222-ga86b621, head is
> >>> commit a86b6215a74b1feb2667204e214fbfd2f7decc5c
> >>> Author: Chen Hanxiao <chenhanxiao at cn.fujitsu.com>
> >>> Date: Mon Jul 14 18:01:51 2014 +0800
> >>>
> >>> LXC: create a bind mount for sysfs when enable userns but disable netns
> >>>
> >>> /sys is still an empty directory but as at this time (most likely due to another bug)
> >>> libvirt was able to create /sys/fs/cgroup and mounted groups there.
> >>> But no sysfs at all is at /sys.
> >>>
> >>> I mean, how is this supposed to work? You bind mount /sys over /sys...
> >>
> >> Any further comments on that?
> >
> > It just looks impossible for it to work in this way
>
> That's also my impression.
>
> Therefore containers without their own network namespace currently don't work
> and have never worked as expected.
No, it is only a problem if userns is used. If userns is not used then
they do work
> Shall we revert commit a86b6215a74b and try to bind mount
> before the pivot_root()?
Not sure if that works with userns is active either.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list