Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

lxc.mount.entry bind mounts not respected on tmpfs filesystems #434

Closed
brauner opened this issue Feb 7, 2015 · 4 comments
Closed

lxc.mount.entry bind mounts not respected on tmpfs filesystems #434

brauner opened this issue Feb 7, 2015 · 4 comments

Comments

@brauner
Copy link
Member

@brauner brauner commented Feb 7, 2015

When an init such as systemd mounts a folder as a tmpfs during startup and the lxc defines a bind-mount on the same folder in the containers config it will be overmounted on container startup. Here is an example. Create an archlinux (or fedora) container with:

sudo lxc-create -t archlinux -n arch

define a bind-mount on /tmp in the containers config in:

/var/lib/lxc/arch/config

with

lxc.mount.entry=/tmp/.X11-unix tmp/.X11-unix none ro,bind,create=dir 0 0

to mount the X0 socket of the X-server for e.g. graphical output. Now boot the container. Altough lxc creates the bind-mount as can be seen e.g. from the logs, the X0 socker will not show up under /tmp/.X11-unix as systemd's tmp.mount unit mounts /tmp as a tmpfs over lxc's bind mount. This can be verified in two steps. By doing

findmnt --target /tmp

in the container. This will show:

[root@arch ~]# findmnt --target /tmp/
TARGET SOURCE FSTYPE OPTIONS
/tmp   tmpfs  tmpfs  rw

And then by unmounting /tmp with:

umount /tmp

After this, the X0 socket will show up under /tmp/.X11-unix. I think Ubuntu has a downstream patch because tmp is somehow treated differently on Debian-based distros. (It must either be Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch or Don-t-mount-tmp-as-tmpfs-by-default.patch as seen in the source code of systemd_218-7ubuntu1.debian.tar.xz.) But for any other distro not using this downstream patch this is a problem. When you want to have the default behavior of having /tmp cleaned out on shutdown or reboot it is neither a good option to disable nor to mask the service. Maybe, there is a workaround such that lxc' s bind-mounts are respected/reflected even when on a mountpoint that gets mounted as tmpfs during boot?

@brauner

This comment has been minimized.

Copy link
Member Author

@brauner brauner commented Feb 7, 2015

Here is Stéphane's solution given on the lxc-user mailing list. Quoting:

There isn't really anything LXC can do to prevent over-mounting. You
could drop the capability and thus prevent systemd from mounting
anything, but I'm pretty sure that'd just fail your container boot
entirely.

One thing that may however work, depending on how clever systemd is, is to add:
lxc.mount.entry = tmpfs /tmp tmpfs defaults

Before the bind-mount line. This will cause lxc to mount your /tmp
before starting init. If systemd is clever, it'll detect it was already
mounted and will leave it alone.

The solution is perfect. It contains just a minor mistake. The line "lxc.mount.entry = tmpfs /tmp tmpfs defaults" needs to be:

lxc.mount.entry = tmpfs tmp tmpfs defaults
@brauner brauner closed this Feb 7, 2015
@graysky2

This comment has been minimized.

Copy link

@graysky2 graysky2 commented Sep 8, 2017

@brauner - Is this line still needed under version 2.1? Adjusted for the new keys it would read:

lxc.mount.fstab = tmpfs tmp tmpfs defaults
@brauner

This comment has been minimized.

Copy link
Member Author

@brauner brauner commented Sep 8, 2017

@graysky2, hm, that line should have always read:

lxc.mount.entry = tmpfs tmp tmpfs defaults

The line you're referring to lxc.mount.fstab (the line formerly known as lxc.mount should be a path to a file in the format of fstab.

Whether it's needed or not depends on your init system. systemd should mount it automaticall actually. Not sure about other init systems.

@graysky2

This comment has been minimized.

Copy link

@graysky2 graysky2 commented Sep 8, 2017

@brauner - Thank you for the clarification.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
2 participants
You can’t perform that action at this time.