clear_config_item('lxc.mount.entries') leaves container config broken

[jeremiahsnapp]

Ever since I believe liblxc 1.1.2 and up to at least 1.1.5-0ubuntu3ubuntu15.04.1ppa1 clear_config_item('lxc.mount.entries') doesn't actually remove the lxc.mount.entry lines from the config. Instead it just adds an lxc.mount.entries = line to the config.

In #559 (comment) @stgraber talks about how "clear_config_item leaves network key empty on config file" is expected and normal but in this case the lxc.mount.entries = line is invalid and breaks the container.

Here is the version of liblxc I have installed.

# dpkg -l | grep liblxc
ii  liblxc1                             1.1.5-0ubuntu3~ubuntu15.04.1~ppa1 amd64        Linux Containers userspace tools (library)

Here are the lxc.mount.entry lines in my container's config.

# grep mount /var/lib/lxc/testing.lxc/config
lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
lxc.mount.entry = sysfs sys sysfs defaults 0 0
lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none bind,optional 0 0
lxc.mount.entry = /sys/kernel/debug sys/kernel/debug none bind,optional 0 0
lxc.mount.entry = /sys/kernel/security sys/kernel/security none bind,optional 0 0
lxc.mount.entry = /sys/fs/pstore sys/fs/pstore none bind,optional 0 0
lxc.mount.entry = /root/dev root/dev none bind,optional,create=dir 0 0

Here I am using ruby's Pry to try to remove the lxc.mount.entry lines from the config. Normally in my application I would replace the lines with my own set but here I will just demonstrate the broken functionality.

# pry
[1] pry(main)> require 'lxc'
=> true
[2] pry(main)> c = LXC::Container.new('testing.lxc')
=> #<LXC::Container:0x00000001f18488>
[3] pry(main)> c.config_item('lxc.mount.entry')
=> ["proc proc proc nodev,noexec,nosuid 0 0",
 "sysfs sys sysfs defaults 0 0",
 "/sys/fs/fuse/connections sys/fs/fuse/connections none bind,optional 0 0",
 "/sys/kernel/debug sys/kernel/debug none bind,optional 0 0",
 "/sys/kernel/security sys/kernel/security none bind,optional 0 0",
 "/sys/fs/pstore sys/fs/pstore none bind,optional 0 0",
 "/root/dev root/dev none bind,optional,create=dir 0 0"]
[4] pry(main)> c.clear_config_item('lxc.mount.entries')
=> #<LXC::Container:0x00000001f18488>
[5] pry(main)> c.config_item('lxc.mount.entry')
=> nil
[6] pry(main)> c.save_config
=> #<LXC::Container:0x00000001f18488>

Here are the lxc.mount.entry lines in my container's new config but this time you see the lxc.mount.entries = line.

# grep mount /var/lib/lxc/testing.lxc/config
lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
lxc.mount.entry = sysfs sys sysfs defaults 0 0
lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none bind,optional 0 0
lxc.mount.entry = /sys/kernel/debug sys/kernel/debug none bind,optional 0 0
lxc.mount.entry = /sys/kernel/security sys/kernel/security none bind,optional 0 0
lxc.mount.entry = /sys/fs/pstore sys/fs/pstore none bind,optional 0 0
lxc.mount.entry = /root/dev root/dev none bind,optional,create=dir 0 0
lxc.mount.entries =

Now try to start the container and you see it throws a config parsing error.

# lxc-start -n testing.lxc
lxc-start: parse.c: lxc_file_for_each_line: 57 Failed to parse config: lxc.mount.entries =

lxc-start: lxc_start.c: main: 273 Failed to create lxc_container

[hallyn]

On Tue, Dec 08, 2015 at 10:31:40AM -0800, Jeremiah Snapp wrote:

Ever since I believe liblxc 1.1.2 and up to at least 1.1.5-0ubuntu3ubuntu15.04.1ppa1 clear_config_item('lxc.mount.entries') doesn't actually remove the lxc.mount.entry lines from the config. Instead it just adds an lxc.mount.entries = line to the config.

Thanks for reporting this. The bug here is a typo in the checking of valid keys to clear: lxc.mount.entries is not a valid key, lxc.mount.entry is.

[hallyn]

Note that you can work around this by using

c.set_config_item('lxc.mount.entry', '')

[habnabit]

Impressive timing! I was going to report this because it means using set_config_item from the python interface on lxc.mount.entry was duplicating all my mount points, since the clear_config_item key had to be lxc.mount.entries. This fixes that issue entirely.

[jeremiahsnapp]

@hallyn thanks for fixing this!