Ubuntu
lxc package

Disk quotas don't work in LXC containers

Bug #1515615 reported by Anton Statutov
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
lxc (Ubuntu)
Triaged
Wishlist
Unassigned

Bug Description

I'm trying to enable disk quotas in LXC container by adding option to its config:
lxc.rootfs.options = usrquota

After booting the container I'm trying to initialize quotas but getting the following error:

<email address hidden>:~# quotacheck -gum /
quotacheck: Cannot stat() mounted device /dev/lxc/test: No such file or directory
quotacheck: Mountpoint (or device) / not found or has no quota enabled.
quotacheck: Cannot find filesystem to check or filesystem not mounted with quota option.

Host OS: Ubuntu 15.04
Guest OS: Ubuntu 14.04.3 LTS

lxc 1.1.2-0ubuntu3.2

Revision history for this message
Serge Hallyn (serge-hallyn) wrote : Re: [Bug 1515615] [NEW] Disk quotas don't work in LXC containers

What is the lxc.rootfs option? Does it point to an xfs backed device?

Revision history for this message
Anton Statutov (astatutov) wrote :

As LXC manpage states the 'lxc.rootfs.optionst' option is "extra mount options to use when mounting the rootfs". In my case this is an LVM device.

Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Ok, I asked because according to mount(2) that option appears to be ignored except for xfs filesystems.

If you look at /proc/self/mountinfo you'll see that usrquota is in fact in the list of mount options, so lxc is respecting that.

At the moment your problem is that the device backing your rootfs, /dev/lxc/test, does not exist in the container. Once you add that (for instance using a lxc.mount.entry to bind it in or using a lxc.hook.autodev), I suspect you'll run into other problems. I can't get quota to be happy here using a loop-backed rootfs, but a real device should get you further.

Changed in lxc (Ubuntu):
status: New → Confirmed
importance: Undecided → Low
Revision history for this message
Anton Statutov (astatutov) wrote :

You are right, I have got other problems after adding the device to the container. I see it is possible to get quota working, but it's too tricky and unpredictrable for production use. I'm wondering why LXC is not using real device by default for LVM (XFS etc.)?

Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

What do you mean by "not using real device"? The real lvm device is mounted into the container. However actually offering the device node into the container would not be a safe default. In particular, it allows the container admin to write nonsense onto the device node, feeding garbage into the in-kernel filesystem driver, and most likely either DOS or gain privilege on the host.

If root in the container is trusted, then it should be possible to work this out, but frankly noone seems to have wanted this yet.

There is probably an easier way to achieve what you want. For instance, setting up quotas on the host for the container users/filesystems.

Changed in lxc (Ubuntu):
importance: Low → Wishlist
status: Confirmed → Triaged
Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Once Seth's work enabling mounting inside containers is complete, we'll most likely want some way of enabling quotas, so leaving this open as a wishlist (feature request/enhancement) item.

Revision history for this message
Stéphane Graber (stgraber) wrote :

@brauner do you know what's the state of quotas in a VFS idmapped shifted world?

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.