Ubuntu
lxc package

fstab doesn't work for lvm based containers

Bug #960860 reported by Serge Hallyn
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
lxc (Ubuntu)
Fix Released
High
Unassigned

Bug Description

The entries in /var/lib/lxc/<container>/fstab are always created relative to a full path, i.e.

proc /var/lib/lxc/p1/rootfs/proc proc nodev,noexec,nosuid 0 0

A check is made in src/lxc/conf.c:mount_entry_on_absolute_rootfs() that the path starts with the containers rootfs path - but that path is a block device for lvm containers.

The simplest solution is to have our templates create the entries with relative pathnames (relative to the container's '/') in the form:

proc proc proc nodev,noexec,nosuid 0 0

Related branches

lp:ubuntu/precise/lxc
Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

To be clear, this worked ok before because the container would mount proc and sys itself. Now that apparmor forbids that, this breaks lvm backed containers.

Changed in lxc (Ubuntu):
status: New → Confirmed
importance: Undecided → High
Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Note that while using relative pathnames is fine going forward, it doesn't help people with existing containers. Perhaps the next package upgrade should convert existing containers to remove relative paths?

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lxc - 0.7.5-3ubuntu41

---------------
lxc (0.7.5-3ubuntu41) precise; urgency=low

  * add lxc-shutdown command:
    - 0060-lxc-shutdown: add the command to the source
    - debian/lxc.upstart: use lxc-shutdown to shut down containers cleanly
    - debian/lxc.default: add LXC_SHUTDOWN_TIMEOUT (default 120s)
  * support per-container apparmor policies: (LP: #953453)
    - 0061-lxc-start-apparmor: add lxc.aa_profile to config file. If not
      specified, lxc-default profile is used for container. Otherwise, the
      specified profile is used.
      Note that per-container profiles must be named 'lxc-*'.
    - split debian/lxc-default.apparmor from debian/lxc.apparmor.
    - have /etc/apparmor.d/lxc-containers #include /etc/apparmor.d/lxc/*
    - debian/lxc.postinst: load the new lxc-containers profiles
    - debian/lxc.postrm: remove lxc-containers profiles
    - debian/rules: make new etc/apparmor.d/lxc dir and copy lxc-default into it
    - debian/control: add libapparmor-dev to build-depends
    - debian/lxc.upstart: load apparmor per-container policies at pre-start.
  * debian/lxc.apparmor: insert the stricter mount rules for lxc-start
    (LP: #645625) (LP: #942934)
  * debian/local/lxc-start-ephemeral: re-enable aufs option (LP: #960262)
  * replace upstream lxc-wait with our own bash script (LP: #951181)
    - debian/local/lxc-wait: the script
    - debian/rules: copy the script into place
  * 0062-templates-relative-paths: update templates to use relative paths,
    and make lxc-start always accept /var/lib/lxc/CN/rootfs as target prefix,
    to make lvm containers work. (LP: #960860)
 -- Serge Hallyn <email address hidden> Wed, 21 Mar 2012 08:20:06 -0500

Changed in lxc (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.