[CFT][PATCH] mnt: Implicitly add MNT_NODEV on remount when it was implicitly added by mount

Richard Weinberger richard at nod.at
Sun Nov 30 18:42:57 UTC 2014


Am 30.11.2014 um 19:35 schrieb Eric W. Biederman:
> Richard Weinberger <richard at nod.at> writes:
> 
>> Am 30.11.2014 um 16:37 schrieb Andy Lutomirski:
>>> On Sun, Nov 30, 2014 at 7:16 AM, Richard Weinberger <richard at nod.at> wrote:
>>>> Am 30.11.2014 um 16:00 schrieb Andy Lutomirski:
>>>>> On Sun, Nov 30, 2014 at 6:58 AM, Richard Weinberger <richard at nod.at> wrote:
>>>>>> Eric,
>>>>>>
>>>>>> Am 30.11.2014 um 00:05 schrieb Eric W. Biederman:
>>>>>>>
>>>>>>> Now that remount is properly enforcing the rule that you can't remove
>>>>>>> nodev at least sandstorm.io is breaking when performing a remount.
>>>>>>>
>>>>>>> It turns out that there is an easy intuitive solution implicitly
>>>>>>> add nodev on remount when nodev was implicitly added on mount.
>>>>>>
>>>>>> Is this patch supposed to unbreak libvirt-lxc?
>>>>>> At least 1.2.9 is still broken.
>>>>>>
>>>>>
>>>>> Either this patch or my variant of it fixes the libvirt-lxc breakage
>>>>> that I understand, but IIRC there was some other issue that none of us
>>>>> figured out at K-S.
>>>>
>>>> Currently it fails here:
>>>> 2014-11-25 22:36:45.295+0000: 1: debug : virFileMakePathHelper:2436 : path=/proc mode=0777
>>>> 2014-11-25 22:36:45.295+0000: 1: debug : lxcContainerMountBasicFS:918 : Mount proc on /proc type=proc flags=e
>>>> 2014-11-25 22:36:45.296+0000: 1: debug : lxcContainerMountBasicFS:873 : Processing /proc/sys -> /proc/sys
>>>> 2014-11-25 22:36:45.296+0000: 1: debug : virFileMakePathHelper:2436 : path=/proc/sys mode=0777
>>>> 2014-11-25 22:36:45.296+0000: 1: debug : lxcContainerMountBasicFS:918 : Mount /proc/sys on /proc/sys type=(null) flags=1000
>>>> 2014-11-25 22:36:45.296+0000: 1: error : lxcContainerMountBasicFS:933 : Failed to re-mount /proc/sys on /proc/sys flags=1021: Operation not permitted
>>>
>>> Any chance you can test that with Eric's patch or mine [1] applied?
>>> If that doesn't work, can you try to catch the failure with strace?
>>
>> With your patch applied on top of Linus's tree as of today libvirt-lxc works fine again. :)
> 
> *Scratches head*
> 
> Did you really have my latest patch applied?
> 
> Andy's patch implies a change of policy that I really don't want to
> deploy as a bug fix.

Hmm, let me double check this tomorrow with a fresh brain.
Maybe I got hit by another issue while testing your patch.
Currently I'm fighting against three libvirt-lxc issues in parallel. :-\

Thanks,
//richard


More information about the Containers mailing list