[CFT][PATCH 09/10] sysfs: Create mountpoints with sysfs_create_empty_dir
Eric W. Biederman
ebiederm at xmission.com
Wed Aug 12 00:37:32 UTC 2015
Tejun Heo <tj at kernel.org> writes:
> On Tue, Aug 11, 2015 at 2:57 PM, Eric W. Biederman
> <ebiederm at xmission.com> wrote:
>>> So, this somehow ends up confusing upstart on centos6 based systems
>>> making it fail to mount tmpfs on /sys/fs/cgroup. It also skips sunrpc
>>> and other mounts are different too. No idea why at this point. Can
>>> we please revert this from -stable until we know what's going on?
>> The only time this should prevent anything is when in a container when
>> you are not global root. And then only mounting sysfs should be
> This is just plain boot. No namespace involved.
>> The only difference in executed code really should be setting an extra
>> flag on the kernfs, inode. The kernfs changes will also refuse to add
>> entries to these directories (but these directories are empty).
> Why do we have this in -stable then? Is this part of a larger fix?
It is. This patch is part of the prep work to prevent unprivileged users
not mounting sysfs (using user namespace permissions) when they should
not be allowed to.
>> If this is causing problems I don't have a problem with a revert but
>> reverts take a minute, and this seems to be the first report of this
>> kind. Can we take a minute and attempt to get a coherent explanation.
>> It should be a matter of moments to debug this
>> issue (once a test environment is setup), and see what is wrong and then
>> we can act intelligently. Tracing a single system call is not difficult.
> I'm already out today so it'll have to wait till tomorrow.
>> If there really is some weird issue I want to know what it is.
> Sure, but you wanna do that in -stable?
Before fixing anything I want a bug report that is clear enough
to be reproducible.
I just went and attempted to reproduce this, and on RHEL6 workstation
(aka my work laptop), using the todays 4.2.0-rc6+ aka
edf15b4d4b01b565cb5f4fd2e2d08940b9f92e2f and all of the mounts in
/proc/self/mounts are the same between 4.2.0-rc6 and the RHEL6 stock
2.6.32-504.30.3.el6.x86_64, including the cgroups mounted on /cgroup.
Which means that I don't have any reason to believe that normal CentOS 6
Which -stable kernel are you having problems with? Perhaps it was
a broken backport?
Is it possible this is a local CentOS 6 hack that is breaking?
Perhaps a patch you apply on top of your -stable kernel?
Certainly with cgroups expected to be mounted at /sys/fs/cgroup there
has clearly been at least one change from the stock configuration.
I think it is a little less serious if stock CentOS 6 doesn't have
problems. Unless it is a conflict of kernel patches I definitely think
whatever it is needs to be fixed.
More information about the Containers