Oh ho! I've seen this problem on my system, I just hadn't been able to figure out what was causing it. Yeah, the partition those containers run on strangely ends up mounted ro with no errors in the log file (I was thinking maybe some strange drive errors were causing it). I wasn't doing any overt umounts and certainly no rmmods, though. Maybe something related as I was experimenting and had some containers "crash" on me. Haven't seen it since I stabilized that particular server.
Interesting.
Mike
On Thu, 2010-03-04 at 17:05 +0100, Elias Olivares wrote:
> Hi !
>
> I've tried to reproduce this bug on 0.6.5 lxc release and the same bug
> appears when i run the umount command or rmmod command.
>
> To reproduce the bug :
>
> Host name : debian
> Guest container name : container
>
> You MUST create a dedicated partition to share your containers (an
> other partition than " / ")
>
> debian:# df
>
> /dev/hda1 7850996 2058732 5393452 28% /
> tmpfs 253768 0 253768 0% /lib/init/rw
> udev 10240 108 10132 2% /dev
> tmpfs 253768 0 253768 0% /dev/shm
> /dev/hdb1 4127076 552552 3364880 15% /mnt/vmr1
>
> Then enter into the container (lxc-console -n container) and stop
> cron, syslog, bind 9,ssh processes.
>
> container:~# ps aux
>
> USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
> root 1 0.0 0.1 1984 692 ? Ss 11:10 0:00 init [2]
> root 387 0.0 0.4 5884 2272 console Ss 11:10 0:00 /bin/login --
> root 388 0.0 0.1 1992 572 tty1 Ss+ 11:10 0:00 /sbin/getty 38400 tty1
> root 389 0.0 0.1 1992 568 tty2 Ss+ 11:10 0:00 /sbin/getty 38400 tty2
> root 390 0.0 0.1 1992 568 tty3 Ss+ 11:10 0:00 /sbin/getty 38400 tty3
> root 392 0.0 0.5 4132 2680 console S 11:11 0:00 -bash
> root 584 0.0 0.1 2644 956 console R+ 11:43 0:00 ps aux
>
> Then use the mount command :
>
> container:~# mount -o remount,ro /
>
> Return to the Host and try to create a file in /mnt/vmr1/ . The folder
> is set in "read only".
>
> The second bug :
>
> Install ntfs module in the host : (exemple with ntfs module)
>
> debian:# modprobe ntfs
>
> Enter into the container and delete ntfs module
>
> container:~# rmmod ntfs
>
> Return to the host : the module has been removed
>
>
>
> Does anyone have solved this problem ?
>
> I think it is a major security problem.
>
>
> ----- Mail Original -----
> De: "Daniel Lezcano" <daniel.lezc...@free.fr>
> À: "Elias Olivares" <eoliva...@1g6.biz>
> Cc: lxc-devel@lists.sourceforge.net
> Envoyé: Vendredi 8 Janvier 2010 13:14:36
> Objet: Re: [lxc-devel] bugs with LXC container : mount and rmmod
> command
>
> Elias Olivares wrote:
> >
> >
> > Hi !
> >
> > I've found the way to reproduce the bug.
> >
> > Host name : debian
> > Guest container name : container
> >
> > You MUST create a dedicated partition to share your containers (an
> other partition than " / ")
>
> Thanks, I will check when I have time.
>
>
>
> > Here the container is created in /mnt/vmr1/ :
> >
> > debian:# df
> >
> > /dev/hda1 7850996 2058732 5393452 28% /
> > tmpfs 253768 0 253768 0% /lib/init/rw
> > udev 10240 108 10132 2% /dev
> > tmpfs 253768 0 253768 0% /dev/shm
> > /dev/hdb1 4127076 552552 3364880 15% /mnt/vmr1
> >
> > Then enter into the container (lxc-console -n container) and stop
> cron, syslog, bind 9,ssh processes.
> >
> > container:~# ps aux
> >
> > USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
> > root 1 0.0 0.1 1984 692 ? Ss 11:10 0:00 init [2]
> > root 387 0.0 0.4 5884 2272 console Ss 11:10 0:00 /bin/login --
> > root 388 0.0 0.1 1992 572 tty1 Ss+ 11:10 0:00 /sbin/getty 38400
> tty1
> > root 389 0.0 0.1 1992 568 tty2 Ss+ 11:10 0:00 /sbin/getty 38400
> tty2
> > root 390 0.0 0.1 1992 568 tty3 Ss+ 11:10 0:00 /sbin/getty 38400
> tty3
> > root 392 0.0 0.5 4132 2680 console S 11:11 0:00 -bash
> > root 584 0.0 0.1 2644 956 console R+ 11:43 0:00 ps aux
> >
> > Then use the mount command :
> >
> > container:~# mount -o remount,ro /
> >
> > Return to the Host and try to create a file in /mnt/vmr1/ . The
> folder is set in "read only".
> >
> > I tried with the 0.6.4 version and I have the same problem.
> >
> >
> > Elias Olivares
> >
> >
> > ----- Mail Original -----
> > De: "Elias Olivares" <eoliva...@1g6.biz>
> > À: "Daniel Lezcano" <daniel.lezc...@free.fr>
> > Cc: lxc-devel@lists.sourceforge.net
> > Envoyé: Mercredi 6 Janvier 2010 16:05:58
> > Objet: Re: [lxc-devel] bugs with LXC container : mount and rmmod
> command
> >
> >
> > Ok thanks for this advice. I can't try now but I will try
> tommorow ...
> >
> > Elias
> >
> >
> > ----- Mail Original -----
> > De: "Daniel Lezcano" <daniel.lezc...@free.fr>
> > À: "Elias Olivares" <eoliva...@1g6.biz>
> > Cc: lxc-devel@lists.sourceforge.net
> > Envoyé: Mercredi 6 Janvier 2010 13:03:59
> > Objet: Re: [lxc-devel] bugs with LXC container : mount and rmmod
> command
> >
> > Elias Olivares wrote:
> >> Hi
> >>
> >>
> >> My Lxc configuration file : ( /var/lib/lxc/xxx.1g6.biz /config )
> >>
> >> lxc.utsname = xxx.1g6.biz
> >> lxc.tty = 4
> >> lxc.pts = 1024
> >> lxc.network.type = veth
> >> lxc.network.flags = up
> >> lxc.network.link = br0
> >> lxc.network.name = eth0
> >> lxc.network.mtu = 1500
> >> #lxc.mount =
> >> lxc.rootfs = /mnt/vmr1/xxx.1g6.biz
> >> lxc.cgroup.devices.deny = a
> >> # /dev/null and zero
> >> lxc.cgroup.devices.allow = c 1:3 rwm
> >> lxc.cgroup.devices.allow = c 1:5 rwm
> >> # consoles
> >> lxc.cgroup.devices.allow = c 5:1 rwm
> >> lxc.cgroup.devices.allow = c 5:0 rwm
> >> lxc.cgroup.devices.allow = c 4:0 rwm
> >> lxc.cgroup.devices.allow = c 4:1 rwm
> >> # /dev/{,u}random
> >> lxc.cgroup.devices.allow = c 1:9 rwm
> >> lxc.cgroup.devices.allow = c 1:8 rwm
> >> lxc.cgroup.devices.allow = c 136:* rwm
> >> lxc.cgroup.devices.allow = c 5:2 rwm
> >> # rtc
> >> lxc.cgroup.devices.allow = c 254:0 rwm
> >>
> >> # lxc-version
> >> lxc version: 0.6.3
> >
> > There were some modifications with how the rootfs is mounted.
> >
> > Can you check against the 0.6.4 version ?
> >
> > wget http://lxc.sourceforge.net/download/lxc/lxc-0.6.4.tar.gz
> > tar xvzf lxc-0.6.4.tar.gz
> > cd lxc-0.6.4
> > ./configure --localstate=/var --prefix=/usr --libdir=/usr/lib64 (if
> you
> > are on a x86_64 arch).
> > make && sudo make install
> >
> > Or may be you can try with the latest git repository:
> >
> > git-clone git://lxc.git.sourceforge.net/gitroot/lxc/lxc
> > cd lxc
> > ./autogen.sh
> > ./configure --localstate=/var --prefix=/usr --libdir=/usr/lib64 (if
> you
> > are on a x86_64 arch).
> > make && sudo make install
> >
> >
> ------------------------------------------------------------------------------
>
> > This SF.Net email is sponsored by the Verizon Developer Community
> > Take advantage of Verizon's best-in-class app development support
> > A streamlined, 14 day to market process makes app distribution fast
> and easy
> > Join now and get one step closer to millions of Verizon customers
> > http://p.sf.net/sfu/verizon-dev2dev
> > _______________________________________________
> > Lxc-devel mailing list
> > Lxc-devel@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/lxc-devel
> >
> >
> >
> >
> ------------------------------------------------------------------------
> >
> >
> ------------------------------------------------------------------------------
> > This SF.Net email is sponsored by the Verizon Developer Community
> > Take advantage of Verizon's best-in-class app development support
> > A streamlined, 14 day to market process makes app distribution fast
> and easy
> > Join now and get one step closer to millions of Verizon customers
> > http://p.sf.net/sfu/verizon-dev2dev
> >
> >
> >
> ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Lxc-devel mailing list
> > Lxc-devel@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/lxc-devel
>
>
> ------------------------------------------------------------------------------
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> _______________________________________________ Lxc-devel mailing list
> Lxc-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel
--
Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
