Quoting Thomas Moschny (thomas.mosc...@gmail.com): > Hi, > > in https://bugzilla.redhat.com/show_bug.cgi?id=1003136 , a Fedora LXC > user reports a problem with lxc-destroy removing parts of his host > file system. > > He's using 0.8.0, and the obvious advice for him is to try with 0.9.0 > (which I am currently building packages of), but that said, the > problem is deeper imho. > > The lxc-destroy script contains this line at its end: > > rm -rf --one-file-system --preserve-root $lxc_path/$lxc_name > > Now, if - for one reason or the other (we cannot guarantee the lxc is > bug free, or that the configuration is correct, etc.) - the bind
We're not relying on lxc being bug-free, but rather all mounts for a container are done in a new mounts namespace. So there can be no bind mounts left-over from a container run. That's not to say there can't be mistakes due to templates or user error, both of which are worth taking care to watch out for. > mounts pointing to the host's file system are still present at that > point in the script, the rm command will do something very harmful to > the host. We should protect the user here. The --one-file-system > option does not help in the case of bind mounts. This has been > discussed in coreutils bug #9472 (see > http://lists.gnu.org/archive/html/bug-coreutils/2011-09/msg00040.html, > as I once experienced the same problem :( ), which is still open > afaik. > > Wouldn't it be possible to have some code around that final rm command > in lxc-destroy to avoid this scenario? Something like temporarily > bind-mounting $lxc_path somewhere and then rm'ing $lxc_name in that > bind mount? > > What do you think? Nice idea, that sounds like it might work. Would you be able to send a patch for testing? -serge ------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk _______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
