On Fri, Sep 13, 2013 at 05:11:37PM +0100, Christian Seiler wrote: > Hi there, > > > Concur on the revert. > > > > What is really gained by deleting that file? I agree with the basic > > idea of moving and renaming that file to hold the mount open but, are > > we > > really that worried that someone will inadvertently delete that file? > > It shouldn't be a security issue and I don't think I see someone > > deleting it to be stupid (but then you're still holding it open and > > the > > general case applies). I'm just not sure what was being accomplished > > by > > the whole delete while held action here. > > I see a consensus forming: > > - change name to something starting with a dort _inside_ the rootfs > (e.g. .lxc-running) > - don't delete it immediately > - remove it at stop > > Agreed?
Whatever we end up with, please make sure we don't fail if the file can't be created (read-only rootfs). I'm not completely sure what a .lxc-running file would gain us since we already have a unique abstract socket path which is much more reliable to check if a given container is already running. It's also not impossible that someone may actually want to run the same container multiple times, so using the pin to prevent double-start seems odd and would completely prevent shared rootfs. I personally think that we shouldn't use the pin as an indication of the container running at all, but only for its original purpose which is to have a writable file open on the filesystem in order to prevent a read-only remount of that fs. > > The only thing I'm not really sure about: > > - fail if it already exists > => let's say one has an LXC running somewhere, the power goes > out, > no UPS, the host reboots after some time, tries to > auto-start the > LXC on boot but LXC won't start because .lxc-running > exists... > - perhaps we could write the pid of the lxc-start process in there, so > that > it may check whether the container is really running? > > -- Christian -- Stéphane Graber Ubuntu developer http://www.ubuntu.com
signature.asc
Description: Digital signature
------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and globalize service processes across IT 3. Implement zero-touch automation to replace manual, redundant tasks http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
_______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
