On 09/23/2013 11:19:17 AM, Serge Hallyn wrote:
> Quoting Rob Landley (r...@landley.net):
> > On 09/12/2013 01:27:07 PM, Christian Seiler wrote:
> > > Hi there,
> > >
> > > just a quick question: currently, rootfs is pinned with a .hold
> file
> > > in
> > > the parent directory (which btw. does not help against file
> systems
> > > that
> > > are already mounted on the host but directly in the rootfs
> directory).
> > > The problem with the .hold file is that it doesn't make the
> directory
> > > necessarily pretty; I tend to mount all rootfs to
> /srv/lxc/$container
> > > (config remaining in /var/lib/lxc), and then when doing a ls
> > > /srv/lxc, I
> > > see tons of .hold files. (I'm not even sure that they are removed
> > > after
> > > container termination - but even if they are, the default state
> of a
> > > typical system tends to be that at least some containers are
> > > running...)
> > >
> > > Couldn't we just open $rootfs/lxc.hold for writing, keep the fd
> (as
> > > current pinfd) and then unlink (!) the file directly? According to
> > > POSIX
> > > semantics, the file is then still open and the pinning should work
> > > (now
> > > also for the above case), but there are no files lying around
> anymore.
> > > (Note: I didn't test that, it could well be that that doesn't
> work.)
> > >
> > > Thoughts?
> >
> > Why doesn't keeping a file open to the directory itself work? (I'm
> > assuming it doesn't, I'm wondering why.)
>
> Tried it under tmpfs, and open("/mnt", O_RDWR) with tmpfs mounted
> at /mnt does not work, gives EISDIR. O_RDONLY does work, but that
> doesn't prevent mount -o remount,ro.
The filesystem hitting an error (including one from the block device)
can make most filesystems remount themselves read only, forcibly even
with active writers. The permissions to do so from userspace should be
roughly analogous to calling shutdown or "kill -1"? (I'm wondering what
lxc's interest is in preventing the container-local root from doing
something container-local dangerous?)
> Drat, that would've been nice.
Judging by the rest of the thread, the reason for half the weird
complexity people do with filesystems is apparently "NFS is horrible".
(I need to go bang on 9p some more and try to help replace that.)
> -serge
Rob
------------------------------------------------------------------------------
LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99!
1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint
2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes
Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13.
http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
