[Devel] [PATCH libvzctl] nsops: mount -- Remount container root as a shared at the very end

Cyrill Gorcunov gorcunov at virtuozzo.com
Wed Sep 9 07:59:56 PDT 2015 

systemd based containers (in particular fresh fedora and
centos) run some services such as httpd in own mount namespace.

Such services remount container's root as a slave so their
master-id is inherited from the toplevel shared group which
is external root mount:

 | [root at pcs7 libvzctl.git]# ps afx
 |   PID TTY      STAT   TIME COMMAND
 |     1 ?        Ss     0:52 /usr/lib/systemd/systemd --switched-root --system --deserialize 22
 |  ...
 |
 |  15076 ?        Rs     0:01 init -z
 |  16373 ?        Ss     0:00  \_ /usr/sbin/httpd -DFOREGROUND
 |  ...
 |
 | [root at pcs7 libvzctl.git]# cat /proc/1/mountinfo
 | 53 52 182:611057 / /vz/root/300 rw,relatime shared:31 - ext4 /dev/ploop38191p1 rw...
 | ...
 | [root at pcs7 libvzctl.git]# cat /proc/15076/mountinfo
 | 99 54 182:611057 / / rw,relatime master:31 - ext4 /dev/ploop38191p1 rw...
 | ...
 | [root at pcs7 libvzctl.git]# cat /proc/16373/mountinfo
 | 66 65 182:611057 / / rw,relatime master:31 - ext4 /dev/ploop38191p1 rw...

Here 16373 is apache instance which carries own mount namespace which has
master-id propagated from the /vz/root/300 mountpoint of the node. But
such construction is prohibited: in CRIU we don't allow to dump the mount
schemes which we can't restore (and because master-id points outside of the
container's root we don't know how to deal with such constructions because
the information about global root is not carried in images but passed via
command line option).

So what we need is to make the root slave and shared so all new nested
slave mounts get the root as a shared group leader.

https://jira.sw.ru/browse/PSBM-34698

Signed-off-by: Cyrill Gorcunov <gorcunov at virtuozzo.com>
CC: Andrew Vagin <avagin at openvz.org>
CC: Igor Sukhih <igor at parallels.com>
---
 lib/env_nsops.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/env_nsops.c b/lib/env_nsops.c
index af2f260..d1d7bf1 100644
--- a/lib/env_nsops.c
+++ b/lib/env_nsops.c
@@ -179,6 +179,9 @@ static int setup_rootfs(struct vzctl_env_handle *h)
 	if (rmdir(oldroot))
 		logger(-1, errno, "Can't rmdir %s", oldroot);
 
+	if (mount(NULL, "/", NULL, MS_SHARED, NULL) < 0)
+		return vzctl_err(-1, errno, "Can't remount root as a shared %s", root);
+
 	return 0;
 }
 
-- 
2.4.3

More information about the Devel mailing list