<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hi Simon,<br>
<br>
First, please use users@ mailing list for further communication. The
rationale behind this<br>
is pretty simple, let me explain.<br>
<br>
In most of the software projects, a number of users is way higher
than the number of<br>
developers. Similarly, a number of people who can ask questions is
way higher than<br>
the number of people who can answer (developers plus seasoned
users). Therefore,<br>
using 1:1 interaction between people in these two groups is not
scalable; in other words,<br>
the "answer" people could not cover all the questions.<br>
<br>
Tools such as mailing lists (and any other way of public
communication, like wikis,<br>
IRC (with logs), forums, social networks, question/answer sites like
stackoverflow<br>
and so on, together with search tools like Google) helps to mitigate
this problem.<br>
<br>
That is why I am again ccing users AT openvz.org list and again ask
you to post<br>
your questions to the list, so other people can benefit from my
answers, not just you.<br>
It's also a win for you, as other people can contribute answers, not
just me, or<br>
review and correct my answers.<br>
<br>
Anyway, please subscribe to and use users@ mailing list<br>
(<a class="moz-txt-link-freetext" href="https://lists.openvz.org/mailman/listinfo/users">https://lists.openvz.org/mailman/listinfo/users</a>), and see my
answers below.<br>
<br>
<div class="moz-cite-prefix">On 03/29/2016 11:22 PM, Simon Choucroun
wrote:<br>
</div>
<blockquote cite="mid:56FB708A.4000505@whc.ca" type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
Hi Kir,<br>
<br>
Thanks for the suggestions! I was able to mount with nosuid,noexec
with your instructions. <br>
<br>
I am contacting you again today because i think i may have found a
small bug with ploop. <br>
<br>
My script basically generates a ploop device with the ploop init
command. It then keeps the ploop device id and i use that to
remount at reboot. However i have noticed that my mounts are not
working at reboot due to the fact that everytime i use ploop mount
, the ploop device id is randomly generated. <br>
</blockquote>
<br>
The assumption that the device name is persistent is incorrect. You
should always obtain<br>
a device name from the output of 'ploop mount' (or use other means
to discover it).<br>
<br>
<blockquote cite="mid:56FB708A.4000505@whc.ca" type="cite"> <br>
I tried setting the name manually with ploop mount -d
/dev/ploopstaging3 but it fails.<br>
</blockquote>
<br>
I believe this is no longer supported (and might need to be
removed).<br>
<br>
<blockquote cite="mid:56FB708A.4000505@whc.ca" type="cite"> <br>
Another issue i discovered: <br>
<br>
When creating a new ploop device with the ploop init command, it
finishes by unmounting /dev/ploopID <br>
However, it does not seem to actually unmount it. Also, if i then
do a ploop mount command,<br>
it keeps the same ploop id and does not generate a new random ID<br>
</blockquote>
<br>
This makes sense to me.<br>
<br>
<blockquote cite="mid:56FB708A.4000505@whc.ca" type="cite"> <br>
Please see commands below:<br>
<br>
<b>ploop init -s 500g -t ext4 /mounts/staging3/staging3.hdd</b><br>
<br>
<b>Results</b>:<br>
<br>
Creating delta /mounts/staging3/staging3.hdd bs=2048
size=1048576000 sectors v2<br>
Adding snapshot {5fbaabe3-6958-40ff-92a7-860e329aab41}<br>
Storing /mounts/staging3/DiskDescriptor.xml<br>
Opening delta /mounts/staging3/staging3.hdd<br>
Adding delta dev=/dev/ploop48321 img=/mounts/staging3/staging3.hdd
(rw)<br>
Running: parted -s /dev/ploop48321 mklabel gpt mkpart primary
1048576b 536869863423b <br>
Running: mkfs -t ext4 -j -b4096
-Eresize=4294967295,lazy_itable_init=1,lazy_journal_init=1
-Jsize=128 -i16384 /dev/ploop48321p1 <br>
Running: mkfs -t ext4 -j -b4096
-Eresize=4294967295,lazy_itable_init=1 -Jsize=128 -i16384
/dev/ploop48321p1 <br>
mke2fs 1.41.12 (17-May-2010)<br>
Discarding device blocks: done <br>
Filesystem label=<br>
OS type: Linux<br>
Block size=4096 (log=2)<br>
Fragment size=4096 (log=2)<br>
Stride=1 blocks, Stripe width=0 blocks<br>
32768000 inodes, 131071488 blocks<br>
6553574 blocks (5.00%) reserved for the super user<br>
First data block=0<br>
Maximum filesystem blocks=4294967296<br>
4000 block groups<br>
32768 blocks per group, 32768 fragments per group<br>
8192 inodes per group<br>
Superblock backups stored on blocks: <br>
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632,
2654208, <br>
4096000, 7962624, 11239424, 20480000, 23887872, 71663616,
78675968, <br>
102400000<br>
<br>
Writing inode tables: done <br>
Creating journal (32768 blocks): done<br>
Writing superblocks and filesystem accounting information: done<br>
<br>
This filesystem will be automatically checked every 35 mounts or<br>
180 days, whichever comes first. Use tune2fs -c or -i to
override.<br>
Running: /sbin/tune2fs -ouser_xattr,acl -c0 -i0 -eremount-ro
/dev/ploop48321p1 <br>
tune2fs 1.41.12 (17-May-2010)<br>
Setting maximal mount count to -1<br>
Setting error behavior to 2<br>
Setting interval between checks to 0 seconds<br>
Creating balloon file
.balloon-c3a5ae3d-ce7f-43c4-a1ea-c61e2b4504e8<br>
Mounting /dev/ploop48321p1 at /mounts/staging3/staging3.hdd.mnt
fstype=ext4 data='' <br>
Unmounting device /dev/ploop48321<br>
<br>
<b>ls /dev/ploop*</b><br>
/dev/ploop48321 /dev/ploop48321p1<br>
<br>
<b>ploop umount -d /dev/ploop48321</b><br>
Unmounting device /dev/ploop48321<br>
<br>
<b>ls /dev/ploop*</b><br>
/dev/ploop48321<br>
</blockquote>
<br>
I don't see any issue with this either. The device is in stopped
state, and might be reused.<br>
<br>
# cat /sys/block/ploop35205/pstate/running<br>
0<br>
# ls /sys/block/ploop35205/pdelta/<br>
(nothing)<br>
#<br>
<br>
<blockquote cite="mid:56FB708A.4000505@whc.ca" type="cite"> <br>
<br>
<div class="moz-cite-prefix">On 2016-03-22 12:52 AM, Kir Kolyshkin
wrote:<br>
</div>
<blockquote cite="mid:56F0CFA4.2030805@openvz.org" type="cite">On
03/21/2016 06:58 PM, Simon Choucroun wrote: <br>
<blockquote type="cite">Hi Kir, <br>
<br>
Sorry to e-mail you , I know that you must be really busy with
VZ and CRIU these days but i am looking for a solution and
have looked everywhere without any concrete answer, maybe you
can help. <br>
<br>
I am trying to create a internal product that is using ploop
as the device image( much better than loop!) <br>
<br>
The issue i am having is that i am trying to mount the ploop
image with noexec,nosuid for enhanced security. When i pass it
to the -o parameter, it is erroring out. <br>
<br>
ploop mount -o nosuid,noexec -m /backup/staging
/mounts/staging/DiskDescriptor.xml <br>
<br>
I also checked the documentation for ploop but unfortunately,
there is no option explanation or example for the -o flag. <br>
</blockquote>
<br>
Hi Simon, <br>
<br>
The value of the -o option is passed directly to the mount()
syscall, as the "data" <br>
argument, and it might contain some fs-specific options. Here's
an excerpt from <br>
mount(2) man page: <br>
<br>
The data argument is interpreted by the different file
systems. Typi- <br>
cally it is a string of comma-separated options
understood by this file <br>
system. See mount(8) for details of the options
available for each <br>
filesystem type. <br>
<br>
Now, options MS_NOEXEC and MS_NOSUID are not fs-specific but
generic. <br>
Unfortunately, currently there's no way to pass those to ploop
command <br>
(although it's relatively easy to add). <br>
<br>
A workaround would be to mount ploop as device only, and then
use usual "mount" <br>
command to actually mount the fs. Example: <br>
<br>
[root@tpad-ovz1 root.hdd]# ploop mount DiskDescriptor.xml <br>
Opening delta /vz/private/202/root.hdd/root.hdd <br>
Adding delta dev=/dev/ploop32746
img=/vz/private/202/root.hdd/root.hdd (rw) <br>
<br>
[root@tpad-ovz1 root.hdd]# mount -o noexec,nosuid
/dev/ploop32746p1 mnt <br>
<br>
As you can see, you need to figure out the ploop device (and add
p1 to it for a partition). <br>
You can figure it out by e.g. parsing the output of "ploop
mount" or "ploop list". <br>
<br>
Let me know if you have any more questions, and I am Ccing
users@ list as there <br>
might be some people who are also interested in that. <br>
<br>
Kir. <br>
</blockquote>
<br>
</blockquote>
<br>
</body>
</html>