On 11/01/2011 07:00 AM, Daniel P. Berrange wrote:
From: "Daniel P. Berrange"<berrange@xxxxxxxxxx> The kernel automounter is mostly broken wrt to containers. Most notably if you start a new filesystem namespace and then attempt to unmount any autofs filesystem, it will typically fail with a wierd error message like
s/wierd/weird/
Failed to unmount '/.oldroot/sys/kernel/security':Too many levels of symbolic links Atttempting to detach the autofs mount mount using umount2(MNT_DETACH)
s/Atttempting/Attempting/ s/mount mount/mount/
will also fail with the same error. Therefore if we get any error on unmount()ing a filesystem from the old root FS when starting a container, we must immediately break out and detach the entire old root filesystem (ignoring any mounts below it). This has the effect of making the old root filesystem inaccessible to anything inside the container, but at the cost that the mounts live on in the kernel until the container exits. Given that SystemD uses autofs by default, we need LXC to be robust this scenario and thus this tradeoff is worthwhile.
Agree to that analysis. ACK. -- Eric Blake eblake@xxxxxxxxxx +1-801-349-2682 Libvirt virtualization library http://libvirt.org -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list