On Fri, Jun 22, 2012 at 09:56:39AM -0400, Daniel J Walsh wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > We do not want to share /run between containers and the host. This patch > mounts a tmpfs on /run and then bind mounts /run on /var/run. > > Reason this is pach 0003 is that this is a part of a previous patch set that > was never applied. > > Sorry to those who are receiving this patch for the second time, as I sent it > first to the wrong list. > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.12 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk/keZcACgkQrlYvE4MpobNnagCgyHc9igEYxPT/Bblf1XVPkwMX > EM0Anj9xzzf9k88He1gkoXKBEAija52U > =4Uny > -----END PGP SIGNATURE----- > >From c04fc4f506644d6621654f16198f5cefaa3ef7a1 Mon Sep 17 00:00:00 2001 > From: Dan Walsh <dwalsh@xxxxxxxxxx> > Date: Tue, 12 Jun 2012 12:08:16 -0400 > Subject: [PATCH 03/10] Must mount /run before the lxc container starts > > --- > configure.ac | 2 +- > src/lxc/lxc_container.c | 17 +++++++++++++++++ > src/security/security_selinux.c | 1 + > 3 files changed, 19 insertions(+), 1 deletion(-) > > diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c > index a1714c0..7a598e2 100644 > --- a/src/lxc/lxc_container.c > +++ b/src/lxc/lxc_container.c > @@ -508,6 +508,23 @@ static int lxcContainerMountBasicFS(virDomainDefPtr def, > "devfs", "/dev", "tmpfs"); > goto cleanup; > } > + > + VIR_DEBUG("Mount tmpfs on /run type=tmpfs flags=%x, opts=%s", > + MS_NOSUID, opts); > + if (mount("tmpfs", "/run", "tmpfs", MS_NOSUID | MS_NODEV , opts) < 0) { > + virReportSystemError(errno, > + _("Failed to mount %s on %s type %s"), > + "tmpfs", "/run", "tmpfs"); > + goto cleanup; > + } > + > + VIR_DEBUG("Mount /run on /var/run type=bind"); > + if (mount("/run", "/var/run", "run", MS_BIND , NULL) < 0) { > + virReportSystemError(errno, > + _("Failed to mount %s on %s"), > + "/run", "/var/run"); > + goto cleanup; > + } Unfortunately, I realized now that we can't include such a patch. While we clearly need a custom /run if we're to invoke systemd inside the container, this is not the only use case for LXC. For other use cases, it will be desirable to have the host's /run still visible. I have pushed two paches to add support in libvirt XML for tmpfs and bind mounts, and have code to replicate this behaviour using the virt-sandbox-service code instead. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list