Am 30.11.2014 um 19:35 schrieb Eric W. Biederman: > Richard Weinberger <richard@xxxxxx> writes: > >> Am 30.11.2014 um 16:37 schrieb Andy Lutomirski: >>> On Sun, Nov 30, 2014 at 7:16 AM, Richard Weinberger <richard@xxxxxx> wrote: >>>> Am 30.11.2014 um 16:00 schrieb Andy Lutomirski: >>>>> On Sun, Nov 30, 2014 at 6:58 AM, Richard Weinberger <richard@xxxxxx> wrote: >>>>>> Eric, >>>>>> >>>>>> Am 30.11.2014 um 00:05 schrieb Eric W. Biederman: >>>>>>> >>>>>>> Now that remount is properly enforcing the rule that you can't remove >>>>>>> nodev at least sandstorm.io is breaking when performing a remount. >>>>>>> >>>>>>> It turns out that there is an easy intuitive solution implicitly >>>>>>> add nodev on remount when nodev was implicitly added on mount. >>>>>> >>>>>> Is this patch supposed to unbreak libvirt-lxc? >>>>>> At least 1.2.9 is still broken. >>>>>> >>>>> >>>>> Either this patch or my variant of it fixes the libvirt-lxc breakage >>>>> that I understand, but IIRC there was some other issue that none of us >>>>> figured out at K-S. >>>> >>>> Currently it fails here: >>>> 2014-11-25 22:36:45.295+0000: 1: debug : virFileMakePathHelper:2436 : path=/proc mode=0777 >>>> 2014-11-25 22:36:45.295+0000: 1: debug : lxcContainerMountBasicFS:918 : Mount proc on /proc type=proc flags=e >>>> 2014-11-25 22:36:45.296+0000: 1: debug : lxcContainerMountBasicFS:873 : Processing /proc/sys -> /proc/sys >>>> 2014-11-25 22:36:45.296+0000: 1: debug : virFileMakePathHelper:2436 : path=/proc/sys mode=0777 >>>> 2014-11-25 22:36:45.296+0000: 1: debug : lxcContainerMountBasicFS:918 : Mount /proc/sys on /proc/sys type=(null) flags=1000 >>>> 2014-11-25 22:36:45.296+0000: 1: error : lxcContainerMountBasicFS:933 : Failed to re-mount /proc/sys on /proc/sys flags=1021: Operation not permitted >>> >>> Any chance you can test that with Eric's patch or mine [1] applied? >>> If that doesn't work, can you try to catch the failure with strace? >> >> With your patch applied on top of Linus's tree as of today libvirt-lxc works fine again. :) > > *Scratches head* > > Did you really have my latest patch applied? > > Andy's patch implies a change of policy that I really don't want to > deploy as a bug fix. Hmm, let me double check this tomorrow with a fresh brain. Maybe I got hit by another issue while testing your patch. Currently I'm fighting against three libvirt-lxc issues in parallel. :-\ Thanks, //richard _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
