Richard Weinberger <richard@xxxxxx> writes: > Am 30.11.2014 um 19:35 schrieb Eric W. Biederman: >> Richard Weinberger <richard@xxxxxx> writes: >> >>> Am 30.11.2014 um 16:37 schrieb Andy Lutomirski: >>>> On Sun, Nov 30, 2014 at 7:16 AM, Richard Weinberger <richard@xxxxxx> wrote: >>>>> Am 30.11.2014 um 16:00 schrieb Andy Lutomirski: >>>>>> On Sun, Nov 30, 2014 at 6:58 AM, Richard Weinberger <richard@xxxxxx> wrote: >>>>>>> Eric, >>>>>>> >>>>>>> Am 30.11.2014 um 00:05 schrieb Eric W. Biederman: >>>>>>>> >>>>>>>> Now that remount is properly enforcing the rule that you can't remove >>>>>>>> nodev at least sandstorm.io is breaking when performing a remount. >>>>>>>> >>>>>>>> It turns out that there is an easy intuitive solution implicitly >>>>>>>> add nodev on remount when nodev was implicitly added on mount. >>>>>>> >>>>>>> Is this patch supposed to unbreak libvirt-lxc? >>>>>>> At least 1.2.9 is still broken. >>>>>>> >>>>>> >>>>>> Either this patch or my variant of it fixes the libvirt-lxc breakage >>>>>> that I understand, but IIRC there was some other issue that none of us >>>>>> figured out at K-S. >>>>> >>>>> Currently it fails here: >>>>> 2014-11-25 22:36:45.295+0000: 1: debug : virFileMakePathHelper:2436 : path=/proc mode=0777 >>>>> 2014-11-25 22:36:45.295+0000: 1: debug : lxcContainerMountBasicFS:918 : Mount proc on /proc type=proc flags=e >>>>> 2014-11-25 22:36:45.296+0000: 1: debug : lxcContainerMountBasicFS:873 : Processing /proc/sys -> /proc/sys >>>>> 2014-11-25 22:36:45.296+0000: 1: debug : virFileMakePathHelper:2436 : path=/proc/sys mode=0777 >>>>> 2014-11-25 22:36:45.296+0000: 1: debug : lxcContainerMountBasicFS:918 : Mount /proc/sys on /proc/sys type=(null) flags=1000 >>>>> 2014-11-25 22:36:45.296+0000: 1: error : lxcContainerMountBasicFS:933 : Failed to re-mount /proc/sys on /proc/sys flags=1021: Operation not permitted >>>> >>>> Any chance you can test that with Eric's patch or mine [1] applied? >>>> If that doesn't work, can you try to catch the failure with strace? >>> >>> With your patch applied on top of Linus's tree as of today libvirt-lxc works fine again. :) >> >> *Scratches head* >> >> Did you really have my latest patch applied? >> >> Andy's patch implies a change of policy that I really don't want to >> deploy as a bug fix. > > Hmm, let me double check this tomorrow with a fresh brain. > Maybe I got hit by another issue while testing your patch. > Currently I'm fighting against three libvirt-lxc issues in parallel. :-\ Please do. I just reran through my regression tests that explore this issue rather throughly and all of my remount test cases are passing. So if things are truly failing I want to understand what is going on, and add to my regression tests. I should have done that sooner of course but I am still paging back in after being distracted with the other things in life. Eric _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
