Re: Detecting the use of a mount in another namespace

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On sön, 2015-01-18 at 11:51 -0600, Eric W. Biederman wrote:
> Alexander Larsson <alexl@xxxxxxxxxx> writes:

> The way I would recommend is to give each of your containers a read-only
> snapshot of /usr, and then delete that snapshot when done.
> Aka:
> 
> cp -ldr /usr /usr-snapshot
> # Some time later when you are done
> rm -rf /usr-snapshot
> 
> There are more elegant ways (btrfs snapshots etc) but the above will
> work on every filesystem that supports hardlinks.
> 
> For what you were wanting to do with mounts in the general case the
> kernel has never had enough information to do what you want to do with
> mounts.  Think remote filesystems like nfs.  Information from remote
> filesystems about who if anyone has a mountpoint somewhere simply does
> not propagate between kernels.

I'm not trying to solve the generic problem though, but a very specific
one. I'm setting up a sandbox with a bind mount for /usr from a
directory I myself control, and I want to know if any sandbox (from any
user) is still running with that /usr mounted.

In the end I set up a /usr/.ref file and had pid 1 in the sandbox take
an advisory read lock on it. I can then try to get a write lock on this
file and if that fails some sandbox may still be using it. It is not
fail safe, as anyone else can grab a lock on this, but doing so is not
really a problem, as I can still force remove it if needed. 

The above allows me to do an automatic "live update" of such a /usr by
setting up the new /usr, then moving the old one to a "removed"
subdirectory and then delay remove until it is no longer in use (or the
user force removes it).

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Alexander Larsson                                            Red Hat, Inc 
       alexl@xxxxxxxxxx            alexander.larsson@xxxxxxxxx 
He's a short-sighted devious filmmaker who hides his scarred face behind 
a mask. She's a radical streetsmart lawyer with only herself to blame. 
They fight crime! 

_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linuxfoundation.org/mailman/listinfo/containers
[Index of Archives]     [Cgroups]     [Netdev]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]

  Powered by Linux