Hello,
We are using 9p to run containers on top of remote filesystems, and it
works correctly using the 3.13.11 kernel. However, there were a bunch of
updates in the fs/9p area in 3.14 which seem to have broken the
namespaces support for containers.
A simple description of how we run the container over 9p is:
- on the remote source host we run diod as 9p server
- on the local host we mount the filesystem in /some/path
- also locally, we run
contain /some/path /bin/bash
In 3.14 (3.14.4 to be exact), the contain command can no longer mount
the dev filesystem via mount("tmpfs", "dev", "tmpfs", 0, "mode=0755")
after unsharing IPC, NS, USER, UTS and NET, but before unsharing PID.
The above call returns an EPERM. You can look at the very simple code in
contain.c and mount.c at [1].
This call used to work fine in 3.13. I haven't tried to bisect and find
out the exact patch that introduces the problem, but it's one of "git
log --oneline b26d4cd.. fs/9p".
I can provide you with any additional information that might be needed.
Thank you for any feedback.
Cheers,
Ailn.
[1] https://github.com/arachsys/containers
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
