From: Alin Dobre <alin.dobre-1hSFou9RDDldEee+Cai+ZQ@public.gmane.org>
To: linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
v9fs-developer-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org,
"Eric W. Biederman"
<ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>,
Eric Van Hensbergen
<ericvh-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Subject: Containers over 9p in 3.14
Date: Tue, 20 May 2014 18:03:54 +0100 [thread overview]
Message-ID: <537B8AFA.4080303@elastichosts.com> (raw)
Hello,
We are using 9p to run containers on top of remote filesystems, and it
works correctly using the 3.13.11 kernel. However, there were a bunch of
updates in the fs/9p area in 3.14 which seem to have broken the
namespaces support for containers.
A simple description of how we run the container over 9p is:
- on the remote source host we run diod as 9p server
- on the local host we mount the filesystem in /some/path
- also locally, we run
contain /some/path /bin/bash
In 3.14 (3.14.4 to be exact), the contain command can no longer mount
the dev filesystem via mount("tmpfs", "dev", "tmpfs", 0, "mode=0755")
after unsharing IPC, NS, USER, UTS and NET, but before unsharing PID.
The above call returns an EPERM. You can look at the very simple code in
contain.c and mount.c at [1].
This call used to work fine in 3.13. I haven't tried to bisect and find
out the exact patch that introduces the problem, but it's one of "git
log --oneline b26d4cd.. fs/9p".
I can provide you with any additional information that might be needed.
Thank you for any feedback.
Cheers,
Ailn.
[1] https://github.com/arachsys/containers
next reply other threads:[~2014-05-20 17:03 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-20 17:03 Alin Dobre [this message]
[not found] ` <537B8AFA.4080303-1hSFou9RDDldEee+Cai+ZQ@public.gmane.org>
2014-05-21 6:52 ` [V9fs-developer] Containers over 9p in 3.14 Dominique Martinet
2014-05-21 21:15 ` Eric W. Biederman
2014-05-21 6:52 ` [V9fs-developer] " Dominique Martinet
2014-05-21 8:02 ` [PATCH] 9P: fix return value in v9fs_fid_xattr_set Dominique Martinet
2014-05-21 13:14 ` Alin Dobre
2014-05-21 8:07 ` [V9fs-developer] Containers over 9p in 3.14 Alin Dobre
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=537B8AFA.4080303@elastichosts.com \
--to=alin.dobre-1hsfou9rddldeee+cai+zq@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=ericvh-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=v9fs-developer-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.