3.0 - lxc.mount.entry not working for unprivileged container


#1

Linux 4.15.0-22-generic #24-Ubuntu SMP Wed May 16 12:15:17 UTC 2018 x86_64 GNU/Linux
lxc 3.0
container os various


Following this tutotial https://gist.github.com/julianlam/07abef272136ea14a627 there is no mount in any container showing (df / mount) with this unprivileged container config

lxc.mount.auto = proc:mixed sys:mixed
lxc.rootfs.path = dir:/srv/lxc/dns/rootfs
lxc.mount.entry = /test /test none bind 0 0

(Stéphane Graber) #2

That should be lxc.mount.entry = /test test none bind 0 0 so that the target is relative to the container’s /


#3

May I humbly suggest this (syntax) to be better stipulated/documented in the man page?


(Stéphane Graber) #5
relative source path is taken to be relative to the mounted container root. For instance,

    dev/null proc/kcore none bind,relative 0 0

Will expand dev/null to ${LXC_ROOTFS_MOUNT}/dev/null, and mount it to proc/kcore inside the container.

^ that’s the current manpage which explains the behavior and has an example.


#6

I am sure it does fine for the technical advanced but perhaps less so for the remainder of noobs (like meselfs).

More practical (imho) would be an example of (perhaps with markup)

do- lxc.mount.entry = /foo foo none bind 0 0
do not - lxc.mount.entry = /foo /foo none bind 0 0

and adding the particular case for /net/dev/tun

lxc.mount.entry = /dev/net/tun dev/net/tun none bind,create=file 0 0