How to use `noatime` for the containers

C0rn3j · July 30, 2024, 3:51pm

I wish to have noatime set for all my mounts

On container it looks like it’s relatime though.

[0] # mount | grep ' / '
/dev/vda2 on / type btrfs (rw,relatime,idmapped,compress-force=zstd:3,discard=async,space_cache=v2,user_subvol_rm_allowed,subvolid=262,subvol=/var/lib/incus/storage-pools/default/containers/bree)

My host has noatime set for its own volumes, including the btrfs volume.

[0] # \df | grep -v -e tmpfs -e efivarfs
Filesystem     1K-blocks    Used Available Use% Mounted on
dev               997608       0    997608   0% /dev
run              1005372     604   1004768   1% /run
/dev/vda2       48302080 8774060  36301460  20% /
/dev/vda1         523244   22596    500648   5% /boot
/dev/vda2       48302080 8774060  36301460  20% /var/lib/incus/storage-pools/default

[0] #  mount | grep noatime
/dev/vda2 on / type btrfs (rw,noatime,compress-force=zstd:3,discard=async,space_cache=v2,user_subvol_rm_allowed,subvolid=5,subvol=/)
/dev/vda1 on /boot type vfat (rw,noatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro)
/dev/vda2 on /var/lib/incus/storage-pools/default type btrfs (rw,noatime,compress-force=zstd:3,discard=async,space_cache=v2,user_subvol_rm_allowed,subvolid=259,subvol=/var/lib/incus/storage-pools/default)

# incus --version    
6.3

What am I doing wrong?

stgraber · July 30, 2024, 10:45pm

Maybe try raw.lxc=lxc.rootfs.options=noatime, that may help apply the option to the bind-mount.

I’m actually a bit surprised that noatime/relatime here appears to be tracked per mount rather than for the entire superblock.

C0rn3j · July 30, 2024, 11:18pm

incus config set bree raw.lxc 'lxc.rootfs.options=noatime'

[0] # incus config show bree                                    
architecture: x86_64
config:
  image.architecture: amd64
  image.description: Archlinux current amd64 (20220929_04:18)
  image.os: Archlinux
  image.release: current
  image.requirements.secureboot: "false"
  image.serial: "20220929_04:18"
  image.type: squashfs
  image.variant: default
  raw.lxc: lxc.rootfs.options=noatime
  volatile.base_image: abcc5fb2d439fdca110bf812038cef653fc14c377a048ba6f64b1baa4590abe6
  volatile.cloud-init.instance-id: 1748fb63-c326-4212-9b8b-83fb55c42659
  volatile.eth0.host_name: vethd73f36fd
  volatile.eth0.hwaddr: 00:16:3e:42:29:47
  volatile.idmap.base: "0"
  volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":100000,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":100000,"Nsid":0,"Maprange":65536}]'
  volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":100000,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":100000,"Nsid":0,"Maprange":65536}]'
  volatile.last_state.idmap: '[]'
  volatile.last_state.power: RUNNING
  volatile.last_state.ready: "false"
  volatile.uuid: 928d616f-6acc-4377-a515-5a0d6b7c5e07
  volatile.uuid.generation: 928d616f-6acc-4377-a515-5a0d6b7c5e07
devices:
  eth0:
    ipv4.address: 10.49.174.11
    name: eth0
    network: lxdbr0
    type: nic
ephemeral: false
profiles:
- default
stateful: false
description: ""

That breaks permissions, with most things being set to nobody, I attempted to add idmapped which seems to be present on the original entry, but it does not seem to register:

incus config set bree raw.lxc 'lxc.rootfs.options=noatime,idmapped'

bree# mount | grep noat
/dev/vda2 on / type btrfs (rw,noatime,compress-force=zstd:3,discard=async,space_cache=v2,user_subvol_rm_allowed,subvolid=262,subvol=/var/lib/incus/storage-pools/default/containers/bree)

stgraber · July 31, 2024, 1:55am

Can you try: raw.lxc=lxc.rootfs.options=noatime,idmap=container?

C0rn3j · August 7, 2024, 3:22pm

That seems to do the trick!

EDIT: It is a bit odd than on a similarly setup host, this isn’t necessary, unsure if it has anything to do with the subvol being / there:

[0] % incus config show ansible
architecture: x86_64
config:
  image.architecture: amd64
  image.description: Archlinux current amd64 (20181217_01:27)
  image.os: Archlinux
  image.release: current
  image.serial: "20181217_01:27"
  volatile.base_image: b69318d5ed7f3748f2da516c4b04fd975fc5b6f2831a859d1428603c09be90c5
  volatile.eth0.host_name: veth0bb75a15
  volatile.eth0.hwaddr: 00:16:3e:19:de:b0
  volatile.idmap.base: "0"
  volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":100000,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":100000,"Nsid":0,"Maprange":65536}]'
  volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":100000,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":100000,"Nsid":0,"Maprange":65536}]'
  volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":100000,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":100000,"Nsid":0,"Maprange":65536}]'
  volatile.last_state.power: RUNNING
  volatile.uuid: 5ff6a31a-61bf-44d7-9278-734ec721065a
  volatile.uuid.generation: 5ff6a31a-61bf-44d7-9278-734ec721065a
devices: {}
ephemeral: false
profiles:
- default
stateful: false
description: ""

/dev/mapper/ArchVol-root on / type ext4 (rw,noatime)
/dev/mapper/Adata-root on /var/lib/incus/storage-pools/default type btrfs (rw,noatime,compress=zstd:3,ssd,space_cache=v2,user_subvol_rm_allowed,subvolid=5,subvol=/)

And container has noatime inherited:

/dev/mapper/Adata-root on / type btrfs (rw,noatime,compress=zstd:3,ssd,space_cache=v2,user_subvol_rm_allowed,subvolid=986,subvol=/containers/ansible)