Not able to mount tty inside lxc container

MTL · August 5, 2021, 8:20pm

Not able to mount devices inside container

I am trying to mount tty0 from host inside the unprivilaged container and getting the below error

lxc app 20210805201108.869 ERROR lxc_conf - conf.c:mount_entry:1957 - No such file or directory - Failed to mount “/dev/tty0” on “/var/lib/lxc/app/dev/tty0”

My config file has
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.mount.entry = /dev/tty0 dev/tty0 none rw,bind 0 0

Could you please suggest me if i have missed out anything?

cat /proc/self/cgroup
12:cpuset:/user/appfw/0
11:blkio:/user.slice
10:memory:/user/appfw/0
9:hugetlb:/
8:perf_event:/
7:pids:/user.slice/user-1001.slice/session-3.scope
6:devices:/user/appfw/0
5:cpu,cpuacct:/user/appfw/0
4:net_cls,net_prio:/
3:freezer:/user/appfw/0
2:rdma:/
1:name=systemd:/user/appfw/0
0::/user.slice/user-1001.slice/session-3.scope

stgraber · August 5, 2021, 9:10pm

try replacing bind with bind,create=file

MTL · August 6, 2021, 9:54am

With,
lxc.mount.entry = /dev/loop0 dev/loop0 none bind,create=file 0 0
lxc.mount.entry = /dev/tty1 dev/tty1 none bind,create=file 0 0

Mount is successful but i am not able to see loop0 and tty1 inside dev folder of container rootfs

Below are the logs for reference,

lxc-start app DEBUG lxc_conf - conf.c:mount_entry:1965 - Remounting “/dev/loop0” on “/dev/loop0” to respect bind or remount options
lxc-start app DEBUG lxc_conf - conf.c:mount_entry:1986 - Flags for “/dev/loop0” were 4096, required extra flags are 0
lxc-start app DEBUG lxc_conf - conf.c:mount_entry:1996 - Mountflags already were 4096, skipping remount
lxc-start app DEBUG lxc_conf - conf.c:mount_entry:2042 - Mounted “/dev/loop0” on “/dev/loop0” with filesystem type “none”
lxc-start app DEBUG lxc_conf - conf.c:mount_entry:1965 - Remounting “/dev/tty1” on “/dev/tty1” to respect bind or remount options
lxc-start app DEBUG lxc_conf - conf.c:mount_entry:1986 - Flags for “/dev/tty1” were 4096, required extra flags are 0
lxc-start app DEBUG lxc_conf - conf.c:mount_entry:1996 - Mountflags already were 4096, skipping remount
lxc-start app DEBUG lxc_conf - conf.c:mount_entry:2042 - Mounted “/dev/tty1” on “/dev/tty1” with filesystem type “none”
lxc-start app INFO lxc_conf - conf.c:mount_file_entries:2274 - Finished setting up mounts
lxc-start app INFO lxc_utils - utils.c:lxc_mount_proc_if_needed:1722 - I am 1, /proc/self points to “1”
lxc-start app DEBUG lxc_conf - conf.c:setup_pivot_root:1477 - Container does not have a rootfs
lxc-start app DEBUG lxc_conf - conf.c:lxc_setup_devpts:1542 - No new devpts instance will be mounted since no pts devices are requested
lxc-start app DEBUG lxc_conf - conf.c:setup_caps:2450 - Capabilities have been setup
lxc-start app NOTICE lxc_conf - conf.c:lxc_setup:3563 - The container “app” is set up
lxc-start app INFO lxc_cgfsng - cgroups/cgfsng.c:__cg_legacy_setup_limits:2245 - Limits for the legacy cgroup hierarchies have been setup
lxc-start app TRACE lxc_start - start.c:lxc_spawn:1752 - Set up legacy device cgroup controller limits

stgraber · August 6, 2021, 4:04pm

What LXC version is this?

Can you show cat /proc/self/mountinfo from within the container?

MTL · August 6, 2021, 5:54pm

appfw@topas-dev:/var/lib/lxc/app$ lxc-attach app
root@topas-dev:/var/lib/lxc/app# cat /proc/self/mountinfo
487 486 253:0 / / rw,relatime master:1 - ext4 /dev/mapper/hpservizio2–vg-root rw,errors=remount-ro,data=ordered
488 487 0:6 / /dev rw,nosuid,relatime master:2 - devtmpfs udev rw,size=8144784k,nr_inodes=2036196,mode=755
489 488 0:21 / /dev/pts rw,nosuid,noexec,relatime master:3 - devpts devpts rw,gid=5,mode=620,ptmxmode=000
490 488 0:23 / /dev/shm rw,nosuid,nodev master:4 - tmpfs tmpfs rw
491 488 0:40 / /dev/hugepages rw,relatime master:25 - hugetlbfs hugetlbfs rw,pagesize=2M
492 488 0:18 / /dev/mqueue rw,relatime master:26 - mqueue mqueue rw
493 487 0:22 / /run rw,nosuid,noexec,relatime master:5 - tmpfs tmpfs rw,size=1633872k,mode=755
494 493 0:24 / /run/lock rw,nosuid,nodev,noexec,relatime master:6 - tmpfs tmpfs rw,size=5120k
497 493 0:42 / /run/rpc_pipefs rw,relatime master:29 - rpc_pipefs sunrpc rw
500 493 0:53 / /run/user/1001 rw,nosuid,nodev,relatime master:33 - tmpfs tmpfs rw,size=1633868k,mode=700,uid=1001,gid=1002
511 500 0:55 / /run/user/1001/gvfs rw,nosuid,nodev,relatime master:329 - fuse.gvfsd-fuse gvfsd-fuse rw,user_id=1001,group_id=1002
528 487 0:20 / /sys rw,nosuid,nodev,noexec,relatime master:7 - sysfs sysfs rw
531 528 0:7 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime master:8 - securityfs securityfs rw
538 528 0:25 / /sys/fs/cgroup ro,nosuid,nodev,noexec master:9 - tmpfs tmpfs ro,mode=755
551 538 0:26 /…/…/… /sys/fs/cgroup/unified rw,nosuid,nodev,noexec,relatime master:10 - cgroup2 cgroup rw
591 538 0:27 /…/…/…/…/… /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime master:11 - cgroup cgroup rw,xattr,name=systemd
604 538 0:29 /…/…/…/…/… /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime master:14 - cgroup cgroup rw,cpuset,clone_children
695 538 0:30 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime master:15 - cgroup cgroup rw,hugetlb
727 538 0:31 /…/…/…/…/… /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime master:16 - cgroup cgroup rw,memory
728 538 0:32 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime master:17 - cgroup cgroup rw,perf_event
729 538 0:33 / /sys/fs/cgroup/rdma rw,nosuid,nodev,noexec,relatime master:18 - cgroup cgroup rw,rdma
730 538 0:34 /…/…/…/…/… /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime master:19 - cgroup cgroup rw,freezer
731 538 0:35 /…/…/…/…/… /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime master:20 - cgroup cgroup rw,cpu,cpuacct
732 538 0:36 /…/…/… /sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime master:21 - cgroup cgroup rw,pids
733 538 0:37 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime master:22 - cgroup cgroup rw,net_cls,net_prio
734 538 0:38 /… /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime master:23 - cgroup cgroup rw,blkio
735 538 0:39 /…/…/…/…/… /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime master:24 - cgroup cgroup rw,devices
736 528 0:28 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime master:12 - pstore pstore rw
737 528 0:8 / /sys/kernel/debug rw,relatime master:28 - debugfs debugfs rw
738 528 0:43 / /sys/fs/fuse/connections rw,relatime master:30 - fusectl fusectl rw
739 528 0:19 / /sys/kernel/config rw,relatime master:31 - configfs configfs rw
740 487 0:4 / /proc rw,nosuid,nodev,noexec,relatime master:13 - proc proc rw
741 740 0:41 / /proc/sys/fs/binfmt_misc rw,relatime master:27 - autofs systemd-1 rw,fd=46,pgrp=0,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=15445
742 741 0:44 / /proc/sys/fs/binfmt_misc rw,relatime master:32 - binfmt_misc binfmt_misc rw
743 487 0:50 / /var/lib/lxcfs rw,nosuid,nodev,relatime master:253 - fuse.lxcfs lxcfs rw,user_id=0,group_id=0,allow_other
744 487 0:54 / /vagrant rw,nodev,relatime master:322 - vboxsf vagrant rw,iocharset=utf8,uid=1000,gid=1000
745 744 0:57 / /vagrant/host_desktop rw,nodev,relatime master:383 - vboxsf vagrant_host_desktop rw,iocharset=utf8,uid=1000,gid=1000
746 487 0:56 / /home/mlo6kor/host_home rw,nodev,relatime master:524 - vboxsf vagrant_host_home rw,iocharset=utf8,uid=0,gid=0
749 488 0:58 / /dev rw,relatime - tmpfs none rw,size=492k,mode=755,uid=231072,gid=231072
750 740 0:52 / /proc rw,nosuid,nodev,noexec,relatime - proc proc rw
751 528 0:59 / /sys rw,nosuid,nodev,noexec,relatime - sysfs sysfs rw
752 751 0:59 / /sys ro,nosuid,nodev,noexec,relatime - sysfs sysfs rw
753 752 0:59 / /sys/devices/virtual/net rw,relatime - sysfs sysfs rw
754 753 0:59 /devices/virtual/net /sys/devices/virtual/net rw,nosuid,nodev,noexec,relatime - sysfs sysfs rw
755 749 0:58 /full /dev/full rw,relatime - tmpfs none rw,size=492k,mode=755,uid=231072,gid=231072
756 749 0:58 /null /dev/null rw,relatime - tmpfs none rw,size=492k,mode=755,uid=231072,gid=231072
757 749 0:58 /random /dev/random rw,relatime - tmpfs none rw,size=492k,mode=755,uid=231072,gid=231072
758 749 0:58 /tty /dev/tty rw,relatime - tmpfs none rw,size=492k,mode=755,uid=231072,gid=231072
759 749 0:58 /urandom /dev/urandom rw,relatime - tmpfs none rw,size=492k,mode=755,uid=231072,gid=231072
760 749 0:58 /zero /dev/zero rw,relatime - tmpfs none rw,size=492k,mode=755,uid=231072,gid=231072
761 487 253:0 /bin /var/lib/lxc/app/bin ro,relatime master:1 - ext4 /dev/mapper/hpservizio2–vg-root rw,errors=remount-ro,data=ordered
762 487 253:0 /boot /var/lib/lxc/app/boot ro,relatime master:1 - ext4 /dev/mapper/hpservizio2–vg-root rw,errors=remount-ro,data=ordered
763 487 253:0 /etc /var/lib/lxc/app/etc ro,relatime master:1 - ext4 /dev/mapper/hpservizio2–vg-root rw,errors=remount-ro,data=ordered
764 487 253:0 /lib /var/lib/lxc/app/lib ro,relatime master:1 - ext4 /dev/mapper/hpservizio2–vg-root rw,errors=remount-ro,data=ordered
766 487 253:0 /lost+found /var/lib/lxc/app/lost+found ro,relatime master:1 - ext4 /dev/mapper/hpservizio2–vg-root rw,errors=remount-ro,data=ordered
767 487 253:0 /media/data /var/lib/lxc/app/media/data ro,relatime master:1 - ext4 /dev/mapper/hpservizio2–vg-root rw,errors=remount-ro,data=ordered
768 487 253:0 /mnt /var/lib/lxc/app/mnt ro,relatime master:1 - ext4 /dev/mapper/hpservizio2–vg-root rw,errors=remount-ro,data=ordered
769 487 253:0 /opt /var/lib/lxc/app/opt ro,relatime master:1 - ext4 /dev/mapper/hpservizio2–vg-root rw,errors=remount-ro,data=ordered
770 487 253:0 /sbin /var/lib/lxc/app/sbin ro,relatime master:1 - ext4 /dev/mapper/hpservizio2–vg-root rw,errors=remount-ro,data=ordered
771 487 253:0 /srv /var/lib/lxc/app/srv ro,relatime master:1 - ext4 /dev/mapper/hpservizio2–vg-root rw,errors=remount-ro,data=ordered
772 487 253:0 /usr /var/lib/lxc/app/usr ro,relatime master:1 - ext4 /dev/mapper/hpservizio2–vg-root rw,errors=remount-ro,data=ordered
773 487 0:59 / /var/lib/lxc/app/sys/manasa ro,nosuid,nodev,noexec,relatime - sysfs sysfs rw
774 487 0:52 / /var/lib/lxc/app/proc rw,nosuid,nodev,noexec,relatime - proc proc rw
775 749 0:58 /loop0 /dev/loop0 rw,relatime - tmpfs none rw,size=492k,mode=755,uid=231072,gid=231072
776 749 0:58 /tty1 /dev/tty1 rw,relatime - tmpfs none rw,size=492k,mode=755,uid=231072,gid=231072
777 749 0:60 / /dev/shm rw,nosuid,nodev - tmpfs tmpfs rw,uid=231072,gid=231072
778 749 0:61 / /dev/pts rw,nosuid,noexec,relatime - devpts devpts rw,gid=231077,mode=620,ptmxmode=000
779 752 0:62 / /sys/fs/cgroup ro,nosuid,nodev,noexec - tmpfs tmpfs ro,mode=755,uid=231072,gid=231072
781 779 0:27 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime - cgroup cgroup rw,xattr,name=systemd
782 779 0:36 / /sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime - cgroup cgroup rw,pids
783 779 0:39 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime - cgroup cgroup rw,devices
784 779 0:37 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime - cgroup cgroup rw,net_cls,net_prio
785 779 0:35 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime - cgroup cgroup rw,cpu,cpuacct
786 779 0:33 / /sys/fs/cgroup/rdma rw,nosuid,nodev,noexec,relatime - cgroup cgroup rw,rdma
787 779 0:38 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime - cgroup cgroup rw,blkio
788 779 0:31 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime - cgroup cgroup rw,memory
789 779 0:29 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime - cgroup cgroup rw,cpuset,clone_children
790 779 0:30 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime - cgroup cgroup rw,hugetlb
791 779 0:34 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime - cgroup cgroup rw,freezer
792 779 0:32 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime - cgroup cgroup rw,perf_event

MTL · August 6, 2021, 5:55pm

root@topas-dev:/var/lib/lxc/app# lxc --version
3.0.3

stgraber · August 6, 2021, 6:50pm

That’s odd, the mountinfo output shows the devices where we’d expect them.
What does ls -lh /dev look like from inside that container?

MTL · August 6, 2021, 7:09pm

My bad, I was checking ls -lh dev and not ls -lh /dev.

I was thinkg /dev is for host Root file system.
Is it not so?
I have only mounted loop5, tty1, ttyS0,tty7. Will lxc automount some devices by default?

root@topas-dev:/var/lib/lxc/app/dev# ls -lh /dev
total 4.0K
lrwxrwxrwx 1 root root 11 Aug 6 21:05 core → /proc/kcore
lrwxrwxrwx 1 root root 13 Aug 6 21:05 fd → /proc/self/fd
---------- 1 root root 0 Aug 6 21:05 full
-rw-r–r-- 1 root root 0 Aug 6 21:05 loop5
---------- 1 root root 34 Aug 6 21:05 null
drwxr-xr-x 2 root root 0 Aug 6 21:05 pts
---------- 1 root root 0 Aug 6 21:05 random
drwxrwxrwt 2 root root 40 Aug 6 21:05 shm
lrwxrwxrwx 1 root root 15 Aug 6 21:05 stderr → /proc/self/fd/2
lrwxrwxrwx 1 root root 15 Aug 6 21:05 stdin → /proc/self/fd/0
lrwxrwxrwx 1 root root 15 Aug 6 21:05 stdout → /proc/self/fd/1
---------- 1 root root 0 Aug 6 21:05 tty
-rw-r–r-- 1 root root 0 Aug 6 21:05 tty1
-rw-r–r-- 1 root root 0 Aug 6 21:05 tty7
-rw-r–r-- 1 root root 0 Aug 6 21:05 ttyS0
---------- 1 root root 0 Aug 6 21:05 urandom
---------- 1 root root 0 Aug 6 21:05 zero

stgraber · August 6, 2021, 7:11pm

Yes, LXC always mounts a default set of device, otherwise nothing would run properly in the container.

MTL · August 6, 2021, 7:12pm

Ok… thank you for the explanation.
One last question why ls -lh /dev and why not ls -lh dev inside the container