Hey all, I’m making a stab at writing a BOSH CPI with LXC/LXD as the provider. I’m at the point where a “VM” is being created, networking is being assigned, and the container starts up. However, the BOSH Agent tries to remount /dev/shm
, and I’m not really certain how to handle it. What I’m seeing in the app logs are:
2018-12-28_20:22:27.66024 [Cmd Runner] 2018/12/28 20:22:27 DEBUG - Stderr:
2018-12-28_20:22:27.66027 [Cmd Runner] 2018/12/28 20:22:27 DEBUG - Successful: true (0)
2018-12-28_20:22:27.66032 [Cmd Runner] 2018/12/28 20:22:27 DEBUG - Running command 'mount /dev/shm -o remount -o noexec -o nodev -o nosuid'
2018-12-28_20:22:27.66122 [Cmd Runner] 2018/12/28 20:22:27 DEBUG - Stdout:
2018-12-28_20:22:27.66129 [Cmd Runner] 2018/12/28 20:22:27 DEBUG - Stderr: mount: cannot remount read-write, is write-protected
2018-12-28_20:22:27.66147 [Cmd Runner] 2018/12/28 20:22:27 DEBUG - Successful: false (32)
2018-12-28_20:22:27.66148 [main] 2018/12/28 20:22:27 ERROR - App setup Running bootstrap: Setting up Shared Memory: Shelling out to mount: Running command: 'mount /dev/shm -o remount -o noexec -o nodev -o nosuid', stdout: '', stderr: 'mount: cannot remount read-write, is write-protected
2018-12-28_20:22:27.66149 ': exit status 32
2018-12-28_20:22:27.66153 [main] 2018/12/28 20:22:27 ERROR - Agent exited with error: Running bootstrap: Setting up Shared Memory: Shelling out to mount: Running command: 'mount /dev/shm -o remount -o noexec -o nodev -o nosuid', stdout: '', stderr: 'mount: cannot remount read-write, is write-protected
2018-12-28_20:22:27.66154 ': exit status 32
I think strategically,
- I may be able to pre-configure this properly [assuming that the agent just won’t do anything in that case],
- Maybe I can enable the privs in the container enough so the agent (running as
root
of course) has the capabilities, - Possibly the bosh agent can be told to leave this alone via some config setting.
Currently, I’m setting security.privileged
to be true
, but that didn’t see to get me anywhere.
Thanks for any suggestions!