[SOLVED] can't start CT with bind mount

P

Phlogi

Renowned Member
Jul 21, 2015
37
4
73
Adding a bind mount (zfs pool directory) to my container results in an error when starting it:

Code: 
      lxc-start 1465211058.722 INFO     lxc_start_ui - lxc_start.c:main:264 - using rcfile /var/lib/lxc/202/config
      lxc-start 1465211058.722 WARN     lxc_confile - confile.c:config_pivotdir:1817 - lxc.pivotdir is ignored.  It will soon become an error.
      lxc-start 1465211058.723 WARN     lxc_cgmanager - cgmanager.c:cgm_get:994 - do_cgm_get exited with error
      lxc-start 1465211058.724 INFO     lxc_lsm - lsm/lsm.c:lsm_init:48 - LSM security driver AppArmor
      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:parse_config_v2:324 - processing: .reject_force_umount  # comment this to allow umount -f;  not recommended.
      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:parse_config_v2:426 - Adding native rule for reject_force_umount action 0
      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:do_resolve_add_rule:216 - Setting seccomp rule to reject force umounts

      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:parse_config_v2:429 - Adding compat rule for reject_force_umount action 0
      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:do_resolve_add_rule:216 - Setting seccomp rule to reject force umounts

      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:parse_config_v2:324 - processing: .[all].
      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:parse_config_v2:324 - processing: .kexec_load errno 1.
      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:parse_config_v2:426 - Adding native rule for kexec_load action 327681
      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:parse_config_v2:429 - Adding compat rule for kexec_load action 327681
      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:parse_config_v2:324 - processing: .open_by_handle_at errno 1.
      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:parse_config_v2:426 - Adding native rule for open_by_handle_at action 327681
      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:parse_config_v2:429 - Adding compat rule for open_by_handle_at action 327681
      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:parse_config_v2:324 - processing: .init_module errno 1.
      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:parse_config_v2:426 - Adding native rule for init_module action 327681
      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:parse_config_v2:429 - Adding compat rule for init_module action 327681
      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:parse_config_v2:324 - processing: .finit_module errno 1.
      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:parse_config_v2:426 - Adding native rule for finit_module action 327681
      lxc-start 1465211058.724 WARN     lxc_seccomp - seccomp.c:do_resolve_add_rule:233 - Seccomp: got negative # for syscall: finit_module
      lxc-start 1465211058.724 WARN     lxc_seccomp - seccomp.c:do_resolve_add_rule:234 - This syscall will NOT be blacklisted
      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:parse_config_v2:429 - Adding compat rule for finit_module action 327681
      lxc-start 1465211058.724 WARN     lxc_seccomp - seccomp.c:do_resolve_add_rule:233 - Seccomp: got negative # for syscall: finit_module
      lxc-start 1465211058.724 WARN     lxc_seccomp - seccomp.c:do_resolve_add_rule:234 - This syscall will NOT be blacklisted
      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:parse_config_v2:324 - processing: .delete_module errno 1.
      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:parse_config_v2:426 - Adding native rule for delete_module action 327681
      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:parse_config_v2:429 - Adding compat rule for delete_module action 327681
      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:parse_config_v2:436 - Merging in the compat seccomp ctx into the main one
      lxc-start 1465211058.724 INFO     lxc_conf - conf.c:run_script_argv:362 - Executing script '/usr/share/lxc/hooks/lxc-pve-prestart-hook' for container '202', config section 'lxc'
      lxc-start 1465211059.031 ERROR    lxc_conf - conf.c:run_buffer:342 - Script exited with status 2
      lxc-start 1465211059.031 ERROR    lxc_start - start.c:lxc_init:436 - failed to run pre-start hooks for container '202'.
      lxc-start 1465211059.031 ERROR    lxc_start - start.c:__lxc_start:1170 - failed to initialize the container
      lxc-start 1465211059.031 ERROR    lxc_start_ui - lxc_start.c:main:344 - The container failed to start.
      lxc-start 1465211059.031 ERROR    lxc_start_ui - lxc_start.c:main:348 - Additional information can be obtained by setting the --logfile and --logpriority options.

I followed the instructions here: https://pve.proxmox.com/wiki/LXC_Bind_Mounts

Any permission requirements or restrictions that apply?

Code: 
 pveversion -v
proxmox-ve: 4.2-52 (running kernel: 4.4.8-1-pve)
pve-manager: 4.2-11 (running version: 4.2-11/2c626aa1)
pve-kernel-4.4.6-1-pve: 4.4.6-48
pve-kernel-4.2.6-1-pve: 4.2.6-36
pve-kernel-4.4.8-1-pve: 4.4.8-52
lvm2: 2.02.116-pve2
corosync-pve: 2.3.5-2
libqb0: 1.0-1
pve-cluster: 4.0-40
qemu-server: 4.0-79
pve-firmware: 1.1-8
libpve-common-perl: 4.0-67
libpve-access-control: 4.0-16
libpve-storage-perl: 4.0-51
pve-libspice-server1: 0.12.5-2
vncterm: 1.2-1
pve-qemu-kvm: 2.5-19
pve-container: 1.0-67
pve-firewall: 2.0-29
pve-ha-manager: 1.0-31
ksm-control-daemon: 1.2-1
glusterfs-client: 3.5.2-2+deb8u2
lxc-pve: 1.1.5-7
lxcfs: 2.0.0-pve2
cgmanager: 0.39-pve1
criu: 1.6.0-1
zfsutils: 0.6.5-pve9~jessie
 
It works with the following configuration, but not with the commented entry. Which one is the recommended way of doing it?

Code: 
#mp0: /mnt/testPool mp=/rpool/testPool/for_202
lxc.mount.entry: /rpool/testPool/for_202 mnt/testPool  none bind,create=dir,optional 0 0
 
What's the output of `lxc-start -n 202 -lDEBUG -F` with the non-working bindmount added?
 
However I just got this error when halting the container:
Code: 
[....] Unmounting local filesystems...umount: /mnt/testPool: block devices are not permitted on filesystem
failed.
mount: cannot mount rpool/subvol-202-disk-1 read-only
[info] Will now halt.
vm 202 - unable to parse value of 'mp0' - format error
mp: property is missing and it is not optional
/mnt/testPool mp: property is not defined in schema and the schema does not allow additional properties
volume: property is missing and it is not optional
 
I think you mixed up the parameters:
Phlogi said:
It works with the following configuration, but not with the commented entry. Which one is the recommended way of doing it?

Code: 
#mp0: /mnt/testPool mp=/rpool/testPool/for_202
lxc.mount.entry: /rpool/testPool/for_202 mnt/testPool  none bind,create=dir,optional 0 0
Click to expand...

Those are two different entries, the first one should be inverted (and has wrong syntax):
Code: 
mp0: /rpool/testPool/for_202,mp=/mnt/testPool
 
You're right, my fault. I think the documentation could be better and not using /target for both paths ;)
 
You must log in or register to reply here.
Top Bottom