[SOLVED] can't start CT with bind mount

P

Phlogi

Active Member
Jul 21, 2015
36
4
28
Adding a bind mount (zfs pool directory) to my container results in an error when starting it:

Code: 
      lxc-start 1465211058.722 INFO     lxc_start_ui - lxc_start.c:main:264 - using rcfile /var/lib/lxc/202/config
      lxc-start 1465211058.722 WARN     lxc_confile - confile.c:config_pivotdir:1817 - lxc.pivotdir is ignored.  It will soon become an error.
      lxc-start 1465211058.723 WARN     lxc_cgmanager - cgmanager.c:cgm_get:994 - do_cgm_get exited with error
      lxc-start 1465211058.724 INFO     lxc_lsm - lsm/lsm.c:lsm_init:48 - LSM security driver AppArmor
      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:parse_config_v2:324 - processing: .reject_force_umount  # comment this to allow umount -f;  not recommended.
      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:parse_config_v2:426 - Adding native rule for reject_force_umount action 0
      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:do_resolve_add_rule:216 - Setting seccomp rule to reject force umounts

      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:parse_config_v2:429 - Adding compat rule for reject_force_umount action 0
      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:do_resolve_add_rule:216 - Setting seccomp rule to reject force umounts

      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:parse_config_v2:324 - processing: .[all].
      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:parse_config_v2:324 - processing: .kexec_load errno 1.
      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:parse_config_v2:426 - Adding native rule for kexec_load action 327681
      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:parse_config_v2:429 - Adding compat rule for kexec_load action 327681
      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:parse_config_v2:324 - processing: .open_by_handle_at errno 1.
      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:parse_config_v2:426 - Adding native rule for open_by_handle_at action 327681
      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:parse_config_v2:429 - Adding compat rule for open_by_handle_at action 327681
      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:parse_config_v2:324 - processing: .init_module errno 1.
      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:parse_config_v2:426 - Adding native rule for init_module action 327681
      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:parse_config_v2:429 - Adding compat rule for init_module action 327681
      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:parse_config_v2:324 - processing: .finit_module errno 1.
      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:parse_config_v2:426 - Adding native rule for finit_module action 327681
      lxc-start 1465211058.724 WARN     lxc_seccomp - seccomp.c:do_resolve_add_rule:233 - Seccomp: got negative # for syscall: finit_module
      lxc-start 1465211058.724 WARN     lxc_seccomp - seccomp.c:do_resolve_add_rule:234 - This syscall will NOT be blacklisted
      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:parse_config_v2:429 - Adding compat rule for finit_module action 327681
      lxc-start 1465211058.724 WARN     lxc_seccomp - seccomp.c:do_resolve_add_rule:233 - Seccomp: got negative # for syscall: finit_module
      lxc-start 1465211058.724 WARN     lxc_seccomp - seccomp.c:do_resolve_add_rule:234 - This syscall will NOT be blacklisted
      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:parse_config_v2:324 - processing: .delete_module errno 1.
      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:parse_config_v2:426 - Adding native rule for delete_module action 327681
      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:parse_config_v2:429 - Adding compat rule for delete_module action 327681
      lxc-start 1465211058.724 INFO     lxc_seccomp - seccomp.c:parse_config_v2:436 - Merging in the compat seccomp ctx into the main one
      lxc-start 1465211058.724 INFO     lxc_conf - conf.c:run_script_argv:362 - Executing script '/usr/share/lxc/hooks/lxc-pve-prestart-hook' for container '202', config section 'lxc'
      lxc-start 1465211059.031 ERROR    lxc_conf - conf.c:run_buffer:342 - Script exited with status 2
      lxc-start 1465211059.031 ERROR    lxc_start - start.c:lxc_init:436 - failed to run pre-start hooks for container '202'.
      lxc-start 1465211059.031 ERROR    lxc_start - start.c:__lxc_start:1170 - failed to initialize the container
      lxc-start 1465211059.031 ERROR    lxc_start_ui - lxc_start.c:main:344 - The container failed to start.
      lxc-start 1465211059.031 ERROR    lxc_start_ui - lxc_start.c:main:348 - Additional information can be obtained by setting the --logfile and --logpriority options.

I followed the instructions here: https://pve.proxmox.com/wiki/LXC_Bind_Mounts

Any permission requirements or restrictions that apply?

Code: 
 pveversion -v
proxmox-ve: 4.2-52 (running kernel: 4.4.8-1-pve)
pve-manager: 4.2-11 (running version: 4.2-11/2c626aa1)
pve-kernel-4.4.6-1-pve: 4.4.6-48
pve-kernel-4.2.6-1-pve: 4.2.6-36
pve-kernel-4.4.8-1-pve: 4.4.8-52
lvm2: 2.02.116-pve2
corosync-pve: 2.3.5-2
libqb0: 1.0-1
pve-cluster: 4.0-40
qemu-server: 4.0-79
pve-firmware: 1.1-8
libpve-common-perl: 4.0-67
libpve-access-control: 4.0-16
libpve-storage-perl: 4.0-51
pve-libspice-server1: 0.12.5-2
vncterm: 1.2-1
pve-qemu-kvm: 2.5-19
pve-container: 1.0-67
pve-firewall: 2.0-29
pve-ha-manager: 1.0-31
ksm-control-daemon: 1.2-1
glusterfs-client: 3.5.2-2+deb8u2
lxc-pve: 1.1.5-7
lxcfs: 2.0.0-pve2
cgmanager: 0.39-pve1
criu: 1.6.0-1
zfsutils: 0.6.5-pve9~jessie
 
It works with the following configuration, but not with the commented entry. Which one is the recommended way of doing it?

Code: 
#mp0: /mnt/testPool mp=/rpool/testPool/for_202
lxc.mount.entry: /rpool/testPool/for_202 mnt/testPool  none bind,create=dir,optional 0 0
 
What's the output of `lxc-start -n 202 -lDEBUG -F` with the non-working bindmount added?
 
However I just got this error when halting the container:
Code: 
[....] Unmounting local filesystems...umount: /mnt/testPool: block devices are not permitted on filesystem
failed.
mount: cannot mount rpool/subvol-202-disk-1 read-only
[info] Will now halt.
vm 202 - unable to parse value of 'mp0' - format error
mp: property is missing and it is not optional
/mnt/testPool mp: property is not defined in schema and the schema does not allow additional properties
volume: property is missing and it is not optional
 
I think you mixed up the parameters:
Phlogi said:
It works with the following configuration, but not with the commented entry. Which one is the recommended way of doing it?

Code: 
#mp0: /mnt/testPool mp=/rpool/testPool/for_202
lxc.mount.entry: /rpool/testPool/for_202 mnt/testPool  none bind,create=dir,optional 0 0
Click to expand...

Those are two different entries, the first one should be inverted (and has wrong syntax):
Code: 
mp0: /rpool/testPool/for_202,mp=/mnt/testPool
 
You're right, my fault. I think the documentation could be better and not using /target for both paths ;)
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back