[libvirt] Mount events are not propagated to namespaces
Dear list, while trying to fix a bug of mine, I've realized the mounts are not being propagated into qemu namespaces once domains are running. That is, imagine you have a domain running and then you plug in a flash disk, mount it into host, because you have a file there that you want to hotplug as a disk to your domain. You're not hotplugging the whole flash disk, but a file on it. Problem is, that the mount event of the flash disk is not propagated to qemu namespace even though the root is remounted as MS_SLAVE|MS_REC right after the namespace is created. After some digging. I am able to reproduce this even without libvirt at all: # mount --make-rshared / # mount | grep floppy <empty/> # unshare -m /bin/bash # mount --make-rslave / Now mount floppy from a different terminal: # mount /dev/sdb1 /mnt/floppy/ # mount | grep floppy /dev/sdb1 on /mnt/floppy type ext4 (rw,relatime,data=ordered) At this point, mount should have been propagated into namespace. Well, it isn't: # mount | grep floppy <empty/> Do you have any idea what I am doing wrong? We need this to work not only because of the example described above, but for a whole lot more cases. Michal
On Fri, Jun 16, 2017 at 10:01:26AM +0200, Michal Privoznik wrote:
Dear list,
while trying to fix a bug of mine, I've realized the mounts are not being propagated into qemu namespaces once domains are running. That is, imagine you have a domain running and then you plug in a flash disk, mount it into host, because you have a file there that you want to hotplug as a disk to your domain. You're not hotplugging the whole flash disk, but a file on it. Problem is, that the mount event of the flash disk is not propagated to qemu namespace even though the root is remounted as MS_SLAVE|MS_REC right after the namespace is created.
After some digging. I am able to reproduce this even without libvirt at all:
# mount --make-rshared / # mount | grep floppy <empty/> # unshare -m /bin/bash # mount --make-rslave /
The problem here is your 'unshare' command, which mounts '/' as private, and it appears the later '--make-rslave' is unable to undo this. If you use unshare -m --propagation slave /bin/sh then the example works correctly. Also, you shouldn't need the initial '--make-rshare /' as (at least on systemd host, this is already the case). You can look in /proc/self/mountinfo to view current propagation status Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
On 06/16/2017 01:14 PM, Daniel P. Berrange wrote:
On Fri, Jun 16, 2017 at 10:01:26AM +0200, Michal Privoznik wrote:
Dear list,
while trying to fix a bug of mine, I've realized the mounts are not being propagated into qemu namespaces once domains are running. That is, imagine you have a domain running and then you plug in a flash disk, mount it into host, because you have a file there that you want to hotplug as a disk to your domain. You're not hotplugging the whole flash disk, but a file on it. Problem is, that the mount event of the flash disk is not propagated to qemu namespace even though the root is remounted as MS_SLAVE|MS_REC right after the namespace is created.
After some digging. I am able to reproduce this even without libvirt at all:
# mount --make-rshared / # mount | grep floppy <empty/> # unshare -m /bin/bash # mount --make-rslave /
The problem here is your 'unshare' command, which mounts '/' as private, and it appears the later '--make-rslave' is unable to undo this.
Okay.
If you use
unshare -m --propagation slave /bin/sh
then the example works correctly.
Indeed. And now it also does work for libvirt. I don't know what I have been doing wrong yesterday. Thanks! Michal
participants (2)
-
Daniel P. Berrange -
Michal Privoznik