Ubuntu
mountall package

mounted-dev must not re-create consoles in a container

Bug #1075717 reported by Serge Hallyn
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
lxc (Ubuntu)
Fix Released
High
Serge Hallyn
Precise
Invalid
Undecided
Unassigned
mountall (Ubuntu)
Fix Released
High
Steve Langasek
Precise
Fix Released
High
Stéphane Graber

Bug Description

mounted-dev.conf always does MAKEDEV console. MAKEDEV doesn't just make the devices, it first removes them.

When a container starts, it sets up /dev/console and /dev/lxc[1-4] as bind mounts of ptys on the host, for use as lxc consoles. If mounted-dev deletes and recreates those, then none of the lxc consoles work.

A simple patch which stops it from breaking lxc consoles is at lp:~serge-hallyn/ubuntu/quantal/mountall/mountall-lxc . However looking back at it, I think it would be ok to do a further check for whether /dev/console exists. If it does not exist, then MAKEDEV console anyway. This isn't necessary, just a thought.

== SRU ==
=== Rationale ===
This bug was fixed in trusty but still affects precise LXC containers that are brought up with /dev mounted as something other than a devtmpfs (which is the case with LXC 1.1).

=== Test case ===
    - Install LXC 1.1 (from ppa:ubuntu-lxc/daily or in a few days, from vivid)
    - sudo lxc-create -t download -n precise -- -d ubuntu -r precise -a amd64
    - sudo lxc-start -n precise -F

That will hang at a blank screen even though the container is functional.

    - sudo lxc-attach -n precise -- apt-get dist-upgrade -y
    - sudo lxc-attach -n precise -- reboot

And at that point, getty should show up fine in the lxc-start shell.

=== Regression potential ===
Not expecting any, the change is straightforward and has been in Ubuntu since raring.

See original description
Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Marking high priority because without this we cannot use separate /dev partitions in a container.

Changed in mountall (Ubuntu):
importance: Undecided → High
Brian Murray (brian-murray)
tags: added: screencast
tags: removed: screencast
Steve Langasek (vorlon)
Changed in mountall (Ubuntu):
assignee: nobody → Steve Langasek (vorlon)
status: New → Triaged
Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

As per discussion on #ubuntu-devel, lxc should run MAKEDEV in the container before setting up its devices.

To do this, teh setup_autodev() function must be split up. We'll first mount all lxc filesystems (including a fresh /dev), then run MAKEDEV console in the container, then do the rest of setup_autodev() if lxc.autodev = 1.

Changed in lxc (Ubuntu):
assignee: nobody → Serge Hallyn (serge-hallyn)
importance: Undecided → High
status: New → Triaged
Revision history for this message
Steve Langasek (vorlon) wrote :

Have talked through this with hallyn in detail.

 - we don't want to change MAKEDEV itself to not clobber existing device nodes, because in other cases this makes recovery from broken /dev less reliable
 - we can't side-step this by making /dev not be a mountpoint within the container because in some cases users want to use a read-only rootfs
 - we can't use devtmpfs instead because there is only *one* devtmpfs in the kernel no matter where it's mounted, so this would make it impossible to make the exact change to node targets that this is about.

So I'm convinced that the linked branch is an appropriate solution to this problem. It has no impact on the common case when /dev is a devtmpfs, we don't call MAKEDEV at all in that scenario.

Revision history for this message
Steve Langasek (vorlon) wrote :

... except that we can't actually call running-in-container reliably this early in the boot process; /run is not guaranteed to be mounted (or seen to be mounted) before /dev.

Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

A lxc tree which is working for me to do MAKEDEV console in the container is at lp:~serge-hallyn/ubuntu/raring/lxc/lxc-makedev.

Steve Langasek (vorlon)
Changed in mountall (Ubuntu):
status: Triaged → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mountall - 2.45

---------------
mountall (2.45) unstable; urgency=low

  [ Serge Hallyn ]
  * mounted-dev.conf: leave consoles alone in a lxc or libvirt container
    (LP: #1075717)

 -- Steve Langasek <email address hidden> Wed, 28 Nov 2012 22:07:18 -0800

Changed in mountall (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lxc - 0.8.0~rc1-4ubuntu47

---------------
lxc (0.8.0~rc1-4ubuntu47) raring; urgency=low

  * 0230-autodev-makedev-console: Run MAKEDEV(console) before creating
    consoles in the container. This is to make up for the fact that
    userspace (i.e. mountall) won't be doing so, since it otherwise
    would overwrite the consoles set up by lxc. (LP: #1075717)
 -- Serge Hallyn <email address hidden> Wed, 28 Nov 2012 16:08:37 -0600

Changed in lxc (Ubuntu):
status: Triaged → Fix Released
Revision history for this message
Stéphane Graber (stgraber) wrote :

This needs fixing in precise too. I just ran into that very problem with current upstream LXC and a precise privileged container.

I'll upload a straight cherry-pick of the mounted-dev.conf job as we have it nowadays (I confirmed that fixes it here).

Changed in lxc (Ubuntu Precise):
status: New → Invalid
Changed in mountall (Ubuntu Precise):
status: New → Triaged
assignee: nobody → Stéphane Graber (stgraber)
importance: Undecided → High
description: updated
Revision history for this message
Adam Conrad (adconrad) wrote : Please test proposed package

Hello Serge, or anyone else affected,

Accepted mountall into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/mountall/2.36.4ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in mountall (Ubuntu Precise):
status: Triaged → Fix Committed
tags: added: verification-needed
Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Verified, with -proposed I now get a console in precise container, thanks.

tags: added: verification-done
removed: verification-needed
Revision history for this message
Stéphane Graber (stgraber) wrote : Update Released

The verification of the Stable Release Update for mountall has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mountall - 2.36.4ubuntu0.1

---------------
mountall (2.36.4ubuntu0.1) precise; urgency=medium

  * mounted-dev.conf: Don't mess with consoles inside containers. (LP: #1075717)
 -- Stephane Graber <email address hidden> Wed, 21 Jan 2015 13:04:17 -0500

Changed in mountall (Ubuntu Precise):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.