From: Sam Vilain (sam_at_vilain.net)
Date: Tue 02 Nov 2004 - 00:07:18 GMT
Hi all,
The following patch, to vservers.functions in the util-vserver
distribution, will do something of a `namespace cleanup' in lieu of the
rework to the vserver startup and mount cleanup process that Enrico has
planned (I'm told).
That is, with this patch, any filesystems which are NOT within the
vserver vdir, or one of its parents, will be unmounted before the
vserver's fstab is processed, which certainly isn't as tidy as can be
done outside of a shell hack, but will probably work for many.
This is necessary, so that running vservers don't hold a filesystem
which is outside their chroot open due to namespaces.
If you are not using namespaces, it will try and unmount virtually every
filesystem on your system when you start a vserver. Be warned.
In case it is not clear THIS IS A HACK NOT AN ENDORSED PATCH! :-)
clunker:/usr/local/lib/util-vserver# diff -u vserver.functions{.orig,}
--- vserver.functions.orig 2004-11-02 12:47:33.000000000 +1300
+++ vserver.functions 2004-11-02 12:48:27.000000000 +1300
@@ -667,6 +667,29 @@
test -z "$NAMESPACE_CLEANUP" || isAvoidNamespace "$cfgdir" || \
$_VNAMESPACE --cleanup
+ real_vdir=`cd "$vdir" && pwd -P`
+ avoid="$real_vdir(/[^ ]*)?"
+ while [ -n "$real_vdir" ]
+ do
+ real_vdir=`expr $real_vdir : '\(/.*\)/[^/]*'`
+ if [ -n "$real_vdir" ]
+ then
+ avoid="$avoid|$real_vdir"
+ fi
+ done
+
+ pattern="^[^ ]* ($avoid|/) "
+
+ #echo IGNORED MOUNTS "($pattern)":
+ #cat /proc/mounts | tac | egrep "$pattern"
+ #echo REMOVED MOUNTS:
+ cat /proc/mounts | tac | egrep -v "$pattern" |
+ while read dev mntpoint junk
+ do
+ #echo unmounting $mntpoint
+ umount $mntpoint
+ done
+
_mountVserverInternal "$cfgdir"/fstab $_CHBIND
"${CHBIND_OPTS[@]}"
_mountVserverInternal "$cfgdir"/fstab.local
An alternative, if you are not comfortable changing distributed files
(and who is?) is to use something akin to this in
/etc/vservers/.defaults/pre-start:
/etc/vservers/.defaults/scripts/pre-start:
#!/bin/sh
# NOTE: this script will not work in the default configuration
VS=`pwd | sed -e 's/\/vdir//;s/.*\///'`
cat /proc/mounts | tac | perl -nlaF/\\s+/ -e 'BEGIN{$VS=shift};
($dev, $loc) = @F;
if ($loc =~ m{^/(vservers(/$VS(/.*)?)?)?$}) {
print "not unmounting $loc ($dev)"
} else {
print "unmounting $loc ($dev)";
system("umount", "-nv", $loc)
}
' $VS
---However, this does not work, because (for example) `/proc' will appear in /proc/mounts three times - once for the root server on /, once for the vserver on /vservers/foo/proc, and then the same mount again which has been overlaid in the VFS table with the recursive bind mount that binds /vservers/foo to /.
That is, there are at pre-start time, two mounts on /proc according to /proc/mounts.
A simple workaround, to keep with the above approach, assumes that all mounts that fit into the above category don't have a device that has `/dev' in their name, and you don't care about those that are in the above category appearing an extra time in /proc/mounts.
/etc/vservers/.defaults/scripts/pre-start: #!/bin/sh
VS=`pwd | sed -e 's/\/vdir//;s/.*\///'`
cat /proc/mounts | tac | perl -nlaF/\\s+/ -e 'BEGIN{$VS=shift}; ($dev, $loc) = @F; if ($loc =~ m{^/(vservers(/$VS(/.*)?)?)?$} or $dev !~ /dev/) { print "not unmounting $loc ($dev)" } else { print "unmounting $loc ($dev)"; system("umount", "-nv", $loc) } ' $VS ---
-- Sam Vilain, sam /\T vilain |><>T net, PGP key ID: 0x05B52F13 (include my PGP key ID in personal replies to avoid spam filtering) _______________________________________________ Vserver mailing list Vserver_at_list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver