[systemd-devel] arch linux container filesystems

Lennart Poettering lennart at poettering.net
Fri Jun 20 08:13:39 PDT 2014 

On Fri, 20.06.14 15:47, Robin Becker (robin at reportlab.com) wrote:

> 
> On 20/06/2014 12:48, Lennart Poettering wrote:
> >well, findmnt is neither "red hat stuff", it's used all over the
> >distributions. And you shouldn't accept that "df" can't deal with mount
> >points that reference out-of-namespace sources. File a bug against
> >coreutils, they really should make sure they properly handle the Linux
> >mount logic in that area.
> >
> >Lennart
> as a matter of fact, my manual page for findmnt lists Karel Zak
> <kzak at redhat.com> as the sole author if findmnt; that others have
> adopted it doesn't make it not "redhat stuff".
> 
> You are probably right that this should be fixed in df and
> (presumably all the other tools that don't work properly in
> systemd-nspawn containers), but as a general principle I believe "if
> you break it, you own it" applies here. As a novice user of these
> containers, I suspect this kind of error must have been seen before
> by the systemd developers, so someone among the systemd contributors
> probably has prior discovery rights to this bug as well.

mount namespaces and bind mounts are in no way a systemd invention. We
didn't come up with this, we are not the first users. That's a kernel
feature, and since a long time. You might not have noticed this before
nspawn, but that's just bad luck, it could have been any other software
that uses mount namespaces, like LXC, docker, ... This is in no way a
systemd issue, but a general Linux issue.

> In any case, some might argue that a container (lightweight or not)
> should be virtually indistinguishable from the original system which
> would mean such a bug could not happen.

Well, these are containers not VMs. They are actually massively
different from the host. For example /sys nor /dev are virtualized, and
they are unlikely to ever be. Neither is SELinux or anythign like that.

Containers *are* distuingishable from normal hosts, and that's by
design. And in no way systemd's design but Linux kernel stuff.

You are barking up the wrong tree, we didn't introduce these concepts,
you just happened to run into them for the first time playing around
with systemd, but that's just bad luck.

Lennart

-- 
Lennart Poettering, Red Hat

More information about the systemd-devel mailing list