[systemd-devel] [PATCH] Fix systemd crash (on assert) during shutdown/reboot in unprivileged container
Lennart Poettering
lennart at poettering.net
Thu Jan 15 10:20:55 PST 2015
On Thu, 15.01.15 12:14, Stéphane Graber (stgraber at ubuntu.com) wrote:
> Hello,
>
> The last big issue I'm running into when running systemd in an
> unprivileged LXC container is that it's crashing on an assert in the
> shutdown/reboot path right after unmounting all devices.
>
> That's because due to mknod not being allowed inside a user namespace,
> we have to bind-mount all the required device nodes from the host's /dev on
> top of empty files in the container's /dev.
>
> This all works great until systemd unmounts everything. At which point,
> all of those are 0 byte files. Systemd then opens /dev/urandom and
> attempts to read some bytes from there, gets 0 bytes back and trips an
> assertion.
>
>
> To fix that, I've got two different approaches, both with an associated
> patch attached to this e-mail:
> - 0001-Add-dev-urandom-to-ignore_paths.patch:
> This very simply adds /dev/urandom to the ignore_paths list alongside
> /dev/console. That way all the other mount entries are unmounted but
> /dev/urandom isn't, fixing the issue we're currently seeing.
>
> - 0001-Ignore-devices-bind-mounts.patch:
> This one is a more generic take on the problem and should be more
> future-proof. Rather than hardcoding /dev/urandom, it extends the
> existing mount_point_ignore function to ignore any mountpoint which is a
> character or block device.
I think I'd prefer if we simply would avoid unmounting anything that
sits below /sys, /dev, /proc. i.e. a simple path_startswith() check
before the unmount...
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list