[systemd-devel] avoid unmounts in unprivileged containers

Sat Feb 20 03:17:10 UTC 2021

Hi,

As part of a prototype I'm working on to run systemd within an unprivileged
docker container, I would like to prevent mountpoints created at runtime
from being unmounted during the container shutdown process. I understand
that systemd creates "<blah>.mount" units dynamically for
these mountpoints as they show up in /proc/pid/mountinfo, but after reading
the docs + code, I don't see a way to avoid these unmounts during the
shutdown.target execution.

Interestingly, I see that there's code
<https://github.com/systemd/systemd/blob/main/src/shutdown/shutdown.c#L398>
that
skips the unmounting cycle attending to the ConditionVirtualization /
containeinarized settings, which is what I need, but I'm not able to see
that code being called during the container shutdown -- probably i'm not
understanding systemd's fsm unwinding logic well enough ...

Any suggestions?

Thanks!

PS: Last few logs obtained during my container shutdown process ...

---
Feb 20 03:00:23 08363a0a79ee umount[1273]: umount: /var/lib/kubelet: must
be superuser to unmount.
Feb 20 03:00:23 08363a0a79ee systemd[1]: Received SIGCHLD from PID 1273
(umount).
Feb 20 03:00:23 08363a0a79ee systemd[1]: Child 1273 (umount) died
(code=exited, status=32/n/a)
Feb 20 03:00:23 08363a0a79ee systemd[1]: var-lib-kubelet.mount: Child 1273
belongs to var-lib-kubelet.mount.
Feb 20 03:00:23 08363a0a79ee systemd[1]: var-lib-kubelet.mount: Mount
process exited, code=exited, status=32/n/a
Feb 20 03:00:23 08363a0a79ee systemd[1]: var-lib-kubelet.mount: Changed
unmounting -> mounted
Feb 20 03:00:23 08363a0a79ee systemd[1]: var-lib-kubelet.mount: Job 180
var-lib-kubelet.mount/stop finished, result=failed
Feb 20 03:00:23 08363a0a79ee systemd[1]: Failed unmounting /var/lib/kubelet.
Feb 20 03:00:23 08363a0a79ee systemd[1]: systemd-journald.service: Received
EPOLLHUP on stored fd 47 (stored), closing.
Feb 20 03:00:23 08363a0a79ee systemd[1]: local-fs-pre.target changed active
-> dead
Feb 20 03:00:23 08363a0a79ee systemd[1]: local-fs-pre.target: Job 156
local-fs-pre.target/stop finished, result=done
Feb 20 03:00:23 08363a0a79ee systemd[1]: Stopped target Local File Systems
(Pre).
Feb 20 03:00:23 08363a0a79ee systemd[1]: umount.target changed dead ->
active
Feb 20 03:00:23 08363a0a79ee systemd[1]: umount.target: Job 168
umount.target/start finished, result=done
Feb 20 03:00:23 08363a0a79ee systemd[1]: Reached target Unmount All
Filesystems.
Feb 20 03:00:23 08363a0a79ee systemd[1]:
systemd-tmpfiles-setup-dev.service: Succeeded.
Feb 20 03:00:23 08363a0a79ee systemd[1]:
systemd-tmpfiles-setup-dev.service: Service restart not allowed.
Feb 20 03:00:23 08363a0a79ee systemd[1]:
systemd-tmpfiles-setup-dev.service: Changed exited -> dead
Feb 20 03:00:23 08363a0a79ee systemd[1]:
systemd-tmpfiles-setup-dev.service: Job 105
systemd-tmpfiles-setup-dev.service/stop finished, result=done
Feb 20 03:00:23 08363a0a79ee systemd[1]: Stopped Create Static Device Nodes
in /dev.
Feb 20 03:00:23 08363a0a79ee systemd[1]: systemd-sysusers.service:
Succeeded.
Feb 20 03:00:23 08363a0a79ee systemd[1]: systemd-sysusers.service: Service
restart not allowed.
Feb 20 03:00:23 08363a0a79ee systemd[1]: systemd-sysusers.service: Changed
exited -> dead
Feb 20 03:00:23 08363a0a79ee systemd[1]: systemd-sysusers.service: Job 164
systemd-sysusers.service/stop finished, result=done
Feb 20 03:00:23 08363a0a79ee systemd[1]: Stopped Create System Users.
Feb 20 03:00:23 08363a0a79ee systemd[1]: systemd-remount-fs.service:
Succeeded.
Feb 20 03:00:23 08363a0a79ee systemd[1]: systemd-remount-fs.service:
Service restart not allowed.
Feb 20 03:00:23 08363a0a79ee systemd[1]: systemd-remount-fs.service:
Changed exited -> dead
Feb 20 03:00:23 08363a0a79ee systemd[1]: systemd-remount-fs.service: Job
117 systemd-remount-fs.service/stop finished, result=done
Feb 20 03:00:23 08363a0a79ee systemd[1]: Stopped Remount Root and Kernel
File Systems.
Feb 20 03:00:23 08363a0a79ee systemd[1]: shutdown.target changed dead ->
active
Feb 20 03:00:23 08363a0a79ee systemd[1]: shutdown.target: Job 89
shutdown.target/start finished, result=done
Feb 20 03:00:23 08363a0a79ee systemd[1]: Reached target Shutdown.
Feb 20 03:00:23 08363a0a79ee systemd[1]: final.target changed dead -> active
Feb 20 03:00:23 08363a0a79ee systemd[1]: final.target: Job 167
final.target/start finished, result=done
Feb 20 03:00:23 08363a0a79ee systemd[1]: Reached target Final Step.
Feb 20 03:00:23 08363a0a79ee systemd[1]: systemd-halt.service: Failed to
reset devices.allow/devices.deny: Operation not permitted
Feb 20 03:00:23 08363a0a79ee systemd[1]: systemd-halt.service: Failed to
set invocation ID on control group /system.slice/systemd-halt.service,
ignoring: Operation not permitted
Feb 20 03:00:23 08363a0a79ee systemd[1]: systemd-halt.service: Failed to
remove delegate flag on control group /system.slice/systemd-halt.service,
ignoring: Operation not permitted
Feb 20 03:00:23 08363a0a79ee systemd[1]: systemd-halt.service: Passing 0
fds to service
Feb 20 03:00:23 08363a0a79ee systemd[1]: systemd-halt.service: About to
execute: /usr/bin/systemctl --force halt
Feb 20 03:00:23 08363a0a79ee systemd[1]: systemd-halt.service: Forked
/usr/bin/systemctl as 1281
Feb 20 03:00:23 08363a0a79ee systemd[1281]: PR_SET_MM_ARG_START failed,
attempting PR_SET_MM_ARG_END hack: Operation not permitted
Feb 20 03:00:23 08363a0a79ee systemd[1281]: PR_SET_MM_ARG_END hack failed,
proceeding without: Operation not permitted
Feb 20 03:00:23 08363a0a79ee systemd[1]: systemd-halt.service: Changed dead
-> start
Feb 20 03:00:23 08363a0a79ee systemd[1]: Starting Halt...
Feb 20 03:00:23 08363a0a79ee systemd[1281]: systemd-halt.service:
Executing: /usr/bin/systemctl --force halt
Feb 20 03:00:23 08363a0a79ee systemd[1]: systemd-journald.service: Got
notification message from PID 185 (FDSTORE=1)
Feb 20 03:00:23 08363a0a79ee systemd[1]: systemd-journald.service: Added fd
24 (n/a) to fd store.
Hangup
---

-- 
/Rodny
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20210219/c4f4593b/attachment-0001.htm>