Skip to content
This repository has been archived by the owner on Jun 10, 2019. It is now read-only.

bootstrap-vz should avoid bind-mounts from the host #293

Open
nbraud opened this issue Feb 24, 2016 · 3 comments
Open

bootstrap-vz should avoid bind-mounts from the host #293

nbraud opened this issue Feb 24, 2016 · 3 comments

Comments

@nbraud
Copy link
Contributor

nbraud commented Feb 24, 2016

After encountering #292 (and before noticing a devtmpfs was still mounted), I attempted to rm -r the left-over workdir: this ended up removing the vast majority of my device files from /dev, making the host unuseable until reboot.

This exemplifies how an issue during VM build or during rollback can negatively impact the host, and should be mitigated by not mounting /dev, /dev/pts, /proc and /sys from the host (but instead creating independent instances).

@andsens
Copy link
Owner

andsens commented Feb 24, 2016

[..] and should be mitigated by not mounting /dev, /dev/pts, /proc and /sys from the host (but instead creating independent instances).

We only mount-bind /dev.
When looking through the debootstrap code I see they do it a little differently,

in_target mount -t proc proc /proc
in_target mount -t sysfs sysfs /sys
in_target mount -t devfs devfs /dev

In bootstrap-vz, this would be:

root.add_mount('proc', 'proc', ['--types', 'proc'])
root.add_mount('sysfs', 'sys', ['--types', 'sysfs'])
root.add_mount('devfs', 'dev', ['--bind'])

(not sure about /dev/pts though).

I attempted to rm -r the left-over workdir: this ended up removing the vast majority of my device files from /dev

*ouch, sorry to hear that.

@nbraud
Copy link
Contributor Author

nbraud commented Feb 24, 2016

@andsens I have a patchset coming that solves this.

@nbraud
Copy link
Contributor Author

nbraud commented Feb 24, 2016

PS: Mounting procfs and sysfs this way basically use the host's.
Unfortunately, I don't have a good answer for procfs.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants