kernel-packages team mailing list archive

Thread
Date

[Bug 1570906] [NEW] sysfs mount failure during stateful lxd snapshots

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: Seth Forshee <seth.forshee+lp@xxxxxxxxxxxxx>
Date: Fri, 15 Apr 2016 14:41:53 -0000
Reply-to: Bug 1570906 <1570906@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

During a stateful lxd snapshot criu tries to mount sysfs for the
container's network namespace from a different user namespace. This
fails in xenial because sget() won't allow mounting the same super block
in different user namespaces.

With sysfs there's no reason that this needs to use the same super
block, so kernfs can be updated so that a super block with the same ns
tag but in a different userns is not matched. The only other kernfs-
based filesystem mountable from non-init user namespaces is cgroupfs,
and it's already forcing kernfs to return different super blocks to
avoid similar problems. In fact we can revert part of the cgroupfs
changes to make this happen if we push this behavior into kernfs.

** Affects: linux (Ubuntu)
     Importance: High
     Assignee: Seth Forshee (sforshee)
         Status: In Progress

** Affects: linux (Ubuntu Xenial)
     Importance: High
     Assignee: Seth Forshee (sforshee)
         Status: In Progress

** Also affects: linux (Ubuntu Xenial)
   Importance: High
     Assignee: Seth Forshee (sforshee)
       Status: In Progress

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1570906

Title:
  sysfs mount failure during stateful lxd snapshots

Status in linux package in Ubuntu:
  In Progress
Status in linux source package in Xenial:
  In Progress

Bug description:
  During a stateful lxd snapshot criu tries to mount sysfs for the
  container's network namespace from a different user namespace. This
  fails in xenial because sget() won't allow mounting the same super
  block in different user namespaces.

  With sysfs there's no reason that this needs to use the same super
  block, so kernfs can be updated so that a super block with the same ns
  tag but in a different userns is not matched. The only other kernfs-
  based filesystem mountable from non-init user namespaces is cgroupfs,
  and it's already forcing kernfs to return different super blocks to
  avoid similar problems. In fact we can revert part of the cgroupfs
  changes to make this happen if we push this behavior into kernfs.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1570906/+subscriptions

Follow ups

[Bug 1570906] Re: sysfs mount failure during stateful lxd snapshots
From: Launchpad Bug Tracker, 2016-04-19
[Bug 1570906] Re: sysfs mount failure during stateful lxd snapshots
From: Tim Gardner, 2016-04-15
[Bug 1570906] Re: sysfs mount failure during stateful lxd snapshots
From: Tycho Andersen, 2016-04-15
[Bug 1570906] Re: sysfs mount failure during stateful lxd snapshots
From: Seth Forshee, 2016-04-15
[Bug 1570906] Re: sysfs mount failure during stateful lxd snapshots
From: Seth Forshee, 2016-04-15
[Bug 1570906] Re: sysfs mount failure during stateful lxd snapshots
From: Seth Forshee, 2016-04-15
[Bug 1570906] Re: sysfs mount failure during stateful lxd snapshots
From: Seth Forshee, 2016-04-15