← Back to team overview

kernel-packages team mailing list archive

  1. kernel-packages team
  2. Mailing list archive
  3. Message #96566

[Bug 1402834] Re: fuse filesystems get disconnected on container exit

  Thread PreviousDate PreviousThread Next 
So I came up with an alternate way around this which works for both
privileged and unprivileged containers and doesn't require an updated
apparmor. This uses seccomp to filter the umount2 call and return EACCES
when passed MNT_FORCE as second argument.

Code is at: http://paste.ubuntu.com/9568741/

stgraber@castiana:~/Desktop$ gcc sec-mount.c -o sec-mount -lseccomp
stgraber@castiana:~/Desktop$ cp sec-mount /tmp/
stgraber@castiana:~/Desktop$ lxc-usernsexec -- /tmp/sec-mount
root@castiana:~/Desktop# mount --bind /home/stgraber/ /mnt
root@castiana:~/Desktop# umount /mnt
root@castiana:~/Desktop# mount --bind /home/stgraber/ /mnt
root@castiana:~/Desktop# umount -f /mnt
umount2: Permission denied
umount: /mnt: block devices not permitted on fs
root@castiana:~/Desktop# exit

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1402834

Title:
  fuse filesystems get disconnected on container exit

Status in linux package in Ubuntu:
  Confirmed

Bug description:
  When bind-mounting a directory from a fuse filesytems into a container,
  then when the container is shut down, the userspace process serving the
  fuse fs is terminated.  The original fuse mountpoint remains busy until it
  is manually unmounted.

  I've tested this with sshfs, git://github.com/stgraber/cgmanagerfs,
  the bbfs example fs from http://www.cs.nmsu.edu/~pfeiffer/fuse-tutorial/,
  or git://github.com/lxc/lxcfs.

  To reproduce:

  Mount a fusefs - say sshfs - with -o allow_other, let's say onto
  /tmp/d.

  sshfs -f -d -o allow_other somehost:$HOME /tmp/d

  Bind that into a container by adding

  lxc.mount.entry = /tmp/d freezer none bind,create=dir 0 0

  to the container's config.

  start the container, stop it.

  the fuse program stops (exits 0 in fact)

  the mount is not cleaned up - ls /tmp/d on the host henceforth
  complains:

  	ls: cannot access /tmp/d Transport endpoint is not connected"
  	
  (sudo umount /tmp/d cleans it up)

  I don't know for sure whether this is a kernel or libfuse bug.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1402834/+subscriptions

References

  Thread PreviousDate PreviousThread Next