This repository was archived by the owner on Sep 24, 2020. It is now read-only.
backport: "nspawn: let's mount(/tmp) inside the user namespace (#4340)"#76
Merged
crawford merged 1 commit intocoreos:v231-coreosfrom Jan 17, 2017
Merged
Conversation
Fixes: host# systemd-nspawn -D ... -U -b systemd.unit=multi-user.target ... $ grep /tmp /proc/self/mountinfo 154 145 0:41 / /tmp rw - tmpfs tmpfs rw,seclabel,uid=1036124160,gid=1036124160 $ umount /tmp umount: /root/tmp: not mounted $ systemctl poweroff ... [FAILED] Failed unmounting Temporary Directory.
crawford
approved these changes
Jan 17, 2017
Author
|
Just for reference; this does not need to be backported to v232 since it is already in there. |
|
@s-urbaniak , this part of the systemd@8492849 is right, but see systemd#4824 |
Author
|
@evverx thanks a lot for the follow-up, I was wondering if I was missing yet another backport. This one seems definitely legit to be brough, I'll retest locally and submit a PR against Thanks a lot for the notification. |
This was referenced Jan 27, 2017
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
#71 introduced a regression in coreos/systemd
systemd-nspawnwhen user namespaces are enabled using the--private-usersoption. Upstream is not affected. coreos/systemd was missing another backport commit, namely systemd@8492849.This was found in the functional tests with
USER_NSenabled in rkt when bumping the "coreos stage1" image: rkt/rkt#3535.That also unfortunately means that in CoreOS 1284.2.0 the
systemd-nspawn --private-users ...functionality is broken failing with a failed tmpfs mount error like this (strace output):Note that when using "regular" systemd-nspawn without user namespaces enabled, there is no regression.
/cc @crawford Can you advice how many use cases for
systemd-nspawn --private-usersare out there? It would be great if we could land this in the next Alpha release this week.Thanks in advance!
/cc @lucab