0

I am running LXC on Debain Wheezy using BTRFS, and have created a container using lxc-create using the "debian" template (yesterday).

When starting the container, the root filesystem in the container is read only. I expected the rootfs in the container would be read-write, not read-only. This seems to disrupt the started services and prevents the lxc-shutdown and other host tools from interacting with the container.

I have been using mount -o remount,rw / to make the rootfs read-write, but it's much too late in the boot process for the container. I have only installed a few extra packages and haven't done any significant configuration yet.

What do I need to do to get the container to boot with a read-write rootfs?

[EDIT]: it appears that the host's filesystem was marked as readonly. Making it read-write then starting the container means that the container has a read-write rootfs. However, when the container is shutdown, the filesystem is readonly again. Appears the container shutdown marks the FS as readonly. Is there something to do to stop it from doing that?

Lee Begg
  • 36
  • 1
  • 5

2 Answers2

2

The template "debian" in LXC on Debain Wheezy currently (early March 2014) doesn't disable services that may cause problems.

The key service causing problems in this case was 'umountroot', fix by running

chroot /path/to/containername/rootfs /usr/sbin/update-rc.d -f umountroot remove

Other services to remove include

  • hwclock.sh
  • hwclockfirst.sh

There a probably other ways of solving this issue, such as dropping capabilities. Another way to solve it is to change the template, such as suggested by http://cblog.burkionline.net/lxc-linux-container/, but note that it doesn't include umountroot as one of the services disabled and will need tweaks.

Lee Begg
  • 36
  • 1
  • 5
0

The confusing part of this is, that an remount readonly happens uppon guest shutdown and is recognized on the next start.

This behavior is also indicated by those messages when trying to run lxc-start with a readonly filesystem:

lxc-start: failed to pin the container's rootfs
lxc-start: failed to spawn 'containername'
lxc-start: No such file or directory - failed to remove cgroup '/sys/fs/cgroup//lxc/containername'

Also the host-part of already created network interfaces doesn't get removed. So ifconfig lists leftover entries like vethuKwnid.

Thanks to the Ubuntu Serverguide i verified that launching the container like this suffices:

sudo lxc-start -s lxc.cap.drop=sys_admin -n containername
Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
sebastianwagner
  • 306
  • 2
  • 2