Bug 554164 - lxc doesn't chroot
lxc doesn't chroot
Product: Fedora
Classification: Fedora
Component: lxc (Show other bugs)
i686 Linux
low Severity high
: ---
: ---
Assigned To: Silas Sewell
Fedora Extras Quality Assurance
: Reopened
Depends On:
  Show dependency treegraph
Reported: 2010-01-10 13:47 EST by Robin Green
Modified: 2010-03-23 19:26 EDT (History)
1 user (show)

See Also:
Fixed In Version: lxc-0.6.5-1.fc13
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2010-03-05 01:05:48 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Robin Green 2010-01-10 13:47:49 EST
Description of problem:
lxc execute ignores the chroot I have specified - it runs the specified command in the "real" root.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. mkdir /cgroup
2. mount -t cgroup cgroup /cgroup
3. mkdir /var/lib/lxc
4. create a lxc.conf file like the following:

lxc.mount.entry=/dev /var/lib/mach/roots/fedora-development-i386-core/dev none rw,bind 0 0
lxc.mount.entry=/dev/pts /var/lib/mach/roots/fedora-development-i386-core/dev/pts none rw,bind 0 0

5. populate the chroot
6. lxc-create -n bug -f lxc.conf
7. lxc-execute -n bug /bin/bash
8. ls /
Actual results:
contents of "real" root displayed

Expected results:
contents of my chroot displayed

Additional info:
I tried to step through lxc-execute in gdb to debug it, but my attempts to set breakpoints in the cloned process didn't work.
Comment 1 Silas Sewell 2010-02-18 03:12:17 EST
# mkdir -p /tmp/test
# cd /tmp/test
# cat << EOF > config
lxc.utsname =
lxc.pts = 1024
lxc.rootfs = /tmp/test/rootfs
lxc.mount.entry=/dev /tmp/test/rootfs/dev none ro,bind 0 0
lxc.mount.entry=/lib /tmp/test/rootfs/lib none ro,bind 0 0
lxc.mount.entry=/bin /tmp/test/rootfs/bin none ro,bind 0 0
lxc.mount.entry=/usr //tmp/test/rootfs/usr none ro,bind 0 0
lxc.mount.entry=/sbin /tmp/test/rootfs/sbin none ro,bind 0 0
lxc.mount.entry=tmpfs /tmp/test/rootfs/var/run tmpfs defaults 0 0
lxc.mount.entry=/lib64 /tmp/test/rootfs/lib64 none ro,bind 0 0
# mkdir -p /tmp/test/rootfs/dev
# mkdir -p /tmp/test/rootfs/proc
# mkdir -p /tmp/test/rootfs/lib
# mkdir -p /tmp/test/rootfs/bin
# mkdir -p /tmp/test/rootfs/usr
# mkdir -p /tmp/test/rootfs/sbin
# mkdir -p /tmp/test/rootfs/var/run
# mkdir -p /tmp/test/rootfs/lib64
# mkdir -p /tmp/test/rootfs/tmp
#  lxc-execute -f config -n bug /bin/touch /tmp/123
#  ls -d /tmp/123
ls: cannot access /tmp/123: No such file or directory
# ls -d /tmp/test/rootfs/tmp/123
Comment 2 Robin Green 2010-03-05 00:44:42 EST
I tried to use lxc-0.6.5 from koji, but I got an error:

lxc-execute: No such file or directory - failed to exec /usr/libexec/lxc-init

Downgrading back to lxc-0.6.4, I still see this bug with *my* test case.

Please try my test case.
Comment 3 Robin Green 2010-03-05 00:51:43 EST
I just tried your test case, with lxc-0.6.4, and I got

lxc-execute: No such file or directory - failed to exec /usr/libexec/lxc-init

which is strange. This is the error message I got from lxc-0.6.5 for *my* test case, but my test case didn't produce that error message on lxc-0.6.4.
Comment 4 Robin Green 2010-03-05 00:53:47 EST
I got that message even after removing /lib64 from the config file of your test case, which shouldn't have been there because this is on i686, where /lib64 doesn't exist.
Comment 5 Silas Sewell 2010-03-05 01:05:48 EST
It sounds like you should hit up the lxc mailing list and make sure you really understand how the configuration stuff works.

My test case shows that chroot works in 0.6.5 so I'm closing this with a solution of upgrade to 0.6.5 (aka NEXTRELEASE).
Comment 6 Fedora Update System 2010-03-05 01:17:54 EST
lxc-0.6.5-1.fc13 has been submitted as an update for Fedora 13.
Comment 7 Fedora Update System 2010-03-23 19:26:12 EDT
lxc-0.6.5-1.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.