ubuntu templates: add some kernel filesystems to container fstab

The debugfs, fusectl, and securityfs may not be mounted inside a
non-init userns.  But mountall hangs waiting for them to be
mounted.  So just pre-mount them using $lxcpath/$name/fstab as
bind mounts, which will prevent mountall from trying to mount
them.

If the kernel doesn't provide them, then the bind mount failure
will be ignored, and mountall in the container will proceed
without the mount since it is 'optional'.  But without these
bind mounts, starting a container inside a user namespace
hangs.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

diff --git a/templates/lxc-ubuntu-cloud.in b/templates/lxc-ubuntu-cloud.in
index 5ffb5baf4a9bbdc57fb59f2132af6fc8cf5e349b..480ef14d73788d3b3c16b66f14f6a083b2d8942d 100644 (file)
--- a/templates/lxc-ubuntu-cloud.in
+++ b/templates/lxc-ubuntu-cloud.in
@@ -96,6 +96,9 @@ EOF
     cat <<EOF > $path/fstab
 proc            proc         proc    nodev,noexec,nosuid 0 0
 sysfs           sys          sysfs defaults  0 0
+/sys/fs/fuse/connections sys/fs/fuse/connections none bind 0 0
+/sys/kernel/debug sys/kernel/debug none bind 0 0
+/sys/kernel/security sys/kernel/security none bind 0 0
 EOF
 
     # rmdir /dev/shm for containers that have /run/shm

diff --git a/templates/lxc-ubuntu.in b/templates/lxc-ubuntu.in
index 0b73529fe50a6d5e96ac358ccc3fb30b23249c43..af3c2b3a711d4695946460f8aeeb54ac59682c06 100644 (file)
--- a/templates/lxc-ubuntu.in
+++ b/templates/lxc-ubuntu.in
@@ -427,6 +427,9 @@ EOF
     cat <<EOF > $path/fstab
 proc            proc         proc    nodev,noexec,nosuid 0 0
 sysfs           sys          sysfs defaults  0 0
+/sys/fs/fuse/connections sys/fs/fuse/connections none bind 0 0
+/sys/kernel/debug sys/kernel/debug none bind 0 0
+/sys/kernel/security sys/kernel/security none bind 0 0
 EOF
 
     if [ $? -ne 0 ]; then