coreutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: /proc/self/mountinfo versus chroot

From: Rick Troth
Subject: Re: /proc/self/mountinfo versus chroot
Date: Thu, 3 Mar 2016 10:19:56 -0500
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0 
Thanks for the quick responses! Please forgive the length here.
Also, noticing text/plain (good!) I am not sending HTML so I hope blanks
render correctly.


On 03/02/2016 10:21 PM, Pádraig Brady wrote:
> CCing the mailing list.

Wish I had thought to do that. Oh well.


> Ironically the preference for /proc/self/mountinfo was chosen
> to give more accurate info within chroots (and for bind mounts).
> The kernel has all the info, which is why we prefer that
> dynamically generated info.

Yes, ironic.
And yes, the most visible problem is with bind mounts. (not only for
'chroot'; see sample output below)


> What inaccuracies are you seeing exactly?
> I do vaguely remember references to issues on some ubuntu kernels,
> so perhaps there is a kernel fix to provide better info?

I should not have implied "inaccuracies". Sorry.
For the 'chroot' case it's more that I don't want to expose too much
about the host system.
Sounds like the rationale for crunching /proc/self/mountinfo was to get
accurate mount info.
The current code is a big step toward being more accurate in 'chroot'.

I run on a range of kernels, many of them older. But
/proc/self/mountinfo has been there for at least five years.
(I also use Coreutils and other packages, including a lot of non-Gnu
FOSS, on *BSD, Solaris, whatever. But am not expecting
/proc/self/mountinfo issues there soon.)


> The change to use /proc/self/mountinfo was done in v8.24.
> As a hack to avoid it, you could use an LD_PRELOAD wrapper to return
> ENOENT for open("/proc/self/mountinfo"), along the lines of:
> http://git.sv.gnu.org/cgit/coreutils.git/tree/tests/df/no-mtab-status.sh?id=v8.24

Thanks for the tip. I will try to get my head wrapped around that.

Some back story:
I've been doing virtualization since before I was doing Linux.
One of the helpful hacks in that space is to share some filesystems on
(shared) block devices.
There have been a number of failed attempts. (The distros now support
read-only root, or did. That helps.)
Lately, a shared "system disk" with an otherwise normal root and others
works best, and you bind these ...

        bin, sbin, lib, lib64, opt, boot

 ... and replicate /etc and /var appropriately.
One could alternatively sym-link these particular directories, but bind
mount is cleaner.

Traditional output with a cleaned-up /etc/mtab and without
/proc/self/mountinfo:

        Filesystem     1K-blocks    Used Available Use% Mounted on
        /dev/dasda1      2365444 1157156   1088128  52% /Linux-s390
        /dev/dasdb       2365540 1683840    561532  75% /
        udev              256704       0    256704   0% /dev
        tmpfs             256704       0    256704   0% /tmp

New behavior where 'df' consults /proc/self/mountinfo:

        Filesystem     1K-blocks    Used Available Use% Mounted on
        /dev/root        2365444 1157156   1088128  52% /lib
        /dev/dasdb       2365540 1683840    561532  75% /
        udev              256704       0    256704   0% /dev
        tmpfs             256704       0    256704   0% /tmp

Obviously "/dev/root" is vestigial and "/lib" is misleading.
In both of these, /Linux-s390 is the system disk and the usual system
directories in the root are bind mounted to their counterparts under it.
With the new code, only "/lib" shows and it's not the desired master.
Here is the full /proc/mounts content:

        rootfs / rootfs rw 0 0
        /dev/root /Linux-s390 ext2 rw,relatime,errors=continue 0 0
        /dev/dasdb / ext3
rw,relatime,errors=continue,barrier=0,data=ordered 0 0
        /dev/root /lib ext2 ro,relatime,errors=continue 0 0
        /dev/root /bin ext2 ro,relatime,errors=continue 0 0
        /dev/root /sbin ext2 ro,relatime,errors=continue 0 0
        /dev/root /usr ext2 rw,relatime,errors=continue 0 0
        /dev/root /boot ext2 rw,relatime,errors=continue 0 0
        /dev/root /opt ext2 ro,relatime,errors=continue 0 0
        /sys /sys sysfs rw,relatime 0 0
        udev /dev tmpfs rw,relatime 0 0
        devpts /dev/pts devpts rw,relatime,mode=600 0 0
        tmpfs /tmp tmpfs rw,relatime 0 0
        proc /proc proc rw,relatime 0 0

(System disk and /boot are actually RW because I was servicing it. Just
being honest with a "live" snapshot.)
So in either case ('chroot' or not) the leakage of too much reality is
counter productive.
Fixing /etc/mtab is trivial. Hiding selected /proc content is layers
upon layers, something they do in Redmond.


On 03/03/2016 03:51 AM, Ruediger Meier wrote:
> FYI issues with /etc/mtab were also discussed recently on util-linux 
> mailing list
> http://www.spinics.net/lists/util-linux-ng/msg12386.html

Wow ... that brings up some painful recent memories. (Don't get me
started about subvols.)

I can't fight the distributors, but the trend of sym-link /etc/mtab to
/proc/mounts is annoying at best.
Would have been better if they checked at boot time, "is it a plain
file?", and go traditional for that case.
Easy enough to make it a sym-link at install time. Then the sysadmin can
manually alter the behavior if he needs or wants.

Rendering a proper /etc/mtab is not rocket science.

-- R; <><
reply via email to
[Prev in Thread] Current Thread [Next in Thread]