dynamic mounts and chroot jail woes (long)...

To: debian-amd64@lists.debian.org
Subject: dynamic mounts and chroot jail woes (long)...
From: Giacomo Mulas <gmulas@ca.astro.it>
Date: Mon, 17 Oct 2005 15:39:29 +0200 (CEST)
Message-id: <[🔎] Pine.LNX.4.63.0510171501090.26296@capitanata.ca.astro.it>
Reply-to: Giacomo Mulas <gmulas@ca.astro.it>

	This rather lengthy email is to illustrate a problem which
is probably rather common, the (dirty) hacks I implemented to overcome
it and a quest for cleaner solutions.

The situation: a Debian amd64 install with an almost identical Debian
i386 system installed in a chroot jail, for 32 bit apps compatibility.

The problem: how to make dynamically mounted filesystems automagicallyavailable in the chroot jail? This is not an issue for fixed filesystems,

which can be bind-mounted at boot time and automatically made available.

The problem arises when one wants to make e.g. hotplugging filesystemsand/or automounted nfs mounts available dynamically.


Practical example: I insert an USB pendrive, hotplug sees it and

mounts it under /media/usbdisk. I then try opening/media/usbdisk/talk.sxi with my chrooted OpenOffice.org, e.g.dchroot -d soffice /media/usbdisk/talk.sxi, and get..."no such file". In fact, /media/usbdisk was mounted in the underlying

64 bit system, but is not mounted in the 32 bit jail.

Another practical example: I use am-utils to automagically mount filesystems when needed. Therefore, if I access /remotedisks/disk1/test

the /remotedisks/disk1 filesystem is appropriately mounted and I can see
the "test" file. If I now try to access the same filesystem from the 32 bit

jail (e.g. suppose I want to open a file with OpenOffice.org), it is notfound, since that filesystem was not mounted in the chroot jail.


Analysis: in both cases, bind-mounting a directory to make it available
in the chroot jail does not ensure that filesystems which are subsequently
mounted under it are automatically made available in the bind-mounted

directory. For example, bind-mounting /media on /ia32/media in the chrootjail will not make available any filesystems mounted afterwards onmountpoints in /media: even if /media and /ia32/media are the samedirectory, after the bind mount, mounting a filesystem on /media/usbdisk

does not make it appear in /ia32/media/usbdisk, which remains an empty
directory. Is this a bug or an intended feature? I don't know.

Workaround for am-utils: I made sure, editing the /etc/am-utils/amd.conf

file, that filesystems get mounted inside the chroot jail, i.e. in/ia32/amd in my case instead of the default /amd. I then made a soft

link in /ia32, i.e. ./ -> /ia32. In this case, even in the chroot jail
a path starting with /ia32 is still valid and points to the same place.
Finally, I edited the /etc/init.d/am-utils script, to make sure that
the top directory mount points (i.e. /remotedisks in the example above)

get bind-mounted when starting the auto mounter and unmounted beforestopping it. It's not pretty, but it works.


Workaround for hotplugged filesystems: I symlinked /media to /ia32/media.

This did part of the trick: now cdroms, pendrices etc. get actually mountedinside the chroot jail, and of course are available within it with theexact same path as outside the jail. However, I could not unmountfilesystems, since pumount allows ordinary users in the plugdev group to

only umount filesystems mounted under /media. I therefore recompiled
the pmount package and modified pumount to use /ia32/media/ as its
MEDIADIR directory. In this way, dinamic filesystems are pmounted

under /media (which is a link to /ia32/media) and pumounted from/ia32/media. This is even more ugly than the previous hack, but again it

works.

Question (request for help?): it would be extremely useful if bind-mounted
directories could keep track of filesystems subsequently mounted, and

keep things in sync automatically. Perhaps not as the default behaviour,but at least as an option. In this way, if I bind-mount /media to somethingin a chroot jail, I will automatically be able to access subsequentlymounted filesystems under it from within the jail. Where would this need tobe supported? In libc? In the kernel? Both? Would it bebetter/cleaner/simpler to have an user space daemon (i.e. something likefamd) monitor some directories and automatically bind-mount and unmounttheir contents as needed? I am willing to invest a little time on thisthing, but I am no kernel hacker and never messed with the libc, although Iam a decent programmer, therefore I would definitely need help.


Thanks in advance, bye
Giacomo

--
_________________________________________________________________

Giacomo Mulas <gmulas@ca.astro.it>
_________________________________________________________________

OSSERVATORIO ASTRONOMICO DI CAGLIARI
Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA)

Tel. (OAC): +39 070 71180 248     Fax : +39 070 71180 222
Tel. (UNICA): +39 070 675 4916
_________________________________________________________________

"When the storms are raging around you, stay right where you are"
                         (Freddy Mercury)
_________________________________________________________________

Reply to:

Follow-Ups:
- Re: dynamic mounts and chroot jail woes (long)...
  - From: Stephen Gran <sgran@debian.org>

Prev by Date: Re: apt-get error
Next by Date: Re: apt-get error
Previous by thread: Re: can't mount raid 5 after installation
Next by thread: Re: dynamic mounts and chroot jail woes (long)...
Index(es):
- Date
- Thread