dynamic mounts and chroot jail woes (long)...
This rather lengthy email is to illustrate a problem which
is probably rather common, the (dirty) hacks I implemented to overcome
it and a quest for cleaner solutions.
The situation: a Debian amd64 install with an almost identical Debian
i386 system installed in a chroot jail, for 32 bit apps compatibility.
The problem: how to make dynamically mounted filesystems automagically
available in the chroot jail? This is not an issue for fixed filesystems,
which can be bind-mounted at boot time and automatically made available.
The problem arises when one wants to make e.g. hotplugging filesystems
and/or automounted nfs mounts available dynamically.
Practical example: I insert an USB pendrive, hotplug sees it and
mounts it under /media/usbdisk. I then try opening
/media/usbdisk/talk.sxi with my chrooted OpenOffice.org, e.g.
dchroot -d soffice /media/usbdisk/talk.sxi, and get...
"no such file". In fact, /media/usbdisk was mounted in the underlying
64 bit system, but is not mounted in the 32 bit jail.
Another practical example: I use am-utils to automagically mount file
systems when needed. Therefore, if I access /remotedisks/disk1/test
the /remotedisks/disk1 filesystem is appropriately mounted and I can see
the "test" file. If I now try to access the same filesystem from the 32 bit
jail (e.g. suppose I want to open a file with OpenOffice.org), it is not
found, since that filesystem was not mounted in the chroot jail.
Analysis: in both cases, bind-mounting a directory to make it available
in the chroot jail does not ensure that filesystems which are subsequently
mounted under it are automatically made available in the bind-mounted
directory. For example, bind-mounting /media on /ia32/media in the chroot
jail will not make available any filesystems mounted afterwards on
mountpoints in /media: even if /media and /ia32/media are the same
directory, after the bind mount, mounting a filesystem on /media/usbdisk
does not make it appear in /ia32/media/usbdisk, which remains an empty
directory. Is this a bug or an intended feature? I don't know.
Workaround for am-utils: I made sure, editing the /etc/am-utils/amd.conf
file, that filesystems get mounted inside the chroot jail, i.e. in
/ia32/amd in my case instead of the default /amd. I then made a soft
link in /ia32, i.e. ./ -> /ia32. In this case, even in the chroot jail
a path starting with /ia32 is still valid and points to the same place.
Finally, I edited the /etc/init.d/am-utils script, to make sure that
the top directory mount points (i.e. /remotedisks in the example above)
get bind-mounted when starting the auto mounter and unmounted before
stopping it. It's not pretty, but it works.
Workaround for hotplugged filesystems: I symlinked /media to /ia32/media.
This did part of the trick: now cdroms, pendrices etc. get actually mounted
inside the chroot jail, and of course are available within it with the
exact same path as outside the jail. However, I could not unmount
filesystems, since pumount allows ordinary users in the plugdev group to
only umount filesystems mounted under /media. I therefore recompiled
the pmount package and modified pumount to use /ia32/media/ as its
MEDIADIR directory. In this way, dinamic filesystems are pmounted
under /media (which is a link to /ia32/media) and pumounted from
/ia32/media. This is even more ugly than the previous hack, but again it
works.
Question (request for help?): it would be extremely useful if bind-mounted
directories could keep track of filesystems subsequently mounted, and
keep things in sync automatically. Perhaps not as the default behaviour,
but at least as an option. In this way, if I bind-mount /media to something
in a chroot jail, I will automatically be able to access subsequently
mounted filesystems under it from within the jail. Where would this need to
be supported? In libc? In the kernel? Both? Would it be
better/cleaner/simpler to have an user space daemon (i.e. something like
famd) monitor some directories and automatically bind-mount and unmount
their contents as needed? I am willing to invest a little time on this
thing, but I am no kernel hacker and never messed with the libc, although I
am a decent programmer, therefore I would definitely need help.
Thanks in advance, bye
Giacomo
--
_________________________________________________________________
Giacomo Mulas <gmulas@ca.astro.it>
_________________________________________________________________
OSSERVATORIO ASTRONOMICO DI CAGLIARI
Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA)
Tel. (OAC): +39 070 71180 248 Fax : +39 070 71180 222
Tel. (UNICA): +39 070 675 4916
_________________________________________________________________
"When the storms are raging around you, stay right where you are"
(Freddy Mercury)
_________________________________________________________________
Reply to: