-
Notifications
You must be signed in to change notification settings - Fork 144
Avoid exposing the host's special mounts #294
Conversation
Actually, I'm not sure calling |
@andsens The latest commit I added rely on |
@andsens Slightly unrelated, but do you think the “fake |
It wouldn't. Whoever coded that part was the right kind of lazy about it.
On of the reasons for doing this might be a leftover from grub 1.99. When run on the host, the grub helper scripts make all kinds of assumptions that you can't configure your way around. More importantly though is that you have to run grub inside the guest. What if the host boots from extlinux or a different version of grub? |
In the previous comment I forgot to mention how impressive this PR is. That is some really cool stuff!! However, before merging, this will need some heavy testing and a lot more comments. |
Ok, I misunderstood your comment in #293 and thought that
Definitely. That's just a first stab at it because I got incredibly annoyed by #293. |
@andsens I added some commits, now the grub2 install works. |
@andsens Did you have the opportunity to try this? |
Hoooly crap. How much documentation did you have to sift through to get this right? Wow. |
makedev(43, nbd_max_part * i + j+1)) | ||
|
||
path = '/dev/mapper/nbd%ip%i' % (i,j+1) | ||
if os.path.exists(path): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Under which circumstances would this path not be a link? Shouldn't we consider that an error? We expect something to be there, but it's not, which means somethings fishy.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unfortunately, I couldn't find a good reference on the internals of device-mapper
.
Basically, I'm unaware of any case where the files in /dev/mapper
are not symlinks (except control
), I'm just being extra-cautious.
It wasn't quite that bad ;-)
No problem, it's not quite urgent. I guess one would have to be extra unlucky to hit #293. |
@andsens this is on my TODO list. Unfortunately I've been sick (it's true what they say about Zika virus) in the past few days and the time I was able to stand on the PC was used for work-related stuff. :-( |
This makes the assumption that nbd was loaded with max_part=1
The only block devices we are exposing are /dev/sbd* Also, we are *mounting* /dev, /sys and /proc, none of which are block devices
|
||
# The nbd devices | ||
os.makedirs(join(dev, 'mapper'), 0o755) | ||
nbd_max_part = int(info.volume._module_param('nbd', 'max_part')) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This breaks on EC2, since the _module_param
part only works for QEMU volumes.
I'm having trouble getting grub2 to install:
|
@andsens Could I have the manifest which makes it fail? |
Ah, yes of course. Though it isn't a manifest. It's the Or via code:
You'll need a |
Hehe, soo, that was easy:
I think you can even replace the nbd stuff with this (minus the symlinks). The code simply re-creates all the block devices mentioned in |
@andsens Thanks for having a look, I was unable to make the time those last weeks. I will see about using your snippet and testing. |
OK, so I have tried getting this to work, but there are a few problems:
I have improved on your method by simply walking through I am closing this PR, let me know if you find a solution to these problems. I'd love to get this working, but there is just too much other stuff for me to work on. |
@andsens Duplicating the entirety of I also didn't have time lately to dedicate to this PR, but when I do I will try sending you separate PRs. P.S.: Actually, it seems everything except |
This should avoid the kind of problem encountered in #293.
Currently, this breaksInstallGrub_1_99
andInstallGrub_2
, which need to be fixed to callinstall-grub
from outside the chroot.