From: Daniel Kral <d.kral@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [PATCH container] fix #7271: exclude non-volume mountpoints from attribute preservation
Date: Fri, 6 Feb 2026 12:02:41 +0100 [thread overview]
Message-ID: <20260206110714.204791-1-d.kral@proxmox.com> (raw)
The commit 0db5595 (mountpoint_insert_staged: inherit attributes if
directory already exists) allows preserving attributes of the underlying
directory that is used as the mount target. Subsequently, the commit
abebdaa (fix #7267: do not inherit host attributes for rootfs) excludes
the rootdir with the $keep_attrs argument from this preservation.
As bind mountpoints might not support chaning the file permissions
and/or ownership, e.g. NFS shares, containers with such bind mounts fail
to start. Therefore, further exclude any non-volume mountpoints as these
are managed externally.
Signed-off-by: Daniel Kral <d.kral@proxmox.com>
---
Tested this with a debian container and a volume mountpoint, a
bind-mounted subdirectory on the host and a bind-mounted NFS share.
src/PVE/LXC.pm | 6 +++++-
src/lxc-pve-prestart-hook | 2 +-
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm
index b45490b..6cdc80e 100644
--- a/src/PVE/LXC.pm
+++ b/src/PVE/LXC.pm
@@ -2473,7 +2473,11 @@ sub mountpoint_hotplug : prototype($$$$$) {
chdir('/')
or die "failed to change root directory within the container's mount namespace: $!\n";
- mountpoint_insert_staged($mount_fd, undef, $mp->{mp}, $opt, $root_uid, $root_gid, 1);
+ my $keep_attrs = $mp->{type} eq 'volume';
+
+ mountpoint_insert_staged(
+ $mount_fd, undef, $mp->{mp}, $opt, $root_uid, $root_gid, $keep_attrs,
+ );
});
}
diff --git a/src/lxc-pve-prestart-hook b/src/lxc-pve-prestart-hook
index d264ab9..f900c12 100755
--- a/src/lxc-pve-prestart-hook
+++ b/src/lxc-pve-prestart-hook
@@ -100,7 +100,7 @@ PVE::LXC::Tools::lxc_hook(
# Mount relative to the rootdir fd.
$dest_base_fd = $rootdir_fd;
$dest_dir = './' . $mountpoint->{mp};
- $keep_attrs = 1;
+ $keep_attrs = $mountpoint->{type} eq 'volume';
} else {
# Assert that 'rootfs' is the first one:
die "foreach_mount() error\n" if $opt ne 'rootfs';
--
2.47.3
next reply other threads:[~2026-02-06 11:06 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-06 11:02 Daniel Kral [this message]
2026-02-06 14:30 ` applied: " Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260206110714.204791-1-d.kral@proxmox.com \
--to=d.kral@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.