lxcfs - proc uptime

lxcfs - proc uptime

  • Written by
    Walter Doekes
  • Published on

When removing the excess LXC and LXD package from the LXC guest and working around Ubuntu/Xenial reboot issues I noticed the lxcfs mounts on my LXC guest.

(No, you don’t need the lxcfs package on the guest.)

guest# mount | grep lxc
lxcfs on /proc/cpuinfo type fuse.lxcfs (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other)
lxcfs on /proc/diskstats type fuse.lxcfs (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other)
lxcfs on /proc/meminfo type fuse.lxcfs (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other)
lxcfs on /proc/stat type fuse.lxcfs (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other)
lxcfs on /proc/swaps type fuse.lxcfs (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other)
lxcfs on /var/lib/lxcfs type fuse.lxcfs (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other)

Apparently we’re really looking at a subset of proc from inside the LXC guest, but then some files have been patched with bind mounts.

For instance, the uptime file:

guest# cat /proc/uptime
78.0 75.0

guest# uptime
 07:57:45 up 1 min,  0 users,  load average: 0.22, 0.25, 0.14

guest# mount | grep uptime
lxcfs on /proc/uptime type fuse.lxcfs (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other)

guest# umount /proc/uptime

At this point, the host OS uptime is unshadowed again.

guest# cat /proc/uptime
571190.55 8953464.60

guest# uptime
 07:57:57 up 6 days, 14:39,  0 users,  load average: 0.17, 0.24, 0.13

guest# cat /var/lib/lxcfs/proc/uptime
121.0 118.0

Note that I don’t know how to mount it again though:

guest# mount -n --bind /var/lib/lxcfs/proc/uptime /proc/uptime
mount: mount /var/lib/lxcfs/proc/uptime on /proc/uptime failed: Permission denied

lxd# tail -n1 /var/log/syslog
Mar 23 09:49:24 dev kernel: [574233.745082] audit: type=1400 audit(1458722964.456:246):
  apparmor="DENIED" operation="mount" info="failed type match" error=-13
  profile="lxd-guest_</var/lib/lxd>" name="/proc/uptime" pid=10938
  comm="mount" srcname="/var/lib/lxcfs/proc/uptime" flags="rw, bind"

But it’s back after a reboot; good enough for me, for now.


Back to overview Newer post: apt / insufficiently signed / weak digest Older post: lxc - ubuntu xenial - reboot