Date: prev next · Thread: first prev next last
2020 Archives by date, by thread · List index 

Hi Ash,

        Great to have you resurrect the bind mounting optimization - that's great:

        https://gerrit.libreoffice.org/c/online/+/92829

        I'd really like to reduce the number of bind-mounts though per jail,
ideally to just two. Currently we have 6 mount points for: /etc, /lib,
/lib64, /var, /usr and /lo.

        AFAICS these are all from the template except for 'lo' - so we
could/should be able to do:

        mount -o bind systemplate jail-root
        mount -o bind /path/to/lo -> jail-root/lo
        mount -o bind /path/to-jail-data -> jail-root/tmp

        Hopefully that would work nicely.

        Interestingly the kernel gives us some other nice tools here cf.

        https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt

        If we turn our systemplate into a mount-point (look away this is grim):

        mount -o bind systemplate systemplate-shared

        Now systemplate-shared is a mount-point: what a win ;-) so now we can do:

        mount --make-shared systemplate-shared

        This sets a magic flag such that re-mounting systemplate-shared will
share any sub-mounts it has. So we can do this setup as a one-off at
startup:

        mount -o bind systemplate systemplate-shared
        mount --make-shared systemplate-shared
       mount -o bind /path/to/lo systemplate-shared/lo

        And now we can get down to two mounts per jail:

        mount -o bind systemplate-shared jail-root
        mkdir writeable-tmp
        mount -o bind writable-temp jail-root/tmp

        And - assuming we can get $HOME into /tmp and wherever else we want to
write to (IIRC we do somethings of this kind already) - then we're done.

        Crazy ? ;-)

        Of course as a quicker hack to get something in for now we could just
use bind mounting in the 1st pass for /usr and for /lo - and copy the
(much smaller) /etc /lib /lib64 in instead of binding with the current
approach.

        Of course, my thesis that very large numbers of mounts will make the
kernel slow anyway ;-) is perhaps obsolete eg.

        https://github.com/torvalds/linux/commit/d29216842a85

        has a nice curio ;-)

        Thoughts ?

                Michael.

-- 
michael.meeks@collabora.com <><, GM Collabora Productivity
Hangout: mejmeeks@gmail.com, Skype: mmeeks
(M) +44 7795 666 147 - timezone usually UK / Europe

Context

Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.