CODEWITHSUNDEEP
dockermountloopback
Kalle Richter
Kalle Richter

Reputation: 8768

Why can I mount one image on a loopback device, but not a second one on another inside a container?

I'm following Is it possible to mount an ISO inside a docker container? to get a test running inside Docker which is then to be used in CI. The script below is part of the test. The thing I don't get is why the first image mounts, but not the second. Since the first mounts this can't be a matter of permissions, capabilities, etc. afaik.

 $ dd if=/dev/zero of=testfs-1.img bs=1M count=32
32+0 records in
32+0 records out
33554432 bytes (34 MB, 32 MiB) copied, 0.0244791 s, 1.4 GB/s
$ dd if=/dev/zero of=testfs-2.img bs=1M count=32
32+0 records in
32+0 records out
33554432 bytes (34 MB, 32 MiB) copied, 0.0242179 s, 1.4 GB/s
$ mkfs -F testfs-1.img
mke2fs 1.44.1 (24-Mar-2018)
Discarding device blocks:  1024/32768           done                            
Creating filesystem with 32768 1k blocks and 8192 inodes
Filesystem UUID: 7e752a1c-1f0c-4efb-8cd9-67f5922adf7b
Superblock backups stored on blocks: 
    8193, 24577
Allocating group tables: 0/4   done                            
Writing inode tables: 0/4   done                            
Writing superblocks and filesystem accounting information: 0/4   done
$ mkfs -F testfs-2.img
mke2fs 1.44.1 (24-Mar-2018)
Discarding device blocks:  1024/32768           done                            
Creating filesystem with 32768 1k blocks and 8192 inodes
Filesystem UUID: cdd08978-4a52-407b-81c6-98d908eadee8
Superblock backups stored on blocks: 
    8193, 24577
Allocating group tables: 0/4   done                            
Writing inode tables: 0/4   done                            
Writing superblocks and filesystem accounting information: 0/4   done
$ mkdir -p src/mnt-1/hidden-1 src/mnt-2/hidden-2
$ ls -la src/
total 0
drwxr-xr-x 1 root root 20 Jun 13 23:15 .
drwxrwxrwx 1 root root 90 Jun 13 23:15 ..
drwxr-xr-x 1 root root 16 Jun 13 23:15 mnt-1
drwxr-xr-x 1 root root 16 Jun 13 23:15 mnt-2
$ losetup -f
/dev/loop15
$ mount -o loop testfs-1.img src/mnt-1
$ losetup -f
/dev/loop16
$ mount -o loop testfs-2.img src/mnt-2
mount: src/mnt-2: failed to setup loop device for /builds/krichter-sscce/docker-losetup/testfs-2.img.

The test if from bup in case anyone needs more background.

I'm using the image ubuntu:18.04 for the tests.

I can reproduce this with docker run --privileged -it ubuntu:18.04 and then inside the container executing

#!/bin/sh

dd if=/dev/zero of=testfs-1.img bs=1M count=32
dd if=/dev/zero of=testfs-2.img bs=1M count=32
mkfs -F testfs-1.img
mkfs -F testfs-2.img
mkdir -p src/mnt-1/hidden-1 src/mnt-2/hidden-2
ls -la src/
losetup -f
mount -o loop testfs-1.img src/mnt-1
losetup -f
mount -o loop testfs-2.img src/mnt-2

with bash. My Docker version is

> docker version
Client: Docker Engine - Community
 Version:           19.03.11
 API version:       1.40
 Go version:        go1.13.10
 Git commit:        42e35e61f3
 Built:             Mon Jun  1 09:12:34 2020
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.11
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.13.10
  Git commit:       42e35e61f3
  Built:            Mon Jun  1 09:11:07 2020
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.2.13
  GitCommit:        7ad184331fa3e55e52b890ea95e65ba581ae3429
 runc:
  Version:          1.0.0-rc10
  GitCommit:        dc9208a3303feef5b3839f4323d9beb36df0a9dd
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

on an Ubuntu 20.04 host.

Upvotes: 8

Views: 1990

Answers (1)

aran
aran

Reputation: 11880

This is taken from gitHub and I don't have any merit putting it in here, but might help.

Take a look at this link.

A similar issue was fixed by Tony Fahrion following these steps while creating loop devices.

Precondition: docker container must be running in --privileged mode.

LOOPDEV=$(losetup --find --show --partscan ${IMAGE_FILE})

# drop the first line, as this is our LOOPDEV itself, but we only want the child 
partitions
PARTITIONS=$(lsblk --raw --output "MAJ:MIN" --noheadings ${LOOPDEV} | tail -n +2)
COUNTER=1
for i in $PARTITIONS; do
   MAJ=$(echo $i | cut -d: -f1)
   MIN=$(echo $i | cut -d: -f2)
   if [ ! -e "${LOOPDEV}p${COUNTER}" ]; then mknod ${LOOPDEV}p${COUNTER} b $MAJ $MIN; fi
   COUNTER=$((COUNTER + 1))
done

The trick seems to be related to the mknod function. As I said earlier, hope it helps (it was just too long to put it in a comment)

Upvotes: 1

Related Questions