[Bug 1589289] Re: fstrim: cannot open /dev/.lxd-mounts: Permission denied

Tue Aug 27 14:20:37 UTC 2019

[Disco verification]

Confirming that I'm using a lxd container running Disco:

# systemd-detect-virt
lxc

# lsb_release -cs
disco

* rmadison:
 util-linux | 2.33.1-0.1ubuntu2    | disco           | source, amd64, arm64, armhf, i386, ppc64el, s390x
 util-linux | 2.33.1-0.1ubuntu3    | disco-proposed  | source, amd64, arm64, armhf, i386, ppc64el, s390x

* With current disco-updates package:

$ dpkg -l | grep -i util-linux
ii  util-linux                     2.33.1-0.1ubuntu2                 amd64        miscellaneous system utilities

$ systemctl status fstrim.timer 
● fstrim.timer - Discard unused blocks once a week
   Loaded: loaded (/lib/systemd/system/fstrim.timer; enabled; vendor preset: enabled)
   Active: active (waiting) since Tue 2019-08-27 14:18:00 UTC; 40s ago
  Trigger: Mon 2019-09-02 00:00:00 UTC; 5 days left
     Docs: man:fstrim

Aug 27 14:18:00 lxcdfstrim systemd[1]: Started Discard unused blocks
once a week.

* With current disco-proposed package:

$ dpkg -l | grep -i util-linux
ii  util-linux                     2.33.1-0.1ubuntu3                 amd64        miscellaneous system utilities

$ systemctl status fstrim.timer 
● fstrim.timer - Discard unused blocks once a week
   Loaded: loaded (/lib/systemd/system/fstrim.timer; enabled; vendor preset: enabled)
   Active: inactive (dead) since Tue 2019-08-27 14:19:25 UTC; 43s ago
  Trigger: n/a
Condition: start condition failed at Tue 2019-08-27 14:20:06 UTC; 2s ago
           └─ ConditionVirtualization=!container was not met
     Docs: man:fstrim

Aug 27 14:18:00 lxcdfstrim systemd[1]: Started Discard unused blocks once a week.
Aug 27 14:19:25 lxcdfstrim systemd[1]: fstrim.timer: Succeeded.
Aug 27 14:19:25 lxcdfstrim systemd[1]: Stopped Discard unused blocks once a week.
Aug 27 14:19:25 lxcdfstrim systemd[1]: Stopping Discard unused blocks once a week.
Aug 27 14:19:25 lxcdfstrim systemd[1]: Condition check resulted in Discard unused blocks once a week being skipped.
Aug 27 14:20:06 lxcdfstrim systemd[1]: Condition check resulted in Discard unused blocks once a week being skipped.

** Tags removed: verification-needed-disco verification-needed-xenial
** Tags added: verification-done-disco verification-done-xenial

** Description changed:

  [Impact]
  fstrim weekly cronjob output in an unprivileged LXD container:

  /etc/cron.weekly/fstrim:
  fstrim: cannot open /dev/.lxd-mounts: Permission denied
  fstrim: /dev/fuse: not a directory
  fstrim: /dev/lxd: FITRIM ioctl failed: Operation not permitted

  There is a github issue:

  https://github.com/lxc/lxd/issues/2030

  The outcome is that it's purely an fstrim misbehaviour, it could be
  smarter.

  Stephane Graber comment:

  As all of this is handled by the kernel, there isn't anything we can do
  about it in LXD.

  I think fstrim should be made slightly more clever:

  * Don't run on bind-mounts (you can detect bind-mounts by parsing /proc/self/mountinfo instead of /proc/mounts)
  * Maybe not be as noisy on expected errors like EACCES, EPERM and ENOENT, only log actual failures which would likely be EINVAL or memory related errors.

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: util-linux 2.27.1-6ubuntu3
  ProcVersionSignature: Ubuntu 4.4.0-21.37-generic 4.4.6
  Uname: Linux 4.4.0-21-generic x86_64
  ApportVersion: 2.20.1-0ubuntu2.1
  Architecture: amd64
  Date: Sun Jun  5 19:49:04 2016
  ProcEnviron:
   LANGUAGE=en_US:en
   TERM=xterm
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: util-linux
  UpgradeStatus: No upgrade log present (probably fresh install)

  [Test Case]
  * Ubuntu lxd container
  * Wait for the scheduled fstrim run (X: cronjob, B and late: systemd timer)
  * fstrim will run and report errors "Operation not permitted" "Permission denied", ...

  Container shouldn't run fstrim, it should only be run at host level.

  [Potential Regression]

  None, the change will only block fstrim to be automatically run at
  scheduled time. One can still run fstrim on a container manually, even
  if there is no purpose of doing that.

  Xenial uses the cronjob approach /etc/cron.weekly/fstrim
  Bionic and late switched to a systemd timer.

  2 differents fixes (one for X, and one for B and late) will be needed,
  but they'll do same thing, which prevent fstrim to automatically run if
  inside a container both fixes using systemd-virt-detect.

  [Other Informations]

  * The systemd timer change upstream PR:
  https://github.com/karelzak/util-linux/pull/841
+ https://github.com/karelzak/util-linux/commit/0280d31a2bd6292acd9a4b86d0f6b5feb275a618

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to util-linux in Ubuntu.
https://bugs.launchpad.net/bugs/1589289

Title:
  fstrim: cannot open /dev/.lxd-mounts: Permission denied

Status in util-linux package in Ubuntu:
  Fix Released
Status in util-linux source package in Xenial:
  Fix Committed
Status in util-linux source package in Bionic:
  Fix Committed
Status in util-linux source package in Disco:
  Fix Committed
Status in util-linux package in Debian:
  Unknown

Bug description:
  [Impact]
  fstrim weekly cronjob output in an unprivileged LXD container:

  /etc/cron.weekly/fstrim:
  fstrim: cannot open /dev/.lxd-mounts: Permission denied
  fstrim: /dev/fuse: not a directory
  fstrim: /dev/lxd: FITRIM ioctl failed: Operation not permitted

  There is a github issue:

  https://github.com/lxc/lxd/issues/2030