Cannot create an LXC OCI template with an atomfs rootfs #15
Description
$ sudo env PATH=$PATH build/src/lxc/tools/lxc-create --name my-atomfs-container -t oci -- --url oci:$HOME/work/cisco/stacker/oci:hello-stacker-squashfs
Copying blob bcfd1457bd9c skipped: already exists
Copying blob 8d3a9c82f78d skipped: already exists
Copying config 7e41ad5ab5 done |
Writing manifest to image destination
mfpath=/var/lib/lxc/my-atomfs-container/oci/blobs/sha256/510908f7430da725116f8abc73807c0d6be97cf8f9d2706571c9716a20f05a48 conf=/var/lib/lxc/my-atomfs-container/oci/blobs/sha256/7e41ad5ab5a2c56b99a1ecff25e711ef2534aa52657d743c8d9da5afca67a8a0
mediatype=application/vnd.stacker.image.layer.squashfs+zstd+verity
atomfs mount /var/lib/lxc/my-atomfs-container/oci:my-atomfs-container /var/lib/lxc/my-atomfs-container/rootfs
/usr/share/lxc/templates/lxc-oci: line 463: /var/lib/lxc/my-atomfs-container/rootfs/etc/hostname: Read-only file system
atomfs unmount /var/lib/lxc/my-atomfs-container/rootfs
lxc-create: my-atomfs-container: ../src/lxc/lxccontainer.c: create_run_template: 1628 Failed to create container from template
lxc-create: my-atomfs-container: ../src/lxc/tools/lxc_create.c: lxc_create_main: 318 Failed to create container my-atomfs-container
This is due to this commit which replaced the default writable mounts with default read-only mounts. The LXC template doesn't pass the --writeable mount option to atomfs.
We either change the default behavior of atomfs or we change the OCI LXC template. If we change the OCI template, there will still be older versions of LXC which won't work with atomfs.
There's also the PuzzleFS PR and it would be nice if we could keep the same MOUNT_HELPER semantics.