One of my customers uses cPanel to administer their internet facing servers.
It has an interesting virtual filesystem setup for sandboxing user accounts: cPanel creates, per user, a new root filesystem for that user, and then chroot
into that before running user code (shells, php, ...).
To create that file system, cPanel uses bind mounts to make the root-jail file system look very much like the real root file system.
bind mounts are a thing that appeared after the 1997-era of me spending a lot of time learning Linux. (if it was invented post 2000, lol I've never heard of it)
In the intervening years, isolation techniques like this have been becoming more mainstream - for example, my main use of docker (via my tool cue) has been to prepare and use different root file systems.
Anyway, back to cPanel. I was trying to figure out how this virtual filesystem was constructed. Bind mounts don't appear in the output of mount
or df
or /proc/mounts
with all the information I wanted: the mount just shows are being from the same device that its target is, without saying where that target is.
For example, I can see that /home/virtfs/x/usr/sbin
goes to somewhere in the filesystem on s_os-lv_root
but not where. (I can guess it's /usr/sbin
in this case).
/dev/mapper/vg_os-lv_root 50G 21G 30G 41% /home/virtfs/x/usr/sbin /dev/mapper/vg_os-lv_root 50G 21G 30G 41% /home/virtfs/x/var/spool /dev/mapper/vg_os-lv_root 50G 21G 30G 41% /home/virtfs/x/etc/apache2 /dev/mapper/vg_os-lv_root 50G 21G 30G 41% /home/virtfs/y/usr/sbin
Anyway, surely this can't be the way things are??
So along comes findmnt
, which gives me this info:
... │ │ ├─/home/virtfs/x/usr/sbin /dev/mapper/vg_os-lv_root[/usr/sbin] xfs ro,relatime,seclabel,attr2,inode64,sunit=512,swidth=512,usrquota ...
... which tells me that yes that really is mounted from /usr/sbin
.
Anyway, a nice new command to discover, around since only util-linux v2.18 in mid 2010.
No comments:
Post a Comment