mount_seq command in ctrtool creates bind mounts and other types of virtual filesystem mounts for use by a container.
Although it is mainly used for containers, the
mount_seq command is just a simple wrapper around the
and can also be used for other purposes where a sequence of mounts needs to be made.
ctrtool mount_seq [-m target [-k] [-y] [-e] [-E|-f] [-s source [-K]] [-t type] [-O mount_options] [-o superblock_options]] [-u target [-k] [-y] [-e] [-O umount_options]] [-D target [-k] [-y] [-e] [-M mode]] [-S shell_command [-y] [-e]] [-c target [-k] [-y] [-e]] [-l target [-k] [-y] [-e] [-s link_target]]
- -m: Mount a filesystem.
- -u: Unmount a filesystem.
- -D: Create a directory.
- -S: Execute a shell command.
- -c: Change working directory.
- -l: Create a symbolic link.
Ctrtool mount_seq mounts one or more filesystems. Mount_seq differs from mount(8) and other traditional UNIX tools like
ln in the following respects:
- Multiple operations can be performed in a single command invocation (useful since no need to spawn new tasks or load libc multiple times per mount)
- The argument to one of the command options (-m, -u, -D, -c, -l) is always the target filename.
- Options such as ro,nosuid,nodev,noexec have to be specified using the -O option, whereas filesystem-specific options (e.g. size=SIZE in tmpfs) are specified using the -o option.
- mount_seq cannot mount loopback devices as the source device.
- mount_seq never updates /etc/mtab or /run/mount/utab.
- mount_seq always passes the arguments directly into the mount(2) system call and will never modify the source or target arguments to account for symbolic links.
- mount_seq checks all paths for symbolic links by default; however, this symlink check is currently non-atomic and should not be relied on for security. Eventually there might be a feature added that might make this operation fully atomic.
-Dcreates directories with a mode of 0700 by default (compared to
0777 & ~umask(usually 0755 or 0775 in practice).
Options valid in all modes
- -y: Call sync(2) after this operation.
- -e: Keep going even if this operation failed.
- -k: Do not check
targetfor symbolic links (ignored in -S mode).
-m target mounts a new filesystem on
All options specified below must be specified after
- -t TYPE: Filesystem type (e.g. tmpfs)
- -s SOURCE: Filesystem source (only for device and bind mounts)
- -o OPTIONS: Superblock options
- -E: Create target directory if it doesn't already exist
- -f: Create target as a file if it doesn't already exist. Useful only for bind mounts where the source is not a directory.
- -K: Do not check
sourcefor symbolic links. Required if
sourceis a link in /proc/PID/ns.
- -Oa: Do not update access times on this mount (equal to MS_NOATIME)
- -Ob: Bind mount (equal to MS_BIND)
- -Oc: Relatime (equal to MS_RELATIME)
- -Od: Ignore device nodes (equal to MS_NODEV)
- -Oe: Directory modifications synchronous (equal to MS_DIRSYNC)
- -Oh: Set propagation to "shared" (equal to MS_SHARED); see #Notes about propagation
- -Ol: Set propagation to "slave" (equal to MS_SLAVE); see #Notes about propagation
- -Om: Move the mount from
target(equal to MS_MOVE)
- -Oo: Read-only mount (equal to MS_RDONLY)
- -Op: Set propagation to "private" (equal to MS_PRIVATE); see #Notes about propagation
- -Oq: Don't print errors in dmesg (equal to MS_SILENT)
- -Or: Remount (equal to MS_REMOUNT)
- -Os: Ignore set-uid/set-gid/file capabilities (equal to MS_NOSUID)
- -Ot: Strict atime (equal to MS_STRICTATIME)
- -Ou: Set propagation to "unbindable" (equal to MS_UNBINDABLE); see #Notes about propagation
- -Ov: Recursive mount (equal to MS_REC)
- -Ow: Make all modifications synchronous (equal to MS_SYNCHRONOUS)
- -Ox: Disallow execution of binaries (equal to MS_NOEXEC)
- -Oz: Lazy update of modification times (equal to MS_LAZYTIME)
See mount(2) for exact semantics on MS_* flags.
Notes about propagation
As mount_seq is merely a simple wrapper around the mount(2) system call, some of the operations that would normally be done through mount(8) will have to be done manually instead.
Read-only bind mount
ctrtool mount_seq \ -m fs_target -s fs_source -Ob \ -m fs_target -Obro
This example recursively bind mounts fs_source on fs_target and recursively sets the propagation of fs_target to private.
ctrtool mount_seq \ -m fs_target -s fs_source -Obv \ -m fs_target -Opv
- The symlink check facility is non-atomic.
- If a sequence of mounts fails part way, then there is no way of telling how far it went. This is because mount_seq was meant to be used in a tmpfs context, where all of the targets are meant to be located within a single, newly-created tmpfs mount; lazily unmounting that tmpfs would effectively undo all of the operations.
- Specifying a filesystem type where the
dataargument of the mount() system call is expected to be something other than a null-terminated string (such as cifs) may lead to undefined behavior.
- This end-user documentation is part of ctrtool. Reproduction and use of this material for any purpose is permitted, provided that a link to this page is provided as attribution.