[lxc-devel] bugs with LXC container : mount and rmmod command

Daniel Lezcano dlezcano at fr.ibm.com
Tue Jan 5 15:54:48 UTC 2010


Elias Olivares wrote:
> Hello, 
> 
> My company is looking for migrate from OpenVz to LXC container tools but we have found some isolation problems. 
> 
> I've created a dedicated partition to share my containers in : /mnt/vmr1/ 
> 
> I've created a container with an debian debootstrap there : /mnt/vmr1/debiandebootstrap 
> 
> Then I enter into a container (lxc-console -n debiandebootstrap) and I use this specific mount command : " mount -o remount,ro / " . 
> 
> When I return to the Host , /mnt/vmr1/ is set in "read only". The mount command ran in the guest has interacted with the host. 

Weird, I try to do something similar with the 'debian' template and I 
got the error "mount: / is busy". What version of lxc are you using ?

> I have the same problem with "rmmod" command. When I try to remove some module in the guest container it remove it on the Host machine. 

This is something about to be fixed with the capability drop. The 
container won't have the cap_sys_module permission.

Thanks
   -- Daniel




More information about the lxc-devel mailing list