[lxc-devel] a container can remount ro the host's mount point

Daniel Lezcano daniel.lezcano at free.fr
Mon Jul 19 16:40:13 UTC 2010 

On 04/01/2010 06:42 AM, Michael H. Warfield wrote:
> Daniel,
>
> I'm going to top post here because I've just discovered that we've got a
> bigger problem here, related to this whole mess.  A much bigger problem
> having to do with bind mounts in general.
>
> This is the generalized case here, which results from the observation
> that, if a host container sets its root directory to ro, then the mount
> point for the container in the host is set to ro.
>
> In fact, this is true of any additional bind mounts in containers!
>
> Say I have (and I do have) a couple of partitions which are shared
> between certain containers, say for common data (somewhat risky, but I
> eventually want to / hope to make them ro anyways).  I was investigating
> the whole read-only bind mount morass when I encountered this...
>
> So in the host, I have a partition, say /export, and I bind mount that
> into the containers as /export in their space.  Maybe I would like to
> eventually have this as ro in some of them, maybe not.  IAC, if I do a
> remount in any of the containers, the changes are propagated outside of
> the container to the host and to all the other containers!  So if I do a
> "mount -o remount,ro /export" in container A, the host and all the other
> containers now have /export as ro as well.  There's all kinds of concern
> there, beyond merely the potential for mayhem by some practical joker in
> one container.  What if I had some of these mounted ro (with the
> appropriate patch that was mentioned in another thread, I know you can't
> do it yet in the released code).  Can one container accidentally remount
> the other containers rw?  Yuck!  What's worse...  If I set that mount ro
> in the host, I damn well don't want the container to be about to remount
> it rw merely by doing a remount (that may be another can of worms).
>
> Just some thoughts, but this seems to be a mess and may even require
> some kernel work with those bind mounts to fix.  This was tested on a
> 2.6.32 kernel.
>    

It seems to be fixed now. I tried the example you gave and the mount rw 
option is not propagated to the other containers.
Tested on ubuntu 10.04, kernel 2.6.32-23-generic and lxc 0.7.1.

Do you confirm Michael ?

Thanks
   -- Daniel

More information about the lxc-devel mailing list