[lxc-devel] mount ro in guest change host filesystem to ro
Daniel Lezcano
daniel.lezcano at free.fr
Thu Sep 1 20:46:56 UTC 2011
On 09/01/2011 09:30 PM, Nico wrote:
> Hi,
>
> I just wanted to give it a try again with lxc after one year,
> this is so bad same bugs are always here :
>
> * you can do a "mount -o romount,ro /" inside container (reported
> since first times ... :( ),
> and host filesystem is remounted ro !!
Argh ! I still don't understand how that can happen with a CLONE_NEWNS
and a pivot_root.
Do you have particular mount options on your host's rootfs ?
> * you can rmmod host modules from guest !
You can use lxc.cap.drop=sys_module, so you can prevent to load your own
module or to rmmod a module.
> * so strange behaviour beetween host and guest with ttys (ssh and so
> on, are shared
> if you do not take care), can't this be automatic ?
Not sure to get it ...
Do you mean /dev/tty* ? Or /dev/pts/* ?
> I wanted so much to migrate to vanilla kernel, and leave debian
> openvz, because openvz debian kernel will be no more supported
> soon ...
>
> besides this bugs, thank you so much for the work already done guys
> ;), but not usable for now ...
>
> Nicolas
>
> ------------------------------------------------------------------------------
> Special Offer -- Download ArcSight Logger for FREE!
> Finally, a world-class log management solution at an even better
> price-free! And you'll get a free "Love Thy Logs" t-shirt when you
> download Logger. Secure your free ArcSight Logger TODAY!
> http://p.sf.net/sfu/arcsisghtdev2dev
> _______________________________________________
> Lxc-devel mailing list
> Lxc-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel
>
More information about the lxc-devel
mailing list