[lxc-devel] mount ro in guest change host filesystem to ro

Nico parpandet at gmail.com
Thu Sep 1 21:22:19 UTC 2011


Daniel, sorry for double Post, I forgot to cc lxc-devel ....

>>>
>>> * you can do a "mount -o romount,ro /" inside container (reported
>>> since first times ... :( ),
>>> and host filesystem is remounted ro !!
>>
>> Argh ! I still don't understand how that can happen with a CLONE_NEWNS
>> and a pivot_root.
>> Do you have particular mount options on your host's rootfs ?
>
> It's debian sid kernel, linux-image-3.0.0-1-686-pae 3.0.0-3, with lxc 0.7.5-1,
> on btrfs with "defaults" options ! (separate filesystem for /var/lib/lxc)
>
>>> * you can rmmod host modules from guest !
>>
>> You can use lxc.cap.drop=sys_module, so you can prevent to load your own
>> module or to rmmod a module.
>
> ok fine, there is capabilities now !, good job
>
>>> * so strange behaviour beetween host and guest with ttys (ssh and so
>>> on, are shared
>>> if you do not take care), can't this be automatic ?
>>
>> Not sure to get it ...
>> Do you mean /dev/tty* ? Or /dev/pts/* ?
>
> I mean mixing beetween /dev/tty1 of the guest and the host
> (for example ssh remote login to guest, continues on local host
> lxc-console !, on so on ...)
>
> Nicolas
>




More information about the lxc-devel mailing list