[lxc-devel] [lxc/lxc] 368bbc: Support for automatic mounting of filesystems

GitHub noreply at github.com
Thu Sep 12 20:34:14 UTC 2013 

  Branch: refs/heads/staging
  Home:   https://github.com/lxc/lxc
  Commit: 368bbc02ba132cd978141f392e610adf3b9dcec8
      https://github.com/lxc/lxc/commit/368bbc02ba132cd978141f392e610adf3b9dcec8
  Author: Christian Seiler <christian at iwakd.de>
  Date:   2013-09-12 (Thu, 12 Sep 2013)

  Changed paths:
    M src/lxc/conf.c
    M src/lxc/conf.h
    M src/lxc/confile.c
    M src/lxc/start.c

  Log Message:
  -----------
  Support for automatic mounting of filesystems

This patch adds the lxc.mount.auto configuration option that allows the
user to specify that certain standard filesystems should be
automatically pre-mounted when the container is started.

Currently, four things are implemented:

 - /proc          (mounted read-write)
 - /sys           (mounted read-only)
 - /sys/fs/cgroup (special logic, see mailing list discussions)
 - /proc/sysrq-trigger (see below)

/proc/sysrq-trigger may be used from within a container to trigger a
forced host reboot (echo b > /proc/sysrq-trigger) or do other things
that a container shouldn't be able to do. The logic here is to
bind-mount /dev/null over /proc/sysrq-trigger, so that that cannot
happen. This obviously only protects fully if CAP_SYS_ADMIN is not
available inside the container (otherwise that bind-mount could be
removed).

Signed-off-by: Christian Seiler <christian at iwakd.de>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>


  Commit: b7ed4bf0e25799fbe9e9ccb073af5397dda1288a
      https://github.com/lxc/lxc/commit/b7ed4bf0e25799fbe9e9ccb073af5397dda1288a
  Author: Christian Seiler <christian at iwakd.de>
  Date:   2013-09-12 (Thu, 12 Sep 2013)

  Changed paths:
    M src/lxc/conf.c

  Log Message:
  -----------
  Change rootfs pinning mechnism

Chane pinning mechanism: Use $rootfs/lxc.hold instead of $rootfs.hold
(in case $rootfs is a mountpoint itself), but delete the file
immediately after creating it (but keep it open). This will keep the
root filesystem busy but does not leave any unnecessary files lying
around.

Signed-off-by: Christian Seiler <christian at iwakd.de>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>


Compare: https://github.com/lxc/lxc/compare/aae1f3c47b09...b7ed4bf0e257

More information about the lxc-devel mailing list