[lxc-devel] [RFC] rootfs pinning

Serge Hallyn serge.hallyn at ubuntu.com
Tue Sep 24 21:35:37 UTC 2013 

Quoting Christian Seiler (christian at iwakd.de):
> Hi there,
> 
> >> Yep, we discussed this at Plumbers and I think it's really the way 
> >> to
> >> go, basically remove all of that fs pinning code and just do a
> >> bind-mount of the rootfs on itself in the container's mountns before
> >> starting it.
> >
> >> That way if the container decideds to remount / ro at any point, 
> >> it'll
> >> succeed and will give the user a read-only / but without affecting 
> >> the
> >> outside world.
> >
> > Ideally, I think that's the way to go and I use to do that manually 
> > when
> > setting up my containers but I was thinking there was some breakage
> > between that and the way we were working around the pivot_root 
> > problem
> > introduced by systemd (Fedora, Suse, Arch, et al).  If we can verify
> > that works with all the init flavors without breaking, that could be
> > part of the general cleanup of the mount tables in the containers as
> > well, maybe...
> 
> Just a short comment about what I found out when looking at the
> auto-mount stuff I just sent to the list when it comes to
> bind-mounts and remounting ro:
> 
> Take the following example:
> 
> mount --bind /foo /bar
> mount -o remount,ro /bar
> 
> In kernels up to at least 3.2 (but not much later) this would make the
> mount /bar read-only, but keep /foo read-write.
> 
> But: in kernel from at most 3.8 (possibly earlier), this would actually
> remount the entire filesystem read-only or give a busy message. There
> was apparently some kind of change here.
> 
> In order to properly remount bind-mounts read-only in newer kernels,
> you have to do the following:
> 
> mount -o remount,bind,ro /bar
> 
> This will also work in older kernels (I could only test 2.6.32, not
> earlier), so in that sense it's portable.
> 
> BUT: the typical bind-mount trick one could use to keep the container
> from remounting / ro at shutdown will apparently, as far as I can
> tell, not work anymore in 3.8, possibly earlier, since typical
> shutdown will do the equivalent of remount,ro and not add the bind
> option there.
> 
> So unfortunately, I think we'll have to stick with pinning... :(

The following works for me both in 3.2 and 3.8:

sudo mkdir -p /tmp/a /tmp/b
sudo mount -t tmpfs tmpfs /tmp/a
sudo mount --bind /tmp/a /tmp/b
sudo mount -o remount,bind,rw /tmp/c /tmp/c
sudo mount -o remount,ro /tmp/c
sudo touch /tmp/b/a # succeeds
sudo touch /tmp/c/a # fails

-serge

More information about the lxc-devel mailing list