[lxc-devel] mountflag propagation from slave to host
Wolfgang Bumiller
w.bumiller at proxmox.com
Fri Dec 4 09:41:03 UTC 2015
Not sure this is the right place to ask as I've narrowed it down to
raw mount commands, but it also affects privileged unconfined
containers when using bind-mounts to bind _mountpoints_ (not arbitrary
subdirectories) into a container (and I found it through some hooks
in my containers).
For some reason doing a remount,ro in a slave mount namespace
propagates the read-only flag into its master namespace, while at the
same time a remount,rW does _not_ propagate that way, and I'm
wondering if anybody can offer some insight, or maybe it's a bug in
the kernel?
To test, compare:
# mount -t tmpfs -o rw none /a
# unshare -m
# mount --make-rslave /
# mount -o remount,ro /a
Now /a is read-only in both namespaces
# mount -t tmpfs -o ro none /a
# unshare -m
# mount --make-rslave /
# mount -o remount,rw /a
Now /a is rw only in the slave namespace, still read-only on the host
namespace
More information about the lxc-devel
mailing list