[lxc-devel] mountflag propagation from slave to host
Serge Hallyn
serge.hallyn at ubuntu.com
Fri Dec 4 21:08:32 UTC 2015
Quoting Wolfgang Bumiller (w.bumiller at proxmox.com):
> Not sure this is the right place to ask as I've narrowed it down to
> raw mount commands, but it also affects privileged unconfined
> containers when using bind-mounts to bind _mountpoints_ (not arbitrary
> subdirectories) into a container (and I found it through some hooks
> in my containers).
>
> For some reason doing a remount,ro in a slave mount namespace
> propagates the read-only flag into its master namespace, while at the
> same time a remount,rW does _not_ propagate that way, and I'm
> wondering if anybody can offer some insight, or maybe it's a bug in
> the kernel?
doing remount,ro and remount,rw is a touchy issue because it can mean two
different things.a It can mean changing the superblock options, or changing
the bind mount options.
> To test, compare:
>
> # mount -t tmpfs -o rw none /a
> # unshare -m
> # mount --make-rslave /
> # mount -o remount,ro /a
Try mount -o bind,remount,ro /a
> Now /a is read-only in both namespaces
> # mount -t tmpfs -o ro none /a
> # unshare -m
> # mount --make-rslave /
> # mount -o remount,rw /a
> Now /a is rw only in the slave namespace, still read-only on the host
> namespace
More information about the lxc-devel
mailing list