[Lxc-users] patch for read-only bind-mount

Daniel Lezcano daniel.lezcano at free.fr
Tue Jun 22 16:49:20 UTC 2010


On 06/22/2010 04:36 PM, Ferenc Wagner wrote:
> Daniel Lezcano<daniel.lezcano at free.fr>  writes:
>
>    
>> On 06/22/2010 07:25 AM, John Brendler wrote:
>>
>>      
>>> lxc fails to make read-only bind mounts as documented.  Read-only bind
>>> mounts are important to many use cases.
>>>        
>> You are right, it is an important feature, I forgot to take the patch.
>>      
> Btw. they make most sense if root in the container can not remount,rw it
> again.  I suppose it's so, but where is this documented?
>    
I am not sure it is possible.
Maybe if the container is configured only by lxc, we can drop 
CAP_SYS_ADMIN, so any root process won't be able to mount / remount 
anything, no ?




More information about the lxc-users mailing list