[Lxc-users] patch for read-only bind-mount
Daniel Lezcano
daniel.lezcano at free.fr
Tue Jun 22 16:49:20 UTC 2010
On 06/22/2010 04:36 PM, Ferenc Wagner wrote:
> Daniel Lezcano<daniel.lezcano at free.fr> writes:
>
>
>> On 06/22/2010 07:25 AM, John Brendler wrote:
>>
>>
>>> lxc fails to make read-only bind mounts as documented. Read-only bind
>>> mounts are important to many use cases.
>>>
>> You are right, it is an important feature, I forgot to take the patch.
>>
> Btw. they make most sense if root in the container can not remount,rw it
> again. I suppose it's so, but where is this documented?
>
I am not sure it is possible.
Maybe if the container is configured only by lxc, we can drop
CAP_SYS_ADMIN, so any root process won't be able to mount / remount
anything, no ?
More information about the lxc-users
mailing list