[Lxc-users] [PATCH] Re: read only rootfs

Michael H. Warfield mhw at WittsEnd.com
Tue Jul 19 18:34:00 UTC 2011 

On Tue, 2011-07-19 at 12:59 -0500, Serge E. Hallyn wrote: 
> Quoting Michael H. Warfield (mhw at WittsEnd.com):
> > I think the problem is that you are only doing this on the rootfs and
> > that flag does not automagically propagate to the submounts.  That's

> D'oh!  Yeah, what you want is MS_REC | MS_SLAVE.  The rest should be fine
> as I had it?

Well, you still need the patch for /rootfs->path/rootfs->mount/ on the
second parameter to that mount call.

I gave it a shot.  No error on the build or running lxc-start but...  No
joy.  A remount,ro still propagates back into the host from the
container.

Been reading the kernel Documentation/filesystems/sharedsubtree.txt file
about the SHARED, PRIVATE, and SLAVE semantics and it doesn't sound like
it does what we think it does.  It will stop the propagation of mounts
themselves from master to slave and vice versa but I don't see anything
about remounts.  I mean, I can see it argued both ways.  Well, you're
not really propagating a mount because it's already mounted.  Yeah, but
it is propagating the mount action.  That file is not clear on what
action would take place in the case of a remount like this.

This comment in section 5a of that file seems to favor the second
interpretation that shared or private should affect remounts:

== 
A 'propagation event' is defined as event generated on a vfsmount
that leads to mount or unmount actions in other vfsmounts.
== 

Is a remount a "mount action"?  I would presume it is.

IAC...  Still broken here.

Regards,
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20110719/0b4cf2f8/attachment.pgp>

More information about the lxc-users mailing list