[Lxc-users] [PATCH] Re: read only rootfs

Serge E. Hallyn serge.hallyn at canonical.com
Tue Jul 19 19:50:05 UTC 2011


Quoting Michael H. Warfield (mhw at WittsEnd.com):
> On Tue, 2011-07-19 at 12:59 -0500, Serge E. Hallyn wrote: 
> > Quoting Michael H. Warfield (mhw at WittsEnd.com):
> > > I think the problem is that you are only doing this on the rootfs and
> > > that flag does not automagically propagate to the submounts.  That's
> 
> > D'oh!  Yeah, what you want is MS_REC | MS_SLAVE.  The rest should be fine
> > as I had it?
> 
> Well, you still need the patch for /rootfs->path/rootfs->mount/ on the
> second parameter to that mount call.
> 
> I gave it a shot.  No error on the build or running lxc-start but...  No
> joy.  A remount,ro still propagates back into the host from the
> container.
> 
> Been reading the kernel Documentation/filesystems/sharedsubtree.txt file
> about the SHARED, PRIVATE, and SLAVE semantics and it doesn't sound like
> it does what we think it does.  It will stop the propagation of mounts
> themselves from master to slave and vice versa but I don't see anything
> about remounts.  I mean, I can see it argued both ways.  Well, you're
> not really propagating a mount because it's already mounted.  Yeah, but
> it is propagating the mount action.  That file is not clear on what
> action would take place in the case of a remount like this.
> 
> This comment in section 5a of that file seems to favor the second
> interpretation that shared or private should affect remounts:
> 
> == 
> A 'propagation event' is defined as event generated on a vfsmount
> that leads to mount or unmount actions in other vfsmounts.
> == 
> 
> Is a remount a "mount action"?  I would presume it is.

oh, no, i think you are right.  It is not, if it is fs remount.

> IAC...  Still broken here.
> 
> Regards,
> Mike
> -- 
> Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
>    /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
>    NIC whois: MHW9          | An optimist believes we live in the best of all
>  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!



> ------------------------------------------------------------------------------
> Magic Quadrant for Content-Aware Data Loss Prevention
> Research study explores the data loss prevention market. Includes in-depth
> analysis on the changes within the DLP market, and the criteria used to
> evaluate the strengths and weaknesses of these DLP solutions.
> http://www.accelacomm.com/jaw/sfnl/114/51385063/

> _______________________________________________
> Lxc-users mailing list
> Lxc-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-users





More information about the lxc-users mailing list