[Lxc-users] read only rootfs
Serge E. Hallyn
serge.hallyn at canonical.com
Tue Jul 19 20:32:52 UTC 2011
Quoting Michael H. Warfield (mhw at WittsEnd.com):
> On Tue, 2011-07-19 at 13:34 -0500, Serge E. Hallyn wrote:
> > Quoting C Anthony Risinger (anthony at xtfx.me):
> > > there it would seem. however, while i could *maybe* see the rootfs
> > > being an unconditional slave, i would NOT want to see any lxc
> > > default/enforcement preventing container -> host propagation on a
> > > globally recursive scale. im of the opinion that the implementor
> > > should decide the best tactic ... especially in light of the fact the
> > > one distro may not even have the same problems as say
> > > ubutnu/fedora/etc because they keep mount points private by default.
>
> > Good point. (I don't see it on ubuntu either fwiw) Perhaps there
> > should be a toggle in the per-container config file?
>
> Quick question.
>
> Is there any way to test for these flags (SHARED, PRIVATE, SLAVE)? I
> don't see them showing up anywhere from mount, in proc mounts or
> mountstats. How do you check to see if they are set?
/proc/self/mountinfo is supposed to tell that. i.e. if you do
a --make-shared on /mnt, it'll show 'shared' next to the /mnt entry.
(I say 'is supposed to' bc --make-rslave just shows nothing, but
maybe that's bc the way i did it it wasn't a slave to anything,
so it was actually private)
More information about the lxc-users
mailing list