[Lxc-users] read only rootfs

Serge E. Hallyn serge.hallyn at canonical.com
Tue Jul 19 20:32:52 UTC 2011


Quoting Michael H. Warfield (mhw at WittsEnd.com):
> On Tue, 2011-07-19 at 13:34 -0500, Serge E. Hallyn wrote: 
> > Quoting C Anthony Risinger (anthony at xtfx.me):
> > > there it would seem.  however, while i could *maybe* see the rootfs
> > > being an unconditional slave, i would NOT want to see any lxc
> > > default/enforcement preventing container -> host propagation on a
> > > globally recursive scale.  im of the opinion that the implementor
> > > should decide the best tactic ... especially in light of the fact the
> > > one distro may not even have the same problems as say
> > > ubutnu/fedora/etc because they keep mount points private by default.
> 
> > Good point.  (I don't see it on ubuntu either fwiw)  Perhaps there
> > should be a toggle in the per-container config file?
> 
> Quick question.
> 
> Is there any way to test for these flags (SHARED, PRIVATE, SLAVE)?  I
> don't see them showing up anywhere from mount, in proc mounts or
> mountstats.  How do you check to see if they are set?

/proc/self/mountinfo is supposed to tell that.  i.e. if you do
a --make-shared on /mnt, it'll show 'shared' next to the /mnt entry.
(I say 'is supposed to' bc --make-rslave just shows nothing, but
maybe that's bc the way i did it it wasn't a slave to anything,
so it was actually private)




More information about the lxc-users mailing list