[Lxc-users] read only rootfs

Michael H. Warfield mhw at WittsEnd.com
Wed Jul 20 02:36:25 UTC 2011 

On Wed, 2011-07-20 at 02:21 +0000, Serge E. Hallyn wrote: 
> Quoting Michael H. Warfield (mhw at WittsEnd.com):
> > > > But...  I got this for the root system on Alcove.
> > > >
> > > > 106 55 8:17 /lxc/private/Alcove / rw,relatime master:1 - ext4 /dev/sdb1 rw,barrier=1,data=ordered
> > > >
> > > > Ok...  That now says "master:1".  Not sure what it signifies...
> 
> See linux-2.6/Documentation/filesystems/proc.txt for details:
> 
> shared:X  mount is shared in peer group X
> master:X  mount is slave to peer group X
> propagate_from:X  mount is slave and receives propagation from peer group X (*)
> unbindable  mount is unbindable

> linux-2.6/Documentation/filesystems/sharedsubtree.txt also has good info
> (as does fs/namespace.c).

Cool.  Thanks.  That clears that up.

Now, another point on the curve.  In my containers, I have an ro mounted
regular file system that's a bind mount from another directory.

In the Alcove container, where I have a double set of bind mounts ala
what C Anthony described in an earlier message.  In that container, I
can remount rw (which I WISH it was not allowed to do, but it is) and
then remount back to ro to my hearts content and it never affects the
host or the other containers.  That WORKS!  It just doesn't work
for /dev/pts for some reason.  In a second container, Plover, which is
NOT set up the way C Anthony described, if I set that shared ro mount to
rw and then back to ro, the host parent file system is now ro as well.
So it did propagate back to the host file system.  So what he described
seems to be accurate.  It's just not working for the special file
systems.  Also seems like quite a bugger to set up in the host system.
Bleah.

> -serge

Regards,
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20110719/758617ce/attachment.pgp>

More information about the lxc-users mailing list