[Lxc-users] read only rootfs
Michael H. Warfield
mhw at WittsEnd.com
Wed Jul 20 13:15:03 UTC 2011
On Wed, 2011-07-20 at 07:10 -0500, Serge Hallyn wrote:
> Quoting Michael H. Warfield (mhw at WittsEnd.com):
> > [root at forest ~]# lxc-start --name Plover
> > lxc-start: Invalid argument - pivot_root syscall failed
> sort of unrelated, but Rob Landley had mentioned he wanted to fix chroot
> to prevent the chdir-based chroot escape, allowing lxc to use chroot in
> place of pivot_root. As you see above, pivot_root has some very stringent
> constaints regarding the ms_shared state of the mounpoints *and* their
> parents, so this would be a very good thing.
Interesting. Very interesting. Especially since I remember being
involved in the whole transition from chroot over to pivot_root way back
when.
Explains a couples of other anomalies I observed.
> And would prevent the above.
I'm going to have to refresh my memory of the reasons for switching from
chroot over to pivot_root in the first place. There was more than one
and the chdir-based chroot escape was only one.
> As far as the main topic of this thread, I feel I can't really do it
> justice without trying harder to reproduce, which I can't do today. I'm
> going to try and find time tomorrow or friday to do so (if you haven't
> gotten to the bottom of this before that). We also might want to point
> dhansen at the mail archive of this thread and get his input.
Ok... I've still got some testing and experimenting to do based on
those hints C Anthony gave me. ITMT, I'm not sure who you are referring
to as dhansen (so I can't point them anywhere) but, the more the merrier
if it helps this thing along.
> -serge
Regards,
Mike
--
Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20110720/636ce367/attachment.pgp>
More information about the lxc-users
mailing list