[Lxc-users] version 0.8.0 coming soon

Papp Tamas tompos at martos.bme.hu
Tue Feb 28 22:58:53 UTC 2012


On 02/28/2012 04:13 PM, Serge Hallyn wrote:
> Quoting Papp Tamas (tompos at martos.bme.hu):
>> On 02/28/2012 01:20 AM, Serge Hallyn wrote:
>>> Quoting Daniel Lezcano (daniel.lezcano at free.fr):
>>>> Hi all,
>>>>
>>>> I will release a 0.8.0-rc1. I am looking for volunteer to test it :)
>>> Worked fine for me.  Tested create and clone of ubuntu, ubuntu and
>>> ubuntu-cloud images, with dir and lvm backing stores.  (And a run
>>> of lp:~serge-hallyn/+junk/lxc-test)
>>>
>>> Note, because upstream kernel didn't much care about the
>>> 'mount -o remount,ro /' problem, I'm going to patch lxc to
>>> pin open a '${rootfs}.hold' file, as long as the container
>>> is running.  That will prevent the underlying fs from being
>>> remounted ro.  (see
>>> https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/942325 for
>>> details).  That'll buy us some time to find a better solution
>>> in the kernel.
>>>
>>>
>> Why can a container change mount options outside of its rootfs?
>> Sorry for the stupid question:)
> It's not a stupid question at all.
>
> The container isn't changing mount options outside of its rootfs.  THere
> are two places an fs can be marked readonly - in the mount itself, and in
> the superblock.  When you make a bind mount, you are creating more mounts
> (vfsmounts) using the same superblcok.
>
> If you do
>
> 	mount --bind / / # not needed in container bc it's already been done
> 	mount --bind -o remount,ro /
>
> then you are setting the reasonly flag on the mount itself.  If you just do
>
> 	mount -o remount,ro /
>
> then you are setting the reasonly flag on the superblock, which will
> force all other mounts of that superblcok to also be readonly.
>
> Right now there is no way to prevent a container from doing that.  I sent
> a patch to make the devices cgroup be consulted on that, so that it could
> reteurn -EPERM.  That was refused.  The two other options I'm considering
> (and it wouldn't hurt ot have both) are 1. to pass the  remoutn flags to the
> LSM (selinux or apparmor or smack) so that it can deny permission.  Right
> now it can't do that (except for all-or-nothing check on remount).  And 2.
> to make it so that after doing
>
> 	mount --bind / /
> 	mount --bind -o remount,ro /
> 	mount --bind -o remount,rw /
>
> any subsequent
>
> 	mount -o remount,rw /
>
> would be refused (or automatically done only at the mount level).  I don't
> think that should be hard to do at fs/namespace.c:do_remount().


This may be to much for my brain:)

Anyway, could you make deb package from it?

tamas




More information about the lxc-users mailing list