[lxc-users] lxc-execute with read-only rootfs
Cal Leeming [Simplicity Media Ltd]
cal.leeming at simplicitymedialtd.co.uk
Thu Dec 19 01:26:50 UTC 2013
Would it not be better to use a stacked file system, such as overlayfs or
aufs, then discard the changes?
Cal
On Thu, Dec 19, 2013 at 12:49 AM, Antonin Bas <antoninb at stanford.edu> wrote:
> Hi,
>
> I am trying to run an application container with lxc-execute. I am
> going to run "untrusted" student codes in this container and I want
> the root file system to be shared with the host but read-only. I
> thought this would be as easy as using the following configuration
> file:
>
> # Container with new network withtout network devices
> lxc.utsname = omega
> lxc.network.type = empty
> lxc.network.flags = up
>
> lxc.rootfs = /tmp/guest/rootfs
> lxc.mount.entry=/ /tmp/guest/rootfs/ none ro,bind 0 0
>
> However, when I run `sudo lxc-execute -n test -f grader.conf
> --logpriority=DEBUG -- /bin/bash`, I get the following message:
>
> lxc-execute: Read-only file system - error unlinking
> /usr/lib/x86_64-linux-gnu/lxc/dev/kmsg
>
> lxc-execute: failed to setup kmsg for 'test'
> lxc-execute: Read-only file system - failed to create directory
> '/usr/lib/x86_64-linux-gnu/lxc/lxc_putold'
>
> lxc-execute: Read-only file system - failed to create pivotdir
> '/usr/lib/x86_64-linux-gnu/lxc/lxc_putold'
> lxc-execute: failed to setup pivot root
> lxc-execute: failed to set rootfs for 'test'
> lxc-execute: failed to setup the container
> lxc-execute: invalid sequence number 1. expected 2
> lxc-execute: failed to spawn 'test'
>
>
> Is it possible to have some insight on what the problem is here?
> I am using Ubuntu 13.10, and my lxc is the one from the official repo
> (1.0.0.alpha1).
>
> Thanks you in advance for your help,
>
> Antonin
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20131219/3782c476/attachment.html>
More information about the lxc-users
mailing list