[lxc-users] lxc.mount.entry selectively mount parts of sys and proc read write
GC
catchall at gc9.org
Fri Mar 21 04:05:02 UTC 2014
Hello,
I want to selectively mount parts of sys and proc rw, but the rest ro.
I thought I might be able to e.g., mount /sys ro (in the container), and
mount /.sys rw (in the container), then bind mount bits from /.sys to
/sys, and finally hide the rw /.sys by mounting another directory on top
of it, like:
lxc.mount.entry = sysfs sys sysfs ro 0 0
lxc.mount.entry = sysfs .sys sysfs rw 0 0 # (dot)sys
lxc.mount.entry = /var/lib/lxc/container/.sys/module/ipv6
sys/module/ipv6 none defaults,bind 0 0
# or alternatively (also doesn't work) this instead of line above
#lxc.mount.entry = .sys/module/ipv6 sys/module/ipv6 none defaults,bind 0 0
lxc.mount.entry = /var/lib/lxc/dummy_mount .sys none ro,bind 0 0
The part where I try to perform the bind mount of the read/write
.sys/module/ipv6 (in the container) on top of the read only
sys/module/ipv6 (in the container) fails. Is there a way to get this
to work?
Thanks,
g
More information about the lxc-users
mailing list