[lxc-users] Why can proc not be remounted read-only inside a container?
Aaron Staley
astaley at berkeley.edu
Tue Mar 25 05:05:44 UTC 2014
Resurrecting this thread.
I've tried again on a new machine running Ubuntu 13.10 with lxc
1.0.0~alpha1 and I am still getting the same problem.
I can remount /proc rw, but not ro. I've disabled apparmor (via
https://gist.github.com/gionn/7585324) and get no errors.
in lxc.conf:
lxc.mount.auto = proc
I have the same issue if I use:
lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
Are you guys actually able to mount-bind proc ro inside your containers?
On Thu, Jan 16, 2014 at 5:55 PM, Qiang Huang <h.huangqiang at huawei.com>wrote:
> Hi Aaron,
>
> On 2014/1/17 9:33, Aaron Staley wrote:
> > I'm trying to run an application that works fine on my host inside a
> container.
> >
> > The application executes:
> > mount -t proc -o ro proc /mnt/remount_point
> > But this command errors:
> > mount: cannot mount block device proc read-only
> >
> > mounting read-write (mount -t proc proc /mnt/remount_point) does work
> however.
> >
> > I'd rather not modify the application. Is there some LXC option/other
> issue blocking a RO mount of proc?
> >
>
> RO mount of proc should have worked, there must be something else
> wrong, maybe like Stéphane said.
>
> If you are looking for some LXC options,
> lxc.mount.auto = sys proc
> may be what you want.
>
> > Thanks,
> > Aaron
> >
> >
> > _______________________________________________
> > lxc-users mailing list
> > lxc-users at lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-users
> >
>
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20140324/d765fdcd/attachment.html>
More information about the lxc-users
mailing list