[lxc-users] How to bind-mount host filesystem inside a container and change mount options
Leonid Isaev
leonid.isaev at jila.colorado.edu
Sat Sep 12 21:32:53 UTC 2015
Hi,
I am trying to mount a user home directory from the host to a container
and at the same time change its mount options. The lxc.mount= option is:
----------
(host): grep fstab /tmp/config
lxc.mount=/var/lib/lxc/node1/fstab
(host): cat /tmp/fstab
/export/home /var/lib/lxc/node1/rootfs/export/home/takahe none bind 0 0
/export/home /var/lib/lxc/node1/rootfs/export/home/takahe none remount,exec,bind 0 0
(host): mount | grep home
/dev/sda4 on /export/home type btrfs (rw,nosuid,nodev,noexec,relatime,ssd,space_cache,subvolid=259,subvol=/_home)
----------
So, on the host, /export/home is a BTRFS subvolume mounted with a failrly
restrictive options. But the container needs the partition with exec
permissions.
Somehow, inside the container mount options are the same as on the host:
----------
(node1): mount | grep takahe
/dev/sda4 on /export/home/takahe type btrfs (rw,nosuid,nodev,noexec,relatime,ssd,space_cache,subvolid=259,subvol=/_home)
/dev/sda4 on /export/home/takahe type btrfs (rw,nosuid,nodev,noexec,relatime,ssd,space_cache,subvolid=259,subvol=/_home)
(node1): chmod 700 a.sh
(node1): ./a.sh
-bash: ./a.sh: Permission denied
(node1): bash a.sh
systemd-detect-virt says: lxc
----------
The above is not a mistake -- there are two identical mount entries, and the
partition is indeed noexec. I ran lxc-start with debug and it confirms that
/export/home is mounted with twice from the host with a mount options 4110
(btw, how do I read this bitmask?).
Both host and container run Archlinux, lxc is at version 1.1.3 and kernel is
mainline 4.2.0. How can I enforce the desired mount options, besides making an
in-container service for that?
Thanks,
--
Leonid Isaev
GPG fingerprints: DA92 034D B4A8 EC51 7EA6 20DF 9291 EE8A 043C B8C4
C0DF 20D0 C075 C3F1 E1BE 775A A7AE F6CB 164B 5A6D
More information about the lxc-users
mailing list