[lxc-users] Setting lxc.pivotdir leaves mounted host "/" rw in container?
Serge Hallyn
serge.hallyn at ubuntu.com
Fri Jan 15 20:44:45 UTC 2016
Quoting steve at linuxsuite.org (steve at linuxsuite.org):
> Howdy!
>
> I am trying to make lxc containers with readonly root "/"
>
> I bind mount a "common" rootfs and make it readonly to use as a
> readonly container root file system.
>
> mount --bind /srv/common/ /srv/test/
> mount -o remount,ro /srv/test
>
> lxc.rootfs = /srv/test ( in container config)
>
> lxc-start fails because /usr is readonly and /usr/lib64/lxc
> is needed to be rw, I guess..
>
> lxc-start: utils.c: mkdir_p: 202 Read-only file system - failed to create
> directory '/usr/lib64/lxc/rootfs/lx
> c_putold'
>
> So, I set lxc.pivotdir in container config ( I have a rw /var
> in the container )
>
> lxc.pivotdir = /var/mnt
>
> And it boots perfectly and I have a readonly "/", Yeay!! but
> then I notice that the entire host filesystem is mounted read/write in
> the container
> under /var/mnt...
>
> Why does this mount not go away? Ideas about what I have to do??
>
> lxc 1.0.8 on centos6.7... tried both building from source tarball
> from linuxcontainers.org
FWIW if you switch to newer lxc it no longer needs the pivot_root dir.
More information about the lxc-users
mailing list