[lxc-users] Setting lxc.pivotdir leaves mounted host "/" rw in container?
steve at linuxsuite.org
steve at linuxsuite.org
Thu Jan 14 16:40:59 UTC 2016
Howdy!
I am trying to make an lxc container with readonly root "/"
I bind mount a "common" rootfs and make it readonly to use as a
readonly container root file system.
mount --bind /srv/common/ /srv/test/
mount -o remount,ro /srv/test
lxc.rootfs = /srv/test ( in container config)
lxc-start fails because /usr is readonly and /usr/lib64/lxc
is needed to be rw.
lxc-start: utils.c: mkdir_p: 202 Read-only file system - failed to create
directory '/usr/lib64/lxc/rootfs/lx
c_putold'
So, I set lxc.pivotdir in container config ( I have a rw /var
in the container )
lxc.pivotdir = /var/mnt
And it boots perfectly and I have a readonly "/", Yeay!! but
then I notice
that the entire host filesystem is mounted read/write in the container
under /var/mnt...
Why does this mount not go away? Ideas about what I have to do??
lxc 1.0.8 on centos6.7
thanx - steve
More information about the lxc-users
mailing list