[lxc-users] LXD - bind mount inside container
Ron Kelley
rkelleyrtp at gmail.com
Tue Jun 14 11:17:58 UTC 2016
Thanks. These containers are running as a web-hosting container for our user sites (we host one site per container). Does your security statement below mean I could run into security issues if we enable the security.nesting option? One of the primary drivers for containers is for security - we don’t want one site “bleeding” into another.
Thanks!
On Jun 14, 2016, at 7:13 AM, Fajar A. Nugraha <list at fajar.net> wrote:
On Tue, Jun 14, 2016 at 5:47 PM, Ron Kelley <rkelleyrtp at gmail.com> wrote:
>
> Greetings,
>
> Looking to setup a bind mount inside a CentOS-6 container for ~user-a/WWW pointing to /var/www/html. However, each time I run “bind —mount /home/user-a/www /var/www/html” I get a read-only error message and the bind mount is not created. This works just fine inside a “normal” VM.
>
> Any pointers?
>
https://github.com/lxc/lxd/blob/master/doc/configuration.md
stop your container, set security.nesting (and probably
security.privileged) to true, start it again.
Note that it pretty much negates some of the additional security
protections present in lxd, so make sure you trust your container
admin (e.g. you use it yourself, not for a shared hosting setup).
--
Fajar
_______________________________________________
lxc-users mailing list
lxc-users at lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
More information about the lxc-users
mailing list