Hi, On Tue, Feb 08, 2011 at 11:19:20AM +1100, Trent W. Buck wrote: > Matto Fransen <[email protected]> writes:
> > This is a problem with the sshd bind readonly containers, because > > lxc-init mounts /proc, /dev/shm and /dev/mqueue. > > With lxc.cap.drop=sys_admin it is therefor not possible to use > > lxc-init. > > > > Would this mean that lxc_setup_fs() should be removed from > > lxc_init.c and the mounting should be done through the config-file? > > I'm not sure what you mean there, but I do mounting with lxc.mount (or > lxc.mount.entry), i.e. within the lxc .conf file. When you create a sshd read only container with lxc-create -t sshd -n <containername> then this container gets a init that is mountend to lxc-init. lxc-init does mount /proc, /dev/shm and /dev/mqueue But with lxc.cap.drop=sys_admin it is not possible to mount, and therefor lxc-init returns an error and the container is stopped. Cheers, Matto ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ Lxc-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/lxc-users
