On 2016-03-07 17:55, Tobias Hunger wrote:
Hi,
I have been running systemd-nspawn containers on top of a btrfs
filesystem for a while now.
This works great: Snapshots are a huge help to manage containers!
But today I ran btrfs subvol list . *inside* a container. To my
surprise I got a list of *all* subvolumes on that drive. That is
basically a complete list of containers running on the machine. I do
not want to have that kind of information exposed to my containers.
Is there a way to stop btrfs from listing subvolumes "above" the
current location? So that "btrfs subvol list /" in a container will
only show subvolumes that are set up in the container?
There is not currently a way to do this. My personal recommendation
until there is would be to use LVM or something similar and have each
container on it's own FS (this has other advantages too, like being able
to use seed devices to quickly spin up containers in a known state.
Ideally though, we should be checking the current root directory when in
a mount namespace, and not list subvolumes outside that tree.
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
