On Wed, Mar 09, 2016 at 02:21:26PM -0700, Chris Murphy wrote:
> > I have a very stripped down docker image that actually mounts portion of
> > of my root filesystem read only.
> > While it's running out of a btrfs filesystem, you can't run btrfs
> > commands against it:
> > 05233e5c91f0:/# btrfs fi show
> > 05233e5c91f0:/# btrfs subvol list /
> > ERROR: can't perform the search - Operation not permitted
> > 05233e5c91f0:/# btrfs subvol list .
> > ERROR: can't perform the search - Operation not permitted
> >
> > I didn't do anything special, it's just working that way.
>
> Yep, you're not using --privileged in which case you can't list
> things. But I'm not sure what the equivalent is off hand with
> systemd-nspawn containers, I think those may always be privileged?
Ok, cool. I just used docker out of the box, glad to know it errs on
the secure side by default.
(and I don't have systemd, so that may also help me there)
Thanks,
Marc
--
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems ....
.... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/ | PGP 1024R/763BE901
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
