On Sun, 2010-03-14 at 08:33 +0100, l...@zitta.fr wrote: > Hi, > > When I create a full os container (for example a debian), I have to > remove init script that remount / read only on halt > example : umountfs for lenny > > If I don't do this, the container remounts readonly the mount point > where rootfs are when it stops. > > Why a container is able to do this? > If you store multiples containers on the same mount point, it could be > very problematic.
Ah HA! So THAT'S the root cause of THAT problem. Several of us have noticed that effect. Yeah, major PITA. Also explains just why I no longer see it. Because of a practice I started using in setting up my containers... As it so happens, because all of my containers are OpenVZ compatibility containers, I use a bind mount in the fstab for the root fs. OpenVZ has this concept of a "private" and a "rootfs" to aid in setting disk quotas in the container and I'm hoping to also eventually use that with union mounts / unionfs to do a linux-vservers style unify. But... That also prevents this problem because the container's rootfs is NOT a real fs in the host, it's the bind mount and that insulates the hosts fs and mount points from any actions in the container. Example from one of my containers is like this: Config: == lxc.rootfs = /srv/lxc/rootfs lxc.mount = /srv/lxc/config/1004.fstab = fstab: == /srv/lxc/private/1004 /srv/lxc/rootfs none bind 0 0 /export /srv/lxc/rootfs/export none bind 0 0 /home/shared /srv/lxc/rootfs/srv/shared none bind 0 0 == Would be really NICE if that bind could be something like a fuse with unionfs or, eventually, a union mount once those are mature and stable in the kernel, but we're not there yet. Now, you won't actually see anything in /srv/lxc/rootfs because it's private to the container and it's just a dummy mount point that can be used by all of your containers. The only thing that varies between my containers then is the location of the fstab (and the network stuff, obviously). The container can screw up its mounts all it want's their ALL isolated and private to the container, including the rootfs. > Regards, > Guillaume ZITTA Regards, Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
