On 04/01/2010 06:42 AM, Michael H. Warfield wrote: > Daniel, > > I'm going to top post here because I've just discovered that we've got a > bigger problem here, related to this whole mess. A much bigger problem > having to do with bind mounts in general. > > This is the generalized case here, which results from the observation > that, if a host container sets its root directory to ro, then the mount > point for the container in the host is set to ro. > > In fact, this is true of any additional bind mounts in containers! > > Say I have (and I do have) a couple of partitions which are shared > between certain containers, say for common data (somewhat risky, but I > eventually want to / hope to make them ro anyways). I was investigating > the whole read-only bind mount morass when I encountered this... > > So in the host, I have a partition, say /export, and I bind mount that > into the containers as /export in their space. Maybe I would like to > eventually have this as ro in some of them, maybe not. IAC, if I do a > remount in any of the containers, the changes are propagated outside of > the container to the host and to all the other containers! So if I do a > "mount -o remount,ro /export" in container A, the host and all the other > containers now have /export as ro as well. There's all kinds of concern > there, beyond merely the potential for mayhem by some practical joker in > one container. What if I had some of these mounted ro (with the > appropriate patch that was mentioned in another thread, I know you can't > do it yet in the released code). Can one container accidentally remount > the other containers rw? Yuck! What's worse... If I set that mount ro > in the host, I damn well don't want the container to be about to remount > it rw merely by doing a remount (that may be another can of worms). > > Just some thoughts, but this seems to be a mess and may even require > some kernel work with those bind mounts to fix. This was tested on a > 2.6.32 kernel. >
It seems to be fixed now. I tried the example you gave and the mount rw option is not propagated to the other containers. Tested on ubuntu 10.04, kernel 2.6.32-23-generic and lxc 0.7.1. Do you confirm Michael ? Thanks -- Daniel ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel