Quoting Michael H. Warfield (m...@wittsend.com):
> Serge,
>
> Revisiting an earlier remark...
...
> > Now I tested, and with a simple setup we can use a much simpler
> > patch which just does mount("", "/", NULL, MS_SLAVE|MS_REC, 0);
> > for the whole of chroot_into_slave() (and skips the new umount2()
> > in start.c). The container then starts, and its mounts table
> > is clean.
>
> Were you still looking at this? Currently, with the MS_SHARED patch
No, I haven't been.
> work in 0.9.0, the mount table is pretty ugly and running "df" in a
> container is really ugly...
>
...
> > Where that won't work is in a livecd or any fancy raid setup,
> > where your process's / has a parent which is MS_SHARED.
>
> How bad is this breakage in regards to that then?
pivot_root would simply fail.
Likewise, the case where / is actually type 'rootfs', which is
not MS_USER and therefore can't be pivot_root()d from would
fail.
There is something else we could try. Before we chroot() into
our custom MS_SLAVE /, we could fork a child. That child sticks
around, waits for a signal saying the pivot_root+umounts are
done, then it looks through /proc/self/mounts and unmounts
anything which is not under '/root/'.
I think that might really work best.
------------------------------------------------------------------------------
Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, jQuery
and much more. Keep your Java skills current with LearnJavaNow -
200+ hours of step-by-step video tutorials by Java experts.
SALE $49.99 this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122612
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
