Hi, I guess that could do it. But I don't understand while it would not be possible to have a read-only rootfs (i.e. is what I am seeing the expected behaviour?). What would the configuration look like if I decided to use overlayfs? Is it easy to use with lxc-execute? Because I just want to run an application, and I don't want to pay the overhead of lxc-start-ephemeral.
Thanks, Antonin 2013/12/18 Cal Leeming [Simplicity Media Ltd] <[email protected]>: > Would it not be better to use a stacked file system, such as overlayfs or > aufs, then discard the changes? > > Cal > > > On Thu, Dec 19, 2013 at 12:49 AM, Antonin Bas <[email protected]> wrote: >> >> Hi, >> >> I am trying to run an application container with lxc-execute. I am >> going to run "untrusted" student codes in this container and I want >> the root file system to be shared with the host but read-only. I >> thought this would be as easy as using the following configuration >> file: >> >> # Container with new network withtout network devices >> lxc.utsname = omega >> lxc.network.type = empty >> lxc.network.flags = up >> >> lxc.rootfs = /tmp/guest/rootfs >> lxc.mount.entry=/ /tmp/guest/rootfs/ none ro,bind 0 0 >> >> However, when I run `sudo lxc-execute -n test -f grader.conf >> --logpriority=DEBUG -- /bin/bash`, I get the following message: >> >> lxc-execute: Read-only file system - error unlinking >> /usr/lib/x86_64-linux-gnu/lxc/dev/kmsg >> >> lxc-execute: failed to setup kmsg for 'test' >> lxc-execute: Read-only file system - failed to create directory >> '/usr/lib/x86_64-linux-gnu/lxc/lxc_putold' >> >> lxc-execute: Read-only file system - failed to create pivotdir >> '/usr/lib/x86_64-linux-gnu/lxc/lxc_putold' >> lxc-execute: failed to setup pivot root >> lxc-execute: failed to set rootfs for 'test' >> lxc-execute: failed to setup the container >> lxc-execute: invalid sequence number 1. expected 2 >> lxc-execute: failed to spawn 'test' >> >> >> Is it possible to have some insight on what the problem is here? >> I am using Ubuntu 13.10, and my lxc is the one from the official repo >> (1.0.0.alpha1). >> >> Thanks you in advance for your help, >> >> Antonin >> _______________________________________________ >> lxc-users mailing list >> [email protected] >> http://lists.linuxcontainers.org/listinfo/lxc-users > > > > _______________________________________________ > lxc-users mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-users _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
