On Thu, Jan 16, 2014 at 05:33:06PM -0800, Aaron Staley wrote: > I'm trying to run an application that works fine on my host inside a > container. > > The application executes: > mount -t proc -o ro proc /mnt/remount_point > But this command errors: > mount: cannot mount block device proc read-only > > mounting read-write (mount -t proc proc /mnt/remount_point) does work > however. > > I'd rather not modify the application. Is there some LXC option/other > issue blocking a RO mount of proc? > > Thanks, > Aaron
This is likely blocked by apparmor. You can disable apparmor for this container with lxc.aa_profile = unconfined or write your own profile in /etc/apparmor.d/lxc/, then reload the profiles (/etc/init.d/apparmor reload) and set lxc.aa_profile to the new profile's name. However note that blocking proc mounts was done for a very good reason and that by allowing this, you should consider this container as unsafe and not trust it to anyone you wouldn't trust to give root access to the host. -- Stéphane Graber Ubuntu developer http://www.ubuntu.com
signature.asc
Description: Digital signature
_______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
