Quoting GC ([email protected]): > Hello, > > I want to selectively mount parts of sys and proc rw, but the rest > ro. I thought I might be able to e.g., mount /sys ro (in the > container), and mount /.sys rw (in the container), then bind mount > bits from /.sys to /sys, and finally hide the rw /.sys by mounting > another directory on top of it, like: > > lxc.mount.entry = sysfs sys sysfs ro 0 0 > lxc.mount.entry = sysfs .sys sysfs rw 0 0 # (dot)sys > > lxc.mount.entry = /var/lib/lxc/container/.sys/module/ipv6 > sys/module/ipv6 none defaults,bind 0 0 > # or alternatively (also doesn't work) this instead of line above > #lxc.mount.entry = .sys/module/ipv6 sys/module/ipv6 none defaults,bind 0 0 > > lxc.mount.entry = /var/lib/lxc/dummy_mount .sys none ro,bind 0 0 > > > The part where I try to perform the bind mount of the read/write > .sys/module/ipv6 (in the container) on top of the read only > sys/module/ipv6 (in the container) fails. Is there a way to get > this to work?
Wouldn't it be simpler to simply bind mount /sys ro from the host, then bind-mount /sys/module/ipv6 from the host rw into the container? I assume your container won't have cap_sys_admin to prevent remounting? -serge _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
