Hi all, hi Serge, I was not able to create a seccomp config which works as intended. Admittedly I found no useful example and tried understanding the parser which I probably did not :-)
Here is my config: 2 blacklist [all] reject_force_unmount lxc-start --version 1.0.7 The containers are unprivileged. Best regards Björn -----Ursprüngliche Nachricht----- Von: Serge Hallyn [mailto:[email protected]] Gesendet: Freitag, 19. Februar 2016 02:47 An: LXC users mailing-list Betreff: Re: [lxc-users] lxc and encfs Quoting Mittelsdorf, Bjoern ([email protected]): > Hi all, > > I face a problem with encfs encrypted folders mounted into lxc containers. > > I have a public encfs folder, which is controlled and provided by the > host, > encrypted: /var/lxc-crypt > public: /var/lxc-data > > containing one directory for each container, e.g.: > /var/lxc-data/xyz > > Each container mounts his directory via its config: > > lxc.mount.entry = /var/lxc-data/xyz > /var/vm/xyz/rootfs/var/encryptedData none bind 0 0 > > Each time I shutdown one of the containers the host mount point for the > unencrypted data goes to waste, dragging the other container mount points > down with it: > > ls -ltr /var/ > ls: cannot access /var/lxc-data: Transport endpoint is not connected > total 56 > d????????? ? ? ? ? ? lxc-data > > I am aware of the fact that encfs is not the best choice but I would really > happily stick with it for the moment. > > As you can see, I have no clue what is going on. Do you have reject_force_umount in your seccomp policy? This is a known bug in fuse, and really all you can do is not allow your containers to force-umount fuse (and therefore sadly, all) filesystems. _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
