On Mon, Jun 20, 2016 at 09:51:11AM -0500, Serge E. Hallyn wrote: > Quoting Olivier BONHOMME ([email protected]): > > Hello, > > > > I'm trying to set up containers using LXC and i have question about how is > > mounted the rootfs. > > > > I would love to start my container with some specific mount options in > > order to > > increase a little bit the security reducing what it is possible to do > > directly > > on the ROOTFS. That's why, I would love to apply some restrictions on the / > > mountpoint like ro,nosuid,nodev,noexec. > > > > I tried using the lxc.rootfs.options without success. So I wonder to know > > if it > > lxc.rootfs.options is meant to work, fwiw. If you give more details about > your > setup (is the rootfs on a device or in a file, or just a directory; what is > the > whole config file; what host system do you have) someone should be able to > reproduce and hopefully fix the bug.
Hello Serge, Thanks for your quick answer. My entries are the following : - Host System CentOS 7 - LXC Version : 1.0.8 provided by EPEL - Template used : lxc-sshd In order to create the container I used the lxc-create command with the -t sshd parametrer. So the rootfs created is stored in a directory in the default directory /var/lib/lxc/<mycontainer>/rootfs. The config file used is the one automatically created by the sshd template. I just override the lxc.rootfs.options setting ro,noexec,nodev,nosuid. But when I do an lxc-attach / is mounted as rw in /proc/mounts. Regards, Olivier Bonhomme _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
