On Mon, Jun 20, 2016 at 10:49:50AM -0500, Serge E. Hallyn wrote: > Can you try actually writing to a file in the rootfs? Since your > rootfs is a bind mount, there is no separate filesystem to make > ro. Rather, the bind mount should be made a ro mount without > changing the fs options. You create a separate rootfs (Look at > the -B option) if you want more separation.
For the ro part I guess it is due to the fact that a mount bind can't be done in RO mode directly ? So I followed your advice, and used the -B option which I didn't detect during my doc reading. I tried creating a rootfs using a loop device and it worked perfectly. I had issues with pivot root but I could bypass them using lxc.pivotdir option. I have now a ro rootfs.Thanks for your advice. I guess maybe it should be nice to precise in the documentation that lxc.rootfs.options is not compliant with the 'dir' backend. On CentOS, I couldn't create the rootfs using ext2/3/4 fs. I had to use XFS which was the only that worked. Do you have an idea about the root cause ? Regards, Olivier Bonhomme _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
