On Wed, Sep 15, 2010 at 6:25 PM, Serge E. Hallyn <serge.hal...@canonical.com> wrote: > Quoting Daniel Lezcano (daniel.lezc...@free.fr): >> However, I am curious to understand why a remount as read-only is >> propagated in all the system as we are running in our own mount >> namespace. I will ask to the kernel mailing list ... > > I haven't closely followed this thread, but I'd guess that his > root is mnt_shared. Can confirm by doing 'grep shared /proc/self/mountinfo' > Private mount namespace doesn't stop that. So if it doesn't already, lxc > should probably (optionally?) do a > > mount --make-rslave $lxc_root > > after creating it's tmpfs rootfs or pivot_rooting. > > (Or, I could be completely wrong :)
that sounds like a really good guess at least :-) i would agree, LXC should probably recursively mark all mounts as slaves when binding the host's /, and maybe have an option to _not_ do this, but imo it should be default, to protect the host. mount propagation is very useful in LXC environments (udev mounts/shared mounts/etc.), and in general; seems to be a relatively unknown option. C Anthony ------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
