Hi !
I'm searching for a solution to have a read only rootfs inside an LXC
container.
I created a container with the busybox template, this container works.
As soon as I try to mount it read only I have this message in the logs:
"lxc_console - no rootfs, no console."
I tried several ways to have the rootfs mounted RO.
First I removed the lxc.rootfs from my config file and the tried:
- lxc-start -n vm0 -o /tmp/lxc-vm0.log -l DEBUG -s "lxc.mount.entry=/
/var/lib/lxc/vm0/rootfs none ro,bind 0 0"
Then I tried:
- echo "/ /var/lib/lxc/vm0/rootfs none ro,bind 0 0" > /var/lib/lxc/vm0/fstab
;
lxc-start -n vm0 -o /tmp/lxc-vm0.log -l DEBUG -s "lxc.mount =
/var/lib/lxc/vm0/fstab"
Finally I tried to boot with lxc.rootfs pointing to the same content, but on
it's block device, mounted read-only
The system starts, I have a console, but in the logs I get:
lxc_conf - ignoring mount point '/var/lib/lxc/vm0/rootfs/lib'
lxc_conf - ignoring mount point '/var/lib/lxc/vm0/rootfs/usr/lib'
and of course, If I ls these directories, I have nothing inside.
I surely can fill the content of /lib and /usr/lib in my rootfs, but anyway,
I need my containers to have a /home or/and a /var/tmp.
Have anyone experienced with LXC rootfs mounted read-only and having
writeable dirs mounted inside the container ? Is there a way to do it ?
Thanks
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
