On Mon, 2011-06-27 at 17:20 +0100, Justin Cormack wrote: > On Mon, 2011-06-27 at 18:05 +0200, Samuel Maftoul wrote: > > > > > I tried several ways to have the rootfs mounted RO. > > First I removed the lxc.rootfs from my config file and the tried: > > > > > > - lxc-start -n vm0 -o /tmp/lxc-vm0.log -l DEBUG -s > > "lxc.mount.entry=/ /var/lib/lxc/vm0/rootfs none ro,bind 0 0" > > > > > > Then I tried: > > > > > > - echo "/ /var/lib/lxc/vm0/rootfs none ro,bind 0 0" > > > /var/lib/lxc/vm0/fstab ; > > lxc-start -n vm0 -o /tmp/lxc-vm0.log -l DEBUG -s "lxc.mount > > = /var/lib/lxc/vm0/fstab" > > > > Finally I tried to boot with lxc.rootfs pointing to the same content, > > but on it's block device, mounted read-only > > The system starts, I have a console, but in the logs I get: > > lxc_conf - ignoring mount point '/var/lib/lxc/vm0/rootfs/lib' > > lxc_conf - ignoring mount point > > '/var/lib/lxc/vm0/rootfs/usr/lib' > > > > > > and of course, If I ls these directories, I have nothing inside.
> Bind mounting the root fs is fine, but it will not bind mount file > systems under this, so you will need to add these to your fstab too. It > looks like you have /lib and /usr/lib mounted on separate file systems > and need to bind mount these too? Bind mounts work but, iirc, there was (in the past) a problem that if the container did a remount, the remount would propagate to the parent device. That caused all sorts of headaches (and I know, I was suppose to retest that scenario ages ago and I haven't) like when a container remounted its rootfs ro during a shutdown it made partitions ro to the host. Very bad. This was also at the heart of the problem with shutdowns causing ptty failures for any subsequent connections an container starts (it made that fs ro). If you try to do this, you may have to prohibit mounts inside the containers to prohibit the remount problems. It would probably be a good idea to test it and see if the container can remount an ro mount point as rw and what the impact would be. > Justin Regards, Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
