On Mon, 2011-06-27 at 12:33 -0500, C Anthony Risinger wrote: > On Mon, Jun 27, 2011 at 12:06 PM, Michael H. Warfield <m...@wittsend.com> > wrote: > > On Mon, 2011-06-27 at 17:20 +0100, Justin Cormack wrote: > >> On Mon, 2011-06-27 at 18:05 +0200, Samuel Maftoul wrote: > >> > >> > > >> > I tried several ways to have the rootfs mounted RO. > >> > First I removed the lxc.rootfs from my config file and the tried: > >> > > >> > > >> > - lxc-start -n vm0 -o /tmp/lxc-vm0.log -l DEBUG -s > >> > "lxc.mount.entry=/ /var/lib/lxc/vm0/rootfs none ro,bind 0 0" > >> > > >> > > >> > Then I tried: > >> > > >> > > >> > - echo "/ /var/lib/lxc/vm0/rootfs none ro,bind 0 0" > >> > > /var/lib/lxc/vm0/fstab ; > >> > lxc-start -n vm0 -o /tmp/lxc-vm0.log -l DEBUG -s "lxc.mount > >> > = /var/lib/lxc/vm0/fstab" > >> > > >> > Finally I tried to boot with lxc.rootfs pointing to the same content, > >> > but on it's block device, mounted read-only > >> > The system starts, I have a console, but in the logs I get: > >> > lxc_conf - ignoring mount point '/var/lib/lxc/vm0/rootfs/lib' > >> > lxc_conf - ignoring mount point > >> > '/var/lib/lxc/vm0/rootfs/usr/lib' > >> > > >> > > >> > and of course, If I ls these directories, I have nothing inside. > > > >> Bind mounting the root fs is fine, but it will not bind mount file > >> systems under this, so you will need to add these to your fstab too. It > >> looks like you have /lib and /usr/lib mounted on separate file systems > >> and need to bind mount these too? > > > > Bind mounts work but, iirc, there was (in the past) a problem that if > > the container did a remount, the remount would propagate to the parent > > device. That caused all sorts of headaches (and I know, I was suppose > > to retest that scenario ages ago and I haven't) like when a container > > remounted its rootfs ro during a shutdown it made partitions ro to the > > host. Very bad. This was also at the heart of the problem with > > shutdowns causing ptty failures for any subsequent connections an > > container starts (it made that fs ro). If you try to do this, you may > > have to prohibit mounts inside the containers to prohibit the remount > > problems. It would probably be a good idea to test it and see if the > > container can remount an ro mount point as rw and what the impact would > > be.
> does this happen when the container rootfs is marked as a > slave/private mount? slaves et al should not propagate changes to the > master/host. That's exactly the thing that needs to be tested. I don't know at this point but I do know at one point it did not work properly and it did propagate. Regards, Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users