On Tue, 2011-07-19 at 16:50 -0400, Michael H. Warfield wrote: > On Tue, 2011-07-19 at 15:32 -0500, Serge E. Hallyn wrote: > > Quoting Michael H. Warfield ([email protected]): > > > On Tue, 2011-07-19 at 13:34 -0500, Serge E. Hallyn wrote: > > > > Quoting C Anthony Risinger ([email protected]): > > > > > there it would seem. however, while i could *maybe* see the rootfs > > > > > being an unconditional slave, i would NOT want to see any lxc > > > > > default/enforcement preventing container -> host propagation on a > > > > > globally recursive scale. im of the opinion that the implementor > > > > > should decide the best tactic ... especially in light of the fact the > > > > > one distro may not even have the same problems as say > > > > > ubutnu/fedora/etc because they keep mount points private by default. > > > > > > > Good point. (I don't see it on ubuntu either fwiw) Perhaps there > > > > should be a toggle in the per-container config file? > > > > > > Quick question. > > > > > > Is there any way to test for these flags (SHARED, PRIVATE, SLAVE)? I > > > don't see them showing up anywhere from mount, in proc mounts or > > > mountstats. How do you check to see if they are set? > > > /proc/self/mountinfo is supposed to tell that. i.e. if you do > > a --make-shared on /mnt, it'll show 'shared' next to the /mnt entry. > > (I say 'is supposed to' bc --make-rslave just shows nothing, but > > maybe that's bc the way i did it it wasn't a slave to anything, > > so it was actually private) > > Ok... This may be telling us something. What?
Oh, meant to include the info on / on each, sorry... > On the host Forest: 22 1 8:5 / / rw,relatime - ext4 /dev/sda5 rw,barrier=1,data=ordered > [root@forest ~]# cat /proc/self/mountinfo | grep export > 50 22 8:18 / /export rw,relatime - ext4 /dev/sdb2 rw,barrier=1,data=ordered > [root@forest ~]# mount --make-shared /export > [root@forest ~]# cat /proc/self/mountinfo | grep export > 50 22 8:18 / /export rw,relatime shared:1 - ext4 /dev/sdb2 > rw,barrier=1,data=ordered > [root@forest ~]# mount --make-slave /export > [root@forest ~]# cat /proc/self/mountinfo | grep export > 50 22 8:18 / /export rw,relatime - ext4 /dev/sdb2 rw,barrier=1,data=ordered > [root@forest ~]# mount --make-private /export > [root@forest ~]# cat /proc/self/mountinfo | grep export > 50 22 8:18 / /export rw,relatime - ext4 /dev/sdb2 rw,barrier=1,data=ordered > So, shared looks like it worked and the other two didn't? Does > something have to be done to enable them? > You say "maybe that's bc the way i did it it wasn't a slave to anything" > meaning we're missing a step. What's the missing step. > On the guest Alcove (with your patch to add MS_REC | MS_SLAVE): 105 55 8:17 /lxc/private/Alcove / rw,relatime - ext4 /dev/sdb1 rw,barrier=1,data=ordered > [root@alcove mhw]# cat /proc/self/mountinfo | grep devpts > 107 105 0:10 /6 /dev/console rw,relatime - devpts devpts > rw,mode=600,ptmxmode=666 > 108 105 0:10 /0 /dev/tty1 rw,relatime - devpts devpts rw,mode=600,ptmxmode=666 > 109 105 0:10 /1 /dev/tty2 rw,relatime - devpts devpts rw,mode=600,ptmxmode=666 > 110 105 0:10 /2 /dev/tty3 rw,relatime - devpts devpts rw,mode=600,ptmxmode=666 > 111 105 0:10 /3 /dev/tty4 rw,relatime - devpts devpts rw,mode=600,ptmxmode=666 > 112 105 0:10 /4 /dev/tty5 rw,relatime - devpts devpts rw,mode=600,ptmxmode=666 > 113 105 0:10 /5 /dev/tty6 rw,relatime - devpts devpts rw,mode=600,ptmxmode=666 > 56 105 0:44 / /dev/pts rw,relatime - devpts devpts rw,mode=600,ptmxmode=666 > 64 56 0:10 / /dev/pts rw,relatime - devpts devpts rw,mode=600,ptmxmode=666 > I'd say that's not good. > > Regards, > Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | [email protected] /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Magic Quadrant for Content-Aware Data Loss Prevention Research study explores the data loss prevention market. Includes in-depth analysis on the changes within the DLP market, and the criteria used to evaluate the strengths and weaknesses of these DLP solutions. http://www.accelacomm.com/jaw/sfnl/114/51385063/
_______________________________________________ Lxc-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/lxc-users
