Quoting Stuart Yoder (b08...@gmail.com):
> In the lxc.conf man page it says:
>
> The linux containers (lxc) are always created before being used. This
> creation defines a set of system resources to be virtualized / isolated
> when a process is using the container. By default, the pids, sysv ipc
> and mount points are virtualized and isolated.
>
> What does the mount point isolation really mean?
>
> If I do:
> lxc-execute -n foo /bin/bash
>
> In the container, which I assume has default isolation, I don't see any
> mount point isolation. I can still see all normal mount points from
> the host rootfs. So, trying to understand specifically what is mean
> by the statement about default isolation of mount points.
You get a copy of the original mounts namespace. However the host won't
see mount activity done in the container (unless you play games with
mounts propagation).
If after
lxc-execute -n foo /bin/bash
you do
mount --bind /proc /mnt
then from a terminal on the host you won't see /proc under /mnt.
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
