On Thu, Aug 16, 2012 at 4:36 PM, Serge Hallyn <serge.hal...@canonical.com> wrote: > Quoting Stuart Yoder (b08...@gmail.com): >> In the lxc.conf man page it says: >> >> The linux containers (lxc) are always created before being used. This >> creation defines a set of system resources to be virtualized / isolated >> when a process is using the container. By default, the pids, sysv ipc >> and mount points are virtualized and isolated. >> >> What does the mount point isolation really mean? >> >> If I do: >> lxc-execute -n foo /bin/bash >> >> In the container, which I assume has default isolation, I don't see any >> mount point isolation. I can still see all normal mount points from >> the host rootfs. So, trying to understand specifically what is mean >> by the statement about default isolation of mount points. > > You get a copy of the original mounts namespace. However the host won't > see mount activity done in the container (unless you play games with > mounts propagation). > > If after > > lxc-execute -n foo /bin/bash > > you do > > mount --bind /proc /mnt > > then from a terminal on the host you won't see /proc under /mnt.
Ok, I see now. Thanks! ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
