Quoting Rob van der Hoeven (robvanderhoe...@ziggo.nl): > Hi, > > I want to use lxc-execute to isolate programs from the users data. For > this I created the following lxc configuration file: > > Name: /home/rob/lxctest/lxc02.conf > > Contents: > > lxc.utsname=lxc02 > lxc.mount.entry=/home/rob/lxctest/home /home none bind,defaults 0 0 > > The lxctest/home directory is empty and I expected that this would make > the home directory of the host inaccessible. To test this I used > lxc-execute to start bash: > > lxc-execute -n lxc02 -f ./lxc02.conf bash > > If I execute a ls command in this shell I can still see all files in > the /home/rob/lxctest directory (the directory from which I issued the > command). When I execute cd ~ I get the result I expected: > > bash: cd: /home/rob: No such file or directory > > So the lxc.mount.entry statement works but lxc-execute does not change > its working directory to a valid entry inside the containers filesystem. > It's a small problem, maybe i'm doing something wrong?
Not really. It is doing what you think it's doing. But I'm not sure how it should know to do anything better. If you specify a lxc.rootfs, then lxc will end up doing a chdir and pivot_root into the new /. But that will leave you in '/'. If you don't specify a lxc.rootfs, as you've done, then it just doesn't do that. So you stay in the directory you were in, even if that is no longer accessible from your new /. There is no option to specify which directory you want to end up in. Should we support one? Or should we just require that if userspace expects it's CWD to be different, it change it itself? Note a simple chdir('.') won't work... so we would probably have to store the getcwd() result before setting up mounts, then chdir to that (if possible) after. -serge ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users