> I'm playing with Linux lxc containers, and for the most part liking what I > see. I'm hoping someone with more experience can verify my understanding > on two points: > > 1) In a conventional system, if I mount the same file system read/write on > two different mount points, I will most likely corrupt the file system. I > gather however that the host system can manipulate the container's file > systems freely while the container is operating, even though both have it > mounted, because those container mounts don't really exist. Can someone > confirm/deny/explain that? With LXC, the parent OS handles all filesystem activity on behalf of the container (so consistency is covered).
> 2) The container needs a root file system in order to see all those > important files it needs day-to-day. If I'm using the container for > security/isolation purposes, that rootfs is separate from the host's rootfs > (don't want them to see /etc/shadow, for example). In the case that each > container has its own rootfs, don't I need to apply patches to all those > containers each time I patch the host or risk lots of obscure errors due to > the mismatch? I think the answer is that you need to patch the container OS as well. There may be a model where you share a read-only view of the parent OS's /usr to the container, though that may have just been wishful thinking based on the workings of Solaris containers. Jason, [email protected] > > -Brian Martin > > ------------------------------------------- > Brian P. Martin > Martin Consulting Services, Inc. > UNIX & Linux System Administration, Training, and Programming > Telephone: 503 617-4500 > E-mail: [email protected] > Web-site: www.martinconsulting.com > > > _______________________________________________ > PLUG mailing list > [email protected] > http://lists.pdxlinux.org/mailman/listinfo/plug > _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
