Thanks for bringing up this bug.
Note there are other workarounds. One is to use apparmor, but the LSM
hooks for libvirt-lxc are still under development. Another is to use
the root filesystem to host the libvirt container directories, instead
of using a separate partition.
The one we used first in liblxc is to simply hold open a file next to
the container's root file system for the duration of the container run.
So long as any one file is held open on the filesystem, the 'mount -o
remount,ro /' in the container will simply fail. That is the same
reason why your /srv is only sometimes remounted - it is only remounted
when no other containers are running.
The real solution to this bug will be to either implement an apparmor
policy preventing this, or to do a fix as in liblxc holding open a file.
But as a workaround, you can simply run a program on your server, even
started in upstart if you like, which holdes open a file /srv/hold and
runs forever (until killed at shutdown).
** Changed in: libvirt (Ubuntu)
Status: New => Triaged
** Changed in: libvirt (Ubuntu)
Importance: Undecided => Low
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1008393
Title:
The LXC container propagate the ro remount to the host mount point
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1008393/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
