On 10/07/2013 07:06 AM, Daniel P. Berrange wrote: > From: "Daniel P. Berrange" <berrange@xxxxxxxxxx> > > Currently the lxcBasicMounts array has separate entries for > most mounts, to reflect that we must do a separate mount > operation to make mounts read-only. Remove the duplicate > entries and instead set the MS_RDONLY flag against the main > entry. Then change lxcContainerMountBasicFS to look for the > MS_RDONLY flag, mask it out & do a separate bind mount. > > Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx> > --- > src/lxc/lxc_container.c | 44 +++++++++++++++++++++++++++----------------- > 1 file changed, 27 insertions(+), 17 deletions(-) > > > + /* > + * We can't immediately set the MS_RDONLY flag when mounting filesystems > + * because (in at least some kernel versions) this will propagate back > + * to the original mount in the host OS, turning it readonly too. This > + * We mount the filesystem in read-write mode initially, and then do a > + * separate read-only bind mount on top of that. Botched comment. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list