On Fri, Sep 23, 2022 at 3:06 PM Guillaume Abrioux <gabrioux@xxxxxxxxxx> wrote:
>
> Hi Chris,
>
> On Fri, 23 Sept 2022 at 05:59, Chris Dunlop <chris@xxxxxxxxxxxx> wrote:
>>
>>
>> If the ceph containers really do need access to the entire host
>> filesystem, perhaps it would be better to do a "slave" mount,
>
>
> Yes, I think a mount with 'slave' propagation should fix your issue.
> I plan to do some tests next week and work on a patch.
Hi Guillaume,
I wanted to share an observation that there seem to be two cases here:
actual containers (e.g. an OSD container) and "cephadm shell" which is
technically also a container but may be regarded by users as a shell
("window") with some binaries and configuration files injected into it.
For the former, a unidirectional propagation such that when something
is unmounted on the host it is also unmounted in the container is all
that is needed. However, for the latter, a bidirectional propagation
such that when something is mounted in this shell it is also mounted on
the host (and therefore in all other windows) seems desirable.
What do you think about going with MS_SLAVE for the former and MS_SHARED
for the latter?
Thanks,
Ilya
