Hi Ash, Great to have you resurrect the bind mounting optimization - that's great: https://gerrit.libreoffice.org/c/online/+/92829 I'd really like to reduce the number of bind-mounts though per jail, ideally to just two. Currently we have 6 mount points for: /etc, /lib, /lib64, /var, /usr and /lo. AFAICS these are all from the template except for 'lo' - so we could/should be able to do: mount -o bind systemplate jail-root mount -o bind /path/to/lo -> jail-root/lo mount -o bind /path/to-jail-data -> jail-root/tmp Hopefully that would work nicely. Interestingly the kernel gives us some other nice tools here cf. https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt If we turn our systemplate into a mount-point (look away this is grim): mount -o bind systemplate systemplate-shared Now systemplate-shared is a mount-point: what a win ;-) so now we can do: mount --make-shared systemplate-shared This sets a magic flag such that re-mounting systemplate-shared will share any sub-mounts it has. So we can do this setup as a one-off at startup: mount -o bind systemplate systemplate-shared mount --make-shared systemplate-shared mount -o bind /path/to/lo systemplate-shared/lo And now we can get down to two mounts per jail: mount -o bind systemplate-shared jail-root mkdir writeable-tmp mount -o bind writable-temp jail-root/tmp And - assuming we can get $HOME into /tmp and wherever else we want to write to (IIRC we do somethings of this kind already) - then we're done. Crazy ? ;-) Of course as a quicker hack to get something in for now we could just use bind mounting in the 1st pass for /usr and for /lo - and copy the (much smaller) /etc /lib /lib64 in instead of binding with the current approach. Of course, my thesis that very large numbers of mounts will make the kernel slow anyway ;-) is perhaps obsolete eg. https://github.com/torvalds/linux/commit/d29216842a85 has a nice curio ;-) Thoughts ? Michael. -- michael.meeks@xxxxxxxxxxxxx <><, GM Collabora Productivity Hangout: mejmeeks@xxxxxxxxx, Skype: mmeeks (M) +44 7795 666 147 - timezone usually UK / Europe _______________________________________________ LibreOffice mailing list LibreOffice@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/libreoffice
online jail / bind mounting ...
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: online jail / bind mounting ...
- From: Michael Meeks <michael.meeks@xxxxxxxxxxxxx>
- Date: Tue, 28 Apr 2020 11:32:23 +0100
- Cc: libreoffice-dev <libreoffice@xxxxxxxxxxxxxxxxxxxxx>
- Openpgp: preference=signencrypt
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0 Thunderbird/60.8.0
- Prev by Date: Re: Question about localized functions parsing in multiple words in Base
- Next by Date: Re: Question about localized functions parsing in multiple words in Base
- Previous by thread: syntactic similarity function
- Next by thread: About LO and ODBC
- Index(es):
 |