There are also cases where you’d want to bind-mount a host dir into a shifted container and have that be writeable, not just to an overlay. — On January 17, 2020 at 1:19 PM, Tycho Andersen wrote: > Please, no. mount() failures are already hard to reason about, I would > rather not add another temporary (or worse, permanent) non-obvious > failure mode. > > What if we make shifted bind mounts always readonly? That will force > people to use an overlay (or something else) on top, but they probably > want to do that anyway so they can avoid tainting the original > container image with writes. > > It's not just the cool factor: if you're doing this, it's presumably > because you want to use it with a container in a user namespace. > Specifying the same parameters twice leaves room for error, causing > CVEs and more work. > > Tycho > _______________________________________________ > Containers mailing list > Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx (mailto:Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx) > lists.linuxfoundation.org/mailman/listinfo/containers (https://lists.linuxfoundation.org/mailman/listinfo/containers) > > > > _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
