Hi,
I'm submitting a patch to auroot (as shipped with Ubuntu 11.10, appears
the same as in git). I had a lot of trouble understanding where the
overlapping branch was in the provided script. I'm guessing an old
version of aufs did not fully check bind mounts and so the script used
to work.
There are only two basic changes:
1) A temporary directory is mounted using tmpfs, so there are no
overlapping branches.
2) The read-only bind out is removed. Presumably, this was a hack
around the old overlap check and is also unnecessary, as aufs will cover
this mount with a rw mount.
Thanks,
Jayen
--- /usr/share/doc/aufs-tools/examples/auroot/auroot 2011-08-28
08:01:59.000000000 +1000
+++ bin/auroot 2012-04-11 20:46:33.982972582 +1000
@@ -33,7 +33,8 @@
EOF
dir="$1"
-mkdir -p "$dir" $tmp.rw $tmp.ro
+mkdir -p "$dir" "$tmp"
+mount -t tmpfs none "$tmp"
# a sample for generic mount
#mount -o ro,rbind / $tmp.ro
@@ -45,22 +46,20 @@
{
mntpnt="$1"
name="$2"
- rw="$tmp.rw.$name"
- ro="$tmp.ro.$name"
+ rw="$tmp/rw.$name"
- mkdir -p "$rw" "$ro"
- mount -o ro,bind "$mntpnt" "$ro"
- mount -t aufs -o br:"$rw":"$ro" aufs "$dir$mntpnt"
+ mkdir -p "$rw"
+ mount -t aufs -o br:"$rw":"$mntpnt"=ro aufs "$dir$mntpnt"
}
f / root
------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
