On 10/07/2013 07:06 AM, Daniel P. Berrange wrote: > From: "Daniel P. Berrange" <berra...@redhat.com> > > Currently the lxcBasicMounts array has separate entries for > most mounts, to reflect that we must do a separate mount > operation to make mounts read-only. Remove the duplicate > entries and instead set the MS_RDONLY flag against the main > entry. Then change lxcContainerMountBasicFS to look for the > MS_RDONLY flag, mask it out & do a separate bind mount. > > Signed-off-by: Daniel P. Berrange <berra...@redhat.com> > --- > src/lxc/lxc_container.c | 44 +++++++++++++++++++++++++++----------------- > 1 file changed, 27 insertions(+), 17 deletions(-) > > > + /* > + * We can't immediately set the MS_RDONLY flag when mounting > filesystems > + * because (in at least some kernel versions) this will propagate > back > + * to the original mount in the host OS, turning it readonly too. > This > + * We mount the filesystem in read-write mode initially, and then do > a > + * separate read-only bind mount on top of that.
Botched comment. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
