On 06/22/2010 04:36 PM, Ferenc Wagner wrote: > Daniel Lezcano<[email protected]> writes: > > >> On 06/22/2010 07:25 AM, John Brendler wrote: >> >> >>> lxc fails to make read-only bind mounts as documented. Read-only bind >>> mounts are important to many use cases. >>> >> You are right, it is an important feature, I forgot to take the patch. >> > Btw. they make most sense if root in the container can not remount,rw it > again. I suppose it's so, but where is this documented? > I am not sure it is possible. Maybe if the container is configured only by lxc, we can drop CAP_SYS_ADMIN, so any root process won't be able to mount / remount anything, no ?
------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo _______________________________________________ Lxc-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/lxc-users
