On 06/22/2010 07:25 AM, John Brendler wrote: > lxc fails to make read-only bind mounts as documented. Read-only bind > mounts are important to many use cases. > > A simple patch has been submitted to the lxc-devel mailing list (by > Ciprian Dorin), but when I last checked, it was not clear if any action > had been taken on it. It is clear, however, that the bug still > exists in release 0.7.0. > > I have tested the patch, and it fixes the problem in both 0.6.5 and > 0.7.0. I have been using it for a couple months. > > This is where the patch was submitted to the lxc-devel list.- > http://sourceforge.net/mailarchive/forum.php?thread_name=4B9E0AE0.9000100%40free.fr&forum_name=lxc-devel > > I think this patch should be implemented (when it is convenient > to do so). This is a significant loss of functionality that effects the > security of a security-oriented application. > > So I am posting so that others know the patch exists and also to see > what should be done to get this included in the next release. > > > Details: ------------------------------------------------------------- > > In short, a line like this in a container's configuration file should > have the effect of bind-mounting the file (e.g. /sbin directory below) > within the container and making it *read-only*: > > lxc.mount.entry = /sbin /lxc/container07/sbin none ro,bind 0 0 > > Or in a fstab-formatted file referred to by a "lxc.mount" entry in the > config file, it would simply be: > > /sbin /lxc/container07/sbin none ro,bind 0 0 > > Unfortunately, it doesn't work. It bind-mounts, but gives a little > warning that it "appears to mounted read-write". This is easily > confirmed by writing and deleting files in the filesystems that should > have been mounted read-only. > > This is unforunate, considering the whole point of these tools is secure > compartmentalization. > > Normally, a read-only bind mount requires two steps: > > mount -o bind /sbin /lxc/container07/sbin > mount -o remount,ro /lxc/container07/sbin > > So, one may work around this bug by executing a script (after starting > the container) to carry out that second step, remounting the appropriate > things in read-only mode. But this shouldn't be necessary, since > handling read-only bind-mounts are an intended feature of the lxc tools. > > The patch is very simple and does seem to fix the problem nicely. > Barring regressions I may not be aware of, I, for one, would like to see > it implemented. > > I am using it as a means to re-use the host operating system's files, in > read-only bind-mounts, with exceptions overlaid on top of them (rather > than having to maintain an additional and separate "guest operating > system" filesystem). With the patch, this seems to work quite well.
John, I merged the Ciprian's patch and released the 0.7.1 with it. Thanks for pointing the problem. -- Daniel ------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users