On Wed, 2011-07-20 at 07:10 -0500, Serge Hallyn wrote:
Quoting Michael H. Warfield (m...@wittsend.com):
[root@forest ~]# lxc-start --name Plover
lxc-start: Invalid argument - pivot_root syscall failed
sort of unrelated, but Rob Landley had mentioned he wanted to fix chroot
to prevent the
On Mon, Jul 18, 2011 at 7:36 AM, Serge E. Hallyn se...@hallyn.com wrote:
Quoting C Anthony Risinger (anth...@xtfx.me):
On Jul 15, 2011 12:01 PM, Michael H. Warfield m...@wittsend.com wrote:
Unfortunately, I also still find that if there's a -o remount,ro in the
halt/reboot script, it still
Quoting C Anthony Risinger (anth...@xtfx.me):
there it would seem. however, while i could *maybe* see the rootfs
being an unconditional slave, i would NOT want to see any lxc
default/enforcement preventing container - host propagation on a
globally recursive scale. im of the opinion that the
On Tue, 2011-07-19 at 13:34 -0500, Serge E. Hallyn wrote:
Quoting C Anthony Risinger (anth...@xtfx.me):
there it would seem. however, while i could *maybe* see the rootfs
being an unconditional slave, i would NOT want to see any lxc
default/enforcement preventing container - host
Quoting Michael H. Warfield (m...@wittsend.com):
On Tue, 2011-07-19 at 13:34 -0500, Serge E. Hallyn wrote:
Quoting C Anthony Risinger (anth...@xtfx.me):
there it would seem. however, while i could *maybe* see the rootfs
being an unconditional slave, i would NOT want to see any lxc
On Tue, 2011-07-19 at 16:50 -0400, Michael H. Warfield wrote:
On Tue, 2011-07-19 at 15:32 -0500, Serge E. Hallyn wrote:
Quoting Michael H. Warfield (m...@wittsend.com):
On Tue, 2011-07-19 at 13:34 -0500, Serge E. Hallyn wrote:
Quoting C Anthony Risinger (anth...@xtfx.me):
there
On Tue, Jul 19, 2011 at 4:17 PM, Michael H. Warfield m...@wittsend.com wrote:
On Tue, 2011-07-19 at 15:32 -0500, Serge E. Hallyn wrote:
Quoting Michael H. Warfield (m...@wittsend.com):
On Tue, 2011-07-19 at 13:34 -0500, Serge E. Hallyn wrote:
Quoting C Anthony Risinger (anth...@xtfx.me):
(sorry, just realized postfix has been messing up my email, hope this
comes through ok)
Quoting C Anthony Risinger (anth...@xtfx.me):
On Jul 15, 2011 12:01 PM, Michael H. Warfield m...@wittsend.com wrote:
Unfortunately, I also still find that if there's a -o remount,ro in the
halt/reboot
On Mon, 2011-07-04 at 22:16 +0200, Matto Fransen wrote:
Hi,
On Mon, Jun 27, 2011 at 06:05:13PM +0200, Samuel Maftoul wrote:
I'm searching for a solution to have a read only rootfs inside an LXC
container.
I have a webserver running this way :)
I created a container with the
On Jul 15, 2011 12:01 PM, Michael H. Warfield m...@wittsend.com wrote:
Unfortunately, I also still find that if there's a -o remount,ro in the
halt/reboot script, it still sets /dev/pts to ro and that still
propagates to the host and to the other containers triggering random
acts of terrorism
Hi,
Thanks all of you, I managed to make it work !
I understand there are some security concerns, and Matto, you're pointing to
a very interesting detail, dropping capability is really what I want !
Thanks
--
Samuel
On Mon, Jul 4, 2011 at 10:16 PM, Matto Fransen ma...@matto.nl wrote:
Hi,
On
Hi,
On Mon, Jun 27, 2011 at 06:05:13PM +0200, Samuel Maftoul wrote:
I'm searching for a solution to have a read only rootfs inside an LXC
container.
I have a webserver running this way :)
I created a container with the busybox template, this container works.
As soon as I try to mount it
On Mon, 2011-06-27 at 18:05 +0200, Samuel Maftoul wrote:
I tried several ways to have the rootfs mounted RO.
First I removed the lxc.rootfs from my config file and the tried:
- lxc-start -n vm0 -o /tmp/lxc-vm0.log -l DEBUG -s
lxc.mount.entry=/ /var/lib/lxc/vm0/rootfs none ro,bind 0 0
On Mon, 2011-06-27 at 17:20 +0100, Justin Cormack wrote:
On Mon, 2011-06-27 at 18:05 +0200, Samuel Maftoul wrote:
I tried several ways to have the rootfs mounted RO.
First I removed the lxc.rootfs from my config file and the tried:
- lxc-start -n vm0 -o /tmp/lxc-vm0.log -l DEBUG
On Mon, 2011-06-27 at 12:33 -0500, C Anthony Risinger wrote:
On Mon, Jun 27, 2011 at 12:06 PM, Michael H. Warfield m...@wittsend.com
wrote:
On Mon, 2011-06-27 at 17:20 +0100, Justin Cormack wrote:
On Mon, 2011-06-27 at 18:05 +0200, Samuel Maftoul wrote:
I tried several ways to have
15 matches
Mail list logo
