Sujet : Injecting Filesystem Mounts Into A Container
De : ldo (at) *nospam* nz.invalid (Lawrence D'Oliveiro)
Groupes : comp.os.linux.miscDate : 23. Dec 2024, 01:54:33
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <vkacc9$s7a2$1@dont-email.me>
User-Agent : Pan/0.161 (Chasiv Yar; )
I’ve been messing around with setting up simple containers using LXC.
Then I wanted to know: how do I add my home directory (readonly) into
a container so I can install software from there? The only way I could
find was: 1) stop the container 2) modify the config to add a mount
entry for the new directory, and 3) restart the container.
Surely there has to be a way to do a mount across namespaces? But no:
you can enter the container’s filesystem namespace, but once there,
you cannot see the directory you want to make visible in there. There
is no option, in the bind-mount function, to specify separate
namespaces for the source and destination directories.
Then it turns out the LXD folks had been thinking about this exact
same problem
<
https://people.kernel.org/brauner/mounting-into-mount-namespaces>.
They initially came up with a mechanism they called “mount namespace
tunnels”, specifically to allow this sort of operation.
LXC is of course much more basic than LXD. But that blog post has
given me some ideas about possible ways to do it without having some
special mechanism set up beforehand.
But it turns out, the Linux kernel itself has added a much more
advanced filesystem-mount API, which can be used to do this kind of
thing. Oddly, the man pages for these additional system calls are
missing from the current version of Debian. But they can be found
online. The calls themselves are defined in <sys/mount.h>.
Injecting Filesystem Mounts Into A Container
Re: Injecting Filesystem Mounts Into A Container