[PLUG] lxc containers

plugng3 at martinconsulting.com plugng3 at martinconsulting.com
Wed Jan 18 18:15:01 UTC 2012


I'm playing with Linux lxc containers, and for the most part liking what I
see.   I'm hoping someone with more experience can verify my understanding
on two points:

1) In a conventional system, if I mount the same file system read/write on
two different mount points, I will most likely corrupt the file system.  I
gather however that the host system can manipulate the container's file
systems freely while the container is operating, even though both have it
mounted, because those container mounts don't really exist.  Can someone
confirm/deny/explain that?

2) The container needs a root file system in order to see all those
important files it needs day-to-day.  If I'm using the container for
security/isolation purposes, that rootfs is separate from the host's rootfs
(don't want them to see /etc/shadow, for example).  In the case that each
container has its own rootfs, don't I need to apply patches to all those
containers each time I patch the host or risk lots of obscure errors due to
the mismatch?

             -Brian Martin

-------------------------------------------
Brian P. Martin
Martin Consulting Services, Inc.
UNIX & Linux System Administration, Training, and Programming
Telephone:  503 617-4500
E-mail:     Brian at MartinConsulting.com
Web-site:   www.martinconsulting.com





More information about the PLUG mailing list