[PLUG] lxc containers

Jason Bergstrom bergie at bergie.net
Wed Jan 18 21:57:14 UTC 2012


> I'm playing with Linux lxc containers, and for the most part liking what I
> see.   I'm hoping someone with more experience can verify my understanding
> on two points:
> 
> 1) In a conventional system, if I mount the same file system read/write on
> two different mount points, I will most likely corrupt the file system.  I
> gather however that the host system can manipulate the container's file
> systems freely while the container is operating, even though both have it
> mounted, because those container mounts don't really exist.  Can someone
> confirm/deny/explain that?
With LXC, the parent OS handles all filesystem activity on behalf of
the container (so consistency is covered).

> 2) The container needs a root file system in order to see all those
> important files it needs day-to-day.  If I'm using the container for
> security/isolation purposes, that rootfs is separate from the host's rootfs
> (don't want them to see /etc/shadow, for example).  In the case that each
> container has its own rootfs, don't I need to apply patches to all those
> containers each time I patch the host or risk lots of obscure errors due to
> the mismatch?
I think the answer is that you need to patch the container OS as well.
There may be a model where you share a read-only view of the parent OS's
/usr to the container, though that may have just been wishful thinking
based on the workings of Solaris containers.

Jason,
bergie at bergie.net

> 
>              -Brian Martin
> 
> -------------------------------------------
> Brian P. Martin
> Martin Consulting Services, Inc.
> UNIX & Linux System Administration, Training, and Programming
> Telephone:  503 617-4500
> E-mail:     Brian at MartinConsulting.com
> Web-site:   www.martinconsulting.com
> 
> 
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
> 



More information about the PLUG mailing list