From: Kyle Hayes (
Date: Wed Oct 24 2001 - 13:28:34 EDT

On Tuesday 23 October 2001 18:47, Chris Wright wrote:
> > One minor nitpick, 'vserver <foo> build' could use 'mount --bind'
> > on the 2.4 kernels; this would save both disk space and memory use,
> > and 'mount --bind' also accepts options like read only mounts so
> > root inside the vservers cannot mess with the files.
> mount --bind does not honor mount flags, must remount to change
> flags. also, readonly is per superblock, so you can't have something
> that is writable in one mount and readonly in another, fwiw.

Hmm, it would sure be nice if the readonly flag was associated with the mount
point in some manner rather than the superblock. That would let me do things
like leave all of /usr etc. as is, but mount it readonly in the vserver
directory. Then, I could use the normal RPM or other package tools to change
and update the stuff in /usr, but the vserver couldn't overwrite or change
anything itself. Wasn't there something on the kernel list about this kind
of change to the inner workings of mount a while back? Am I just not
remembering this correctly?

This vserver thing looks very nice. It may be the solution to some problems
we were having with a chroot-based design. It was getting rather hard to
lock down access to the outside world in a controlled way.


