[Bug 1043052] [NEW] [FFE] add pre-mount container startup hook

Serge Hallyn 1043052 at bugs.launchpad.net
Wed Aug 29 02:38:36 UTC 2012


Public bug reported:

It is possible to use an ecryptfs backing store for a container's
rootfs.  Advantages include the inability of unprivileged processes to
see the container's file contents, and, if the host is a cloud instance,
confidence that when disk space is recycled for a new instance,
container data will be scrambled.

To do this right, the container rootfs should be mounted in the
container's namespace (so after clone(2)) and before its rootfs is
mounted.  That requires a new hook, 'pre-start'.

This hook is trivial to add.  The patch to add it will be attached to
this bug for the release team's review.

** Affects: lxc (Ubuntu)
     Importance: Medium
         Status: New

** Changed in: lxc (Ubuntu)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1043052

Title:
  [FFE] add pre-mount container startup hook

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1043052/+subscriptions



More information about the Ubuntu-server-bugs mailing list