Rocksolid Light

News from da outaworlds

mail  files  register  groups  login

Message-ID:  

BOFH excuse #47: Complete Transient Lockout

comp / comp.os.linux.misc / Re: Injecting Filesystem Mounts Into A Container

SubjectAuthor
* Injecting Filesystem Mounts Into A ContainerLawrence D'Oliveiro
+* Re: Injecting Filesystem Mounts Into A ContainerAndy Burns
|`- Re: Injecting Filesystem Mounts Into A ContainerD
`- Re: Injecting Filesystem Mounts Into A ContainerPancho

1
Subject: Injecting Filesystem Mounts Into A Container
From: Lawrence D'Oliv
Newsgroups: comp.os.linux.misc
Organization: A noiseless patient Spider
Date: Mon, 23 Dec 2024 00:54 UTC
Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: ldo@nz.invalid (Lawrence D'Oliveiro)
Newsgroups: comp.os.linux.misc
Subject: Injecting Filesystem Mounts Into A Container
Date: Mon, 23 Dec 2024 00:54:33 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 27
Message-ID: <vkacc9$s7a2$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Mon, 23 Dec 2024 01:54:33 +0100 (CET)
Injection-Info: dont-email.me; posting-host="87876a170c37f77beaf097aca304cfa7";
logging-data="924994"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/AgsWTAlMIXKBrRA//6qkI"
User-Agent: Pan/0.161 (Chasiv Yar; )
Cancel-Lock: sha1:3/UaqSYA1yabBH94zDhHj926Frk=
View all headers

I’ve been messing around with setting up simple containers using LXC.
Then I wanted to know: how do I add my home directory (readonly) into
a container so I can install software from there? The only way I could
find was: 1) stop the container 2) modify the config to add a mount
entry for the new directory, and 3) restart the container.

Surely there has to be a way to do a mount across namespaces? But no:
you can enter the container’s filesystem namespace, but once there,
you cannot see the directory you want to make visible in there. There
is no option, in the bind-mount function, to specify separate
namespaces for the source and destination directories.

Then it turns out the LXD folks had been thinking about this exact
same problem
<https://people.kernel.org/brauner/mounting-into-mount-namespaces>.
They initially came up with a mechanism they called “mount namespace
tunnels”, specifically to allow this sort of operation.

LXC is of course much more basic than LXD. But that blog post has
given me some ideas about possible ways to do it without having some
special mechanism set up beforehand.

But it turns out, the Linux kernel itself has added a much more
advanced filesystem-mount API, which can be used to do this kind of
thing. Oddly, the man pages for these additional system calls are
missing from the current version of Debian. But they can be found
online. The calls themselves are defined in <sys/mount.h>.

Subject: Re: Injecting Filesystem Mounts Into A Container
From: Andy Burns
Newsgroups: comp.os.linux.misc
Date: Mon, 23 Dec 2024 09:38 UTC
References: 1
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: usenet@andyburns.uk (Andy Burns)
Newsgroups: comp.os.linux.misc
Subject: Re: Injecting Filesystem Mounts Into A Container
Date: Mon, 23 Dec 2024 09:38:34 +0000
Lines: 7
Message-ID: <lsspctFfr3tU1@mid.individual.net>
References: <vkacc9$s7a2$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: individual.net wfCOg/qzXOOylbX0dcfwKguxGAr0eJ5HfKx8eOKkunN8euO2e/
Cancel-Lock: sha1:9KNLwlAbaDjoz6ceiQ3WtvNzwBg= sha256:VbYojRWK1hZy8JdJANetvFZi+czH09n3tucP6LBafCA=
User-Agent: Mozilla Thunderbird
Content-Language: en-GB
In-Reply-To: <vkacc9$s7a2$1@dont-email.me>
View all headers

Lawrence D'Oliveiro wrote:

> how do I add my home directory (readonly) into
> a container so I can install software from there?

fish:// or sshfs ?

Subject: Re: Injecting Filesystem Mounts Into A Container
From: Pancho
Newsgroups: comp.os.linux.misc
Organization: A noiseless patient Spider
Date: Mon, 23 Dec 2024 10:24 UTC
References: 1
Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: Pancho.Jones@proton.me (Pancho)
Newsgroups: comp.os.linux.misc
Subject: Re: Injecting Filesystem Mounts Into A Container
Date: Mon, 23 Dec 2024 10:24:49 +0000
Organization: A noiseless patient Spider
Lines: 33
Message-ID: <vkbdpj$15i3v$1@dont-email.me>
References: <vkacc9$s7a2$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Mon, 23 Dec 2024 11:24:51 +0100 (CET)
Injection-Info: dont-email.me; posting-host="908a9f02dcf040fe35c8ac47354fd488";
logging-data="1230975"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18SR0hc7DrnQOWhOJBM4X4yQVi22PtDb9Y="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:7WFOOYK9WwRyZh5+ryH35BGHmHg=
Content-Language: en-GB
In-Reply-To: <vkacc9$s7a2$1@dont-email.me>
View all headers

On 12/23/24 00:54, Lawrence D'Oliveiro wrote:
> I’ve been messing around with setting up simple containers using LXC.
> Then I wanted to know: how do I add my home directory (readonly) into
> a container so I can install software from there? The only way I could
> find was: 1) stop the container 2) modify the config to add a mount
> entry for the new directory, and 3) restart the container.
>

I don't know LCX, but in Docker containers the idea is that you have
script/config files to specify the container, and you start from those,
as opposed to setting up your environment, iteratively, in a long lived
container that is persisted between sessions. In effect the development
cycle is that you make iterative changes to the container definition
files and restart for every change.

It is a slightly different way of thinking, but starting and stopping
containers is normally quick and having scripted provisioning is a huge
advantage in that it becomes much easier to understand/test/reproduce
any container environment. Professionally, I have wasted so much time,
understanding environment differences, changes that are made and
forgotten. I loved having environments that I can reproduce, tear down,
rebuild, test.

It seems quite easy to mount your home folder, or any folder, when
starting the container, so why not just do that? Go with the flow,
rather than seek to preserve development behaviour from previous
development environments.

Yes, you can search the web and find people who have a genuine specific
niche reason to do it the old way, but check you really need to do it,
rather than adapt and go with the intended way of working with containers.

Subject: Re: Injecting Filesystem Mounts Into A Container
From: D
Newsgroups: comp.os.linux.misc
Organization: i2pn2 (i2pn.org)
Date: Mon, 23 Dec 2024 12:04 UTC
References: 1 2
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!i2pn.org!i2pn2.org!.POSTED!not-for-mail
From: nospam@example.net (D)
Newsgroups: comp.os.linux.misc
Subject: Re: Injecting Filesystem Mounts Into A Container
Date: Mon, 23 Dec 2024 13:04:38 +0100
Organization: i2pn2 (i2pn.org)
Message-ID: <260b796a-6cc6-a993-da9c-ba63d4b6391c@example.net>
References: <vkacc9$s7a2$1@dont-email.me> <lsspctFfr3tU1@mid.individual.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Injection-Info: i2pn2.org;
logging-data="66349"; mail-complaints-to="usenet@i2pn2.org";
posting-account="w/4CleFT0XZ6XfSuRJzIySLIA6ECskkHxKUAYDZM66M";
In-Reply-To: <lsspctFfr3tU1@mid.individual.net>
X-Spam-Checker-Version: SpamAssassin 4.0.0
View all headers

On Mon, 23 Dec 2024, Andy Burns wrote:

> Lawrence D'Oliveiro wrote:
>
>> how do I add my home directory (readonly) into
>> a container so I can install software from there?
>
> fish:// or sshfs ?
>
>

https://www.baeldung.com/linux/docker-mount-host-filesystem ?

1

rocksolid light 0.9.8
clearnet tor