Comments (6)
That is great question. My interpretation is that readonlyRootfs means it is mounted RO and nothing is writeable, writes will fail.
from runtime-spec.
@chanezon wrote the original spec, so what was the thought with readonlyRootfs. Perhaps @crosbymichael knows too.
from runtime-spec.
On Thu, Jun 25, 2015 at 01:01:42PM -0700, Brandon Philips wrote:
My interpretation is that readonlyRootfs means it is mounted RO and
nothing is writeable, writes will fail.
That was my interpretation too. If you want the CoW semantics, just
copy your container before launching it and don't set readonlyRootfs.
For bonus points, using something like btrfs' snapshots for this
initial copy will mean you get to share unaltered blocks between your
copy and the original.
That said, I agree that disambiguation is good, and “mounted
read-only” is pretty unambiguous ;).
from runtime-spec.
Makes since, I'll try to disambiguate. Is this a feature utilized commonly today? Windows does not support booting/running the OS from read-only volumes so this would have to be a platform split at least for now.
from runtime-spec.
On Thu, Jun 25, 2015 at 03:32:56PM -0700, Taylor Brown wrote:
Is this a feature utilized commonly today?
I don't know how to get a number for that, but the ability to do this
in Docker landed in 1.5 1, and the associated PR
(moby/moby#10093) references moby/moby#7923 (“Fedora has
supported the concept of a readonly root for a long time…). The other
referenced issues (moby/moby#2710 and moby/moby#8752) seem to
be more focused on the general ideas of increased security and the
fact that you'll fail early if your application tries to store
information in a volume that you don't intend to save.
from runtime-spec.
Interesting, seems like the initial conversation was skeptical on it's usefulness but I do like the idea of it interims of failing deterministically if the process tires to write outside of the intended/defined scope. I submitted #25 to try and cleanup/disambiguate the content.
from runtime-spec.
Related Issues (20)
- `runAsGroup` vs `supplementalGroups` HOT 3
- support PostExit Hook HOT 11
- Proposal: Add the `update` operation HOT 1
- When using Windows containers in Containerd the windows layerFolder is null and the root is blank HOT 10
- whether update container delete doc
- When running `make rust-oci-tests` getting error `container state could not be retrieved successfully.` HOT 3
- features.md: add unsafe annotation list HOT 2
- config-linux: Should we clarify when should we set the swap limit? HOT 2
- idmapped mounts: should they be applied recursively?
- dev versions don't respect semver HOT 6
- features: mountExtensions: how best to represent feature support for idmap? HOT 5
- Update `config_linux.md` when libseccomp `v2.6.0` is relased
- Why does the oci runtime spec define the runtime operation after the proposal of" runtime CLI spec" has been rejected? HOT 2
- Proposal: Support filter (Includes and Excludes) feature in LinuxSyscall HOT 7
- Proposal: Network Devices HOT 12
- Build error with clang++ 17 HOT 7
- Proposal: use pre-generated BPF filter HOT 3
- Damarcus Jones Professional
- Proposal: synchronize cgroupv1 deprecation announcements HOT 7
- performance: how can runtime-spec incorporate non container image OCI artifacts lifecycle? HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from runtime-spec.