There are also cases where you’d want to bind-mount a host dir into a shifted container and have that be writeable, not just to an overlay.

—

On January 17, 2020 at 1:19 PM, Tycho Andersen wrote:
> Please, no. mount() failures are already hard to reason about, I would
> rather not add another temporary (or worse, permanent) non-obvious
> failure mode.
>
> What if we make shifted bind mounts always readonly? That will force
> people to use an overlay (or something else) on top, but they probably
> want to do that anyway so they can avoid tainting the original
> container image with writes.
>
> It's not just the cool factor: if you're doing this, it's presumably
> because you want to use it with a container in a user namespace.
> Specifying the same parameters twice leaves room for error, causing
> CVEs and more work.
>
> Tycho
> _______________________________________________
> Containers mailing list
> Containers@lists.linux-foundation.org (mailto:Containers@lists.linux-foundation.org)
> lists.linuxfoundation.org/mailman/listinfo/containers (https://lists.linuxfoundation.org/mailman/listinfo/containers)
>
>
>
>