Is it possible let chroot jails share directories(read-only) outside the jail?

Question

I have muliple chroot jails, I want them to share some directories, currently I have to copy these directories into jails which I think is not elegant. The directories are read-only, like '/usr/bin'.

score 13 · Accepted Answer · edited Nov 12 '13 at 09:30

13

You can use the new bind mounts support to make identical directory structures available through multiple paths.

mount --bind /usr/bin /path/to/chroot/jail/usr/bin
mount -o remount,ro /path/to/chroot/jail/usr/bin

For more details, see mount(8).

You can get really clever with mounting on Linux systems these days; for more details, see the Linux kernel source file Documentation/filesystems/sharedsubtree.txt.

edited Nov 12 '13 at 09:30

Tobias Kienzler

25,759
22
127
221

answered Dec 09 '11 at 03:10

sarnold

102,305
22
181
238

On Ubuntu 16.04 this makes the source directory (not only the mounted one) also read only :/ – therealmarv Oct 14 '16 at 11:13
acoording to http://unix.stackexchange.com/a/128388/11869 it neets to be 1. `mount SRC DST -o bind` 2. `mount DST -o remount,ro,bind` – therealmarv Oct 14 '16 at 12:38

score 2 · Answer 2 · edited Jul 28 '12 at 05:04

2

try

mount /outside /inside -o bind

edited Jul 28 '12 at 05:04

answered Dec 09 '11 at 03:09

ILYA Khlopotov

705
3
5

Is it possible let chroot jails share directories(read-only) outside the jail?

2 Answers2