| 1 |
On Mon, Sep 25, 2017 at 11:27 AM, Martin Vaeth <martin@×××××.de> wrote: |
| 2 |
> Rich Freeman <rich0@g.o> wrote: |
| 3 |
>> |
| 4 |
>> I wouldn't be surprised if it works with a single bind mount with |
| 5 |
>> /proc and /dev and so on mounted on top of that. |
| 6 |
> |
| 7 |
> Either you start with a writable tree and bind-mount some directories |
| 8 |
> non-writable or the opposite way. Either way, a dozen or so bind-mounts |
| 9 |
> are minimally necessary. |
| 10 |
> |
| 11 |
|
| 12 |
/proc, /sys, and /dev wouldn't be bind mounts. They're just mounts. |
| 13 |
And everything else would be pulled in with a read-only bind mount of |
| 14 |
/. |
| 15 |
|
| 16 |
You're going to need the same mounts of /proc, /sys, and /dev on an |
| 17 |
overlay, unless you really wanted to let those pass through, which |
| 18 |
seems like a bad idea. |
| 19 |
|
| 20 |
>> You say "not even a bind" as if that is a benefit. |
| 21 |
> |
| 22 |
> In case the "non-scaling" argument has not become clear, |
| 23 |
> I try to visualize it by a table: |
| 24 |
> |
| 25 |
> | "simple" | "fine grained" |
| 26 |
> ---------+----------------+------------------- |
| 27 |
> Overlay | 1 mount | 1 mount |
| 28 |
> ---------+----------------+------------------- |
| 29 |
> Container| 10? bind mounts| 1000? bind mounts |
| 30 |
|
| 31 |
Except it is more like: |
| 32 |
|
| 33 |
| "simple" | "fine grained" |
| 34 |
---------+----------------+------------------- |
| 35 |
Overlay | 1 mount | 1 mount + 1000? file deletions in the overlay |
| 36 |
---------+----------------+------------------- |
| 37 |
Container| 1-2 bind mounts | 1000? bind mounts |
| 38 |
|
| 39 |
I left out dev+sys+proc in both cases - it would be a few more mounts |
| 40 |
either way. |
| 41 |
|
| 42 |
And there is really no difference in performance between 1 mount and |
| 43 |
10 in practice. |
| 44 |
|
| 45 |
-- |
| 46 |
Rich |
Archives