Now people are looking into truly read-only container rootfs where same rootfs will be shared by multiple containers. Right now runc assumes that container rootfs is writable and will create mount point destinations (file/dir) so that mounts can succeed.
I am looking for functionality where caller is responsible to make sure mount destination exist otherwise runc will simply fail the opertion.
Provide a knob for truly read-only container where runc does not try to scribble anything on container rootfs and if something is missing, runc simply errors out.
Now people are looking into truly read-only container rootfs where same rootfs will be shared by multiple containers. Right now runc assumes that container rootfs is writable and will create mount point destinations (file/dir) so that mounts can succeed.
I am looking for functionality where caller is responsible to make sure mount destination exist otherwise runc will simply fail the opertion.
Provide a knob for truly read-only container where runc does not try to scribble anything on container rootfs and if something is missing, runc simply errors out.