Read-only ENROOT_DATA_PATH possible?

NVIDIA / enroot

A simple yet powerful tool to turn traditional container/OS images into unprivileged sandboxes.

Apache License 2.0

648 stars 94 forks source link

Read-only ENROOT_DATA_PATH possible? #91

Closed dr-br closed 3 years ago

dr-br commented 3 years ago

The unpacking of sqsh files consumes time and disk space. Is it possible to provide already unpacked root file systems in a write-only ENROOT_DATA_PATH?

Unfortunately the lockfile .lock would be located in these write protected directories.

Thanks! Samuel

3XX0 commented 3 years ago

It's not possible to have the rootfs in a read-only filesystem because hooks need to be able to write to it. Nothing stops you from unpacking it once and starting multiple containers from it (that's what the lock is for, and by default containers mount the filesystem filesystem as readonly)

dr-br commented 3 years ago

Thanks for the clarification!