3

I have a number of LXC containers (ubuntu template) which all have their own separate APT caches.

/var/lib/lxc/*/rootfs/var/cache/apt/archives/

I would like to have these linked to the host machines APT cache at:

/var/cache/apt/archives

From what I remember, symlinking out of a chroot jail is a massive no-no, so I was wondering what some other clean alternatives would be. One solution I thought of what just making a cron job on the host machine to sync with the guest containers, but I was wondering if there was any way I could handle this without having to schedule synchronizations? A symlink would just be so convenient, but it'd be a massive security hole, right?

Thanks, guys.

Adam Eberlin
  • 785
  • 7
  • 11

1 Answers1

3

You can use bind mounts to make these all point to the same place. For example:

mount --bind /var/cache/apt/archives /var/lib/lxc/foo/rootfs/var/cache/apt/archives

This blog post and this forum post talks about this solution in more detail.

A symlink wouldn't be a security hole, it simply wouldn't work, because from within the container a symlink to /var/cache/apt/archives would point at a location inside the container filesystem.

larsks
  • 43,623
  • 14
  • 121
  • 180
  • 1
    Thanks for the tip! I eventually realized that the various nodes could possibly interfere with each other during simultaneous apt-get operations, so I went off searching again. I ended up coming across `apt-cacher-ng` which I'm going to give a test run. Your solution is working though in the short term as I only perform apt operations on the nodes manually at present. Cheers :) – Adam Eberlin Aug 18 '12 at 16:09