Comment 1 for bug 1008393

Thanks for bringing up this bug.

Note there are other workarounds. One is to use apparmor, but the LSM hooks for libvirt-lxc are still under development. Another is to use the root filesystem to host the libvirt container directories, instead of using a separate partition.

The one we used first in liblxc is to simply hold open a file next to the container's root file system for the duration of the container run. So long as any one file is held open on the filesystem, the 'mount -o remount,ro /' in the container will simply fail. That is the same reason why your /srv is only sometimes remounted - it is only remounted when no other containers are running.

The real solution to this bug will be to either implement an apparmor policy preventing this, or to do a fix as in liblxc holding open a file.

But as a workaround, you can simply run a program on your server, even started in upstart if you like, which holdes open a file /srv/hold and runs forever (until killed at shutdown).