a) In the linux namespace mount case an additional MS_NOATIME, etc. will result in
EPERM on remounting something hosted in a toplevel [rel]atime mount. man 2 mount
has 'An attempt was made to modify (MS_REMOUNT) the MS_RDONLY, MS_NOSUID, or
MS_NOEXEC flag, or one of the "atime" flags (MS_NOATIME, MS_NODIRATIME, MS_RELATIME)
of an existing mount, but the mount is locked'.
b) lxc has default apparmor rules of
https://github.com/lxc/lxc/blob/main/config/apparmor/abstractions/container-base
where the closest match is: "mount options=(ro,remount,bind,nodev,nosuid)"
so additional 'MS_SILENT' or 'MS_REC' flags similarly also cause the remount to
be denied
So if we use a more recognized set of options we work out of the box in
the default lxc configuration.
Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: I5f8de2de998ae1a85fefc1c9537b79b2b3bdefec
5fbc4bbbdd