Shareing /usr directory

I found this in the Debian Administrator Handbook (Raphaël Hertzog & Roland Mas) about LXC:

“It may also make sense to share part of the filesystem, such as the /usr and /lib subtrees, so as to avoid duplicating the software that may need to be common to several containers. This will usually be achieved with lxc.mount.entry entries in the containers configuration file. An interesting side-effect is that the processes will then use less physical memory, since the kernel is able to detect that the programs are shared.”

Do you have any experience or opinion on that? What would happen if you upgrade a package (with the package manager) in the host and not in the container?



The main downside is that each system container is being updated by its own.
By default, the Ubuntu containers have unattended-upgrades which update the packages within 24 hours of them appearing, and each container may get updated at a random point within this 24-hour timeframe.
To do this mounting procedure, I think you would need to disable updates.

If you were to use ZFS or btrfs as the storage backend, you get copy-on-write, which gives you the full benefit of not duplicating the system directories of each container.

Finally, you would need to verify if indeed different unprivileged container with shared system directories, are indeed able to keep a single copy of the loaded libraries. That is, try it out and verify with lsof.