[libvirt] [PATCH RFC] LXC: don't RO mount /proc, /sys when user namespce enabled
Eric Blake
eblake at redhat.com
Mon Dec 22 15:12:33 UTC 2014
On 12/21/2014 08:57 PM, Chen Hanxiao wrote:
s/namespce/namespace/ in the subject line
> If we enabled user ns and provided a uid/gid map,
> we do not need to mount /proc, /sys as readonly.
> Leave it to kernel for protection.
>
> Signed-off-by: Chen Hanxiao <chenhanxiao at cn.fujitsu.com>
> ---
> src/lxc/lxc_container.c | 6 ++++++
> 1 file changed, 6 insertions(+)
I'll leave the actual patch review to someone more familiar with LXC
namespace setups
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 604 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20141222/531fdcf0/attachment-0001.sig>
More information about the libvir-list
mailing list