Re: [libvirt] [PATCH RFC] LXC: don't RO mount /proc, /sys when user namespce enabled
On 12/21/2014 08:57 PM, Chen Hanxiao wrote:
s/namespce/namespace/ in the subject line
If we enabled user ns and provided a uid/gid map,
we do not need to mount /proc, /sys as readonly.
Leave it to kernel for protection.
Signed-off-by: Chen Hanxiao <chenhanxiao(a)cn.fujitsu.com>
---
src/lxc/lxc_container.c | 6 ++++++
1 file changed, 6 insertions(+)
I'll leave the actual patch review to someone more familiar with LXC
namespace setups
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 604 bytes)