22 Dec
2014
22 Dec
'14
3:12 p.m.
On 12/21/2014 08:57 PM, Chen Hanxiao wrote: s/namespce/namespace/ in the subject line
If we enabled user ns and provided a uid/gid map, we do not need to mount /proc, /sys as readonly. Leave it to kernel for protection.
Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com> --- src/lxc/lxc_container.c | 6 ++++++ 1 file changed, 6 insertions(+)
I'll leave the actual patch review to someone more familiar with LXC namespace setups -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org