On Wed, Jul 29, 2015 at 4:14 AM, Serge Hallyn <[email protected]> wrote: > The host should be protected from udevadm trigger by your container > being under an apparmor profile and/or readonly sys.
But if udevadm trigger is executed on the host for some reason, this will still break all containers that use lxc.autodev = 1? A quick test seems to suggest this... I thought about removing the call, but this means duplicating udev logic in my maintainer scripts. I also could not find anything in the debian policy that forbids running udevadm trigger with the "change" action. I tried with apparmor on 3.18, but this does not seem to change anything. Is there a way to override some of the defaults in "ubuntu.common.conf" in order to mount sysfs readonly? Christoph _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
