Quoting Christoph Mathys (erase...@gmail.com): > On Wed, Jul 29, 2015 at 4:14 AM, Serge Hallyn <serge.hal...@ubuntu.com> wrote: > > The host should be protected from udevadm trigger by your container > > being under an apparmor profile and/or readonly sys. > > But if udevadm trigger is executed on the host for some reason, this > will still break all containers that use lxc.autodev = 1? A quick test
Ah that's not what i thought you were saying. That doesn't happen on my systems, and I can't recall offhand why. I'll have to play with it. So you're saying you have lvm backed containers, not running udev, and when you run udevadm trigger on the host your containers die? > seems to suggest this... I thought about removing the call, but this > means duplicating udev logic in my maintainer scripts. I also could > not find anything in the debian policy that forbids running udevadm > trigger with the "change" action. > > I tried with apparmor on 3.18, but this does not seem to change > anything. Is there a way to override some of the defaults in > "ubuntu.common.conf" in order to mount sysfs readonly? > > Christoph > _______________________________________________ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
