Quoting Hirokuni Kim ([email protected]): > Hi, > > I have a question about the security implication about one line in > lxc-container-default-with-nesting profile. > > There is a line `mount fstype=proc -> /var/cache/lxc/**,` in the profile > and in my understanding, the line allows LXC container to mount the /proc > of host machine. If this is correct, why is this ok to allow?
It's not safe, but it's required for nesting. This is why it's not the default policy. _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
