Quoting Michael H. Warfield (m...@wittsend.com): > [root@forest ~]# lxc-start --name Plover > lxc-start: Invalid argument - pivot_root syscall failed
sort of unrelated, but Rob Landley had mentioned he wanted to fix chroot to prevent the chdir-based chroot escape, allowing lxc to use chroot in place of pivot_root. As you see above, pivot_root has some very stringent constaints regarding the ms_shared state of the mounpoints *and* their parents, so this would be a very good thing. And would prevent the above. As far as the main topic of this thread, I feel I can't really do it justice without trying harder to reproduce, which I can't do today. I'm going to try and find time tomorrow or friday to do so (if you haven't gotten to the bottom of this before that). We also might want to point dhansen at the mail archive of this thread and get his input. -serge ------------------------------------------------------------------------------ 10 Tips for Better Web Security Learn 10 ways to better secure your business today. Topics covered include: Web security, SSL, hacker attacks & Denial of Service (DoS), private keys, security Microsoft Exchange, secure Instant Messaging, and much more. http://www.accelacomm.com/jaw/sfnl/114/51426210/ _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
