-Original Message-
From: libvir-list-boun...@redhat.com [mailto:libvir-list-boun...@redhat.com]
On
Behalf Of Chen Hanxiao
Sent: Monday, December 22, 2014 11:57 AM
To: libvir-list@redhat.com
Subject: [libvirt] [PATCH RFC] LXC: don't RO mount /proc, /sys when user
namespce
RO mount /proc, /sys when user
namespce enabled
On Mon, Dec 22, 2014 at 4:12 PM, Eric Blake ebl...@redhat.com wrote:
On 12/21/2014 08:57 PM, Chen Hanxiao wrote:
s/namespce/namespace/ in the subject line
If we enabled user ns and provided a uid/gid map,
we do not need to mount /proc, /sys
On Mon, Dec 22, 2014 at 4:12 PM, Eric Blake ebl...@redhat.com wrote:
On 12/21/2014 08:57 PM, Chen Hanxiao wrote:
s/namespce/namespace/ in the subject line
If we enabled user ns and provided a uid/gid map,
we do not need to mount /proc, /sys as readonly.
Leave it to kernel for protection.
-Original Message-
From: Richard Weinberger [mailto:richard.weinber...@gmail.com]
Sent: Wednesday, December 24, 2014 5:36 AM
To: Eric Blake
Cc: Chen, Hanxiao/陈 晗霄; libvir-list@redhat.com
Subject: Re: [libvirt] [PATCH RFC] LXC: don't RO mount /proc, /sys when user
namespce enabled
On 12/21/2014 08:57 PM, Chen Hanxiao wrote:
s/namespce/namespace/ in the subject line
If we enabled user ns and provided a uid/gid map,
we do not need to mount /proc, /sys as readonly.
Leave it to kernel for protection.
Signed-off-by: Chen Hanxiao chenhanx...@cn.fujitsu.com
---
If we enabled user ns and provided a uid/gid map,
we do not need to mount /proc, /sys as readonly.
Leave it to kernel for protection.
Signed-off-by: Chen Hanxiao chenhanx...@cn.fujitsu.com
---
src/lxc/lxc_container.c | 6 ++
1 file changed, 6 insertions(+)
diff --git