All modern distributions require devtmpfs in /dev. devtmpfs can't
be mounted from userns. This patch bind-mounts the host /dev.
It's secure, because permissions are handled according with uid and
gid maps for the user namespace.
Signed-off-by: Andrey Vagin
---
src/lib/hooks_ct.c | 78 +++
On Mon, Jan 20, 2014 at 03:48:01PM +0400, Andrey Vagin wrote:
> All modern distributions require devtmpfs in /dev. devtmpfs can't
> be mounted from userns. This patch bind-mounts the host /dev.
> It's secure, because permissions are handled according with uid and
> gid maps for the user namespace.