subject:"\[Devel\] \[PATCH 2\/2\] hook_ct\: bind mount the host \/dev directory in CT"

[Devel] [PATCH 2/2] hook_ct: bind mount the host /dev directory in CT

2014-01-20 Thread Andrey Vagin

All modern distributions require devtmpfs in /dev. devtmpfs can't be mounted from userns. This patch bind-mounts the host /dev. It's secure, because permissions are handled according with uid and gid maps for the user namespace. Signed-off-by: Andrey Vagin --- src/lib/hooks_ct.c | 78 +++

Re: [Devel] [PATCH 2/2] hook_ct: bind mount the host /dev directory in CT

2014-01-20 Thread Andrew Vagin

On Mon, Jan 20, 2014 at 03:48:01PM +0400, Andrey Vagin wrote: > All modern distributions require devtmpfs in /dev. devtmpfs can't > be mounted from userns. This patch bind-mounts the host /dev. > It's secure, because permissions are handled according with uid and > gid maps for the user namespace.