> -Original Message-
> From: libvir-list-boun...@redhat.com [mailto:libvir-list-boun...@redhat.com]
> On
> Behalf Of Chen Hanxiao
> Sent: Monday, December 22, 2014 11:57 AM
> To: libvir-list@redhat.com
> Subject: [libvirt] [PATCH RFC] LXC: don't RO m
>> Subject: Re: [libvirt] [PATCH RFC] LXC: don't RO mount /proc, /sys when user
>> namespce enabled
>>
>> On Mon, Dec 22, 2014 at 4:12 PM, Eric Blake wrote:
>>> On 12/21/2014 08:57 PM, Chen Hanxiao wrote:
>>>
>>> s/namespce/namespace/ in the
> -Original Message-
> From: Richard Weinberger [mailto:richard.weinber...@gmail.com]
> Sent: Wednesday, December 24, 2014 5:36 AM
> To: Eric Blake
> Cc: Chen, Hanxiao/陈 晗霄; libvir-list@redhat.com
> Subject: Re: [libvirt] [PATCH RFC] LXC: don't RO mount /proc, /s
On Mon, Dec 22, 2014 at 4:12 PM, Eric Blake wrote:
> On 12/21/2014 08:57 PM, Chen Hanxiao wrote:
>
> s/namespce/namespace/ in the subject line
>
>> If we enabled user ns and provided a uid/gid map,
>> we do not need to mount /proc, /sys as readonly.
>> Leave it to kernel for protection.
>>
>> Sign
On 12/21/2014 08:57 PM, Chen Hanxiao wrote:
s/namespce/namespace/ in the subject line
> If we enabled user ns and provided a uid/gid map,
> we do not need to mount /proc, /sys as readonly.
> Leave it to kernel for protection.
>
> Signed-off-by: Chen Hanxiao
> ---
> src/lxc/lxc_container.c | 6
If we enabled user ns and provided a uid/gid map,
we do not need to mount /proc, /sys as readonly.
Leave it to kernel for protection.
Signed-off-by: Chen Hanxiao
---
src/lxc/lxc_container.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.