@Andy -- that depends on whether we consider the kernel part of this a bug or not.
For lxc it'll be fixed with an apparmor policy shipped with lxc. For update-binfmts more generally, there might be way for that program to be smarter. But still the kernel itself is reading over proc and/or sys files, so there's the question of how far we go to protect the admin from himself. My take right now: the container admin may be separate from the host admin, so we need the lxc policy. For the rest, update-binfmts and the kernel part can only be used by the host admin, so we let him shoot himself in the foot. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/917660 Title: Installing qemu-user-static in an i386 lxc container applies the binfmt changes to the host, breaking execution in that host To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/binfmt-support/+bug/917660/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs