On Mon, Jul 4, 2011 at 22:16, Matto Fransen <ma...@matto.nl> wrote: > > lxc.mount.entry=/path/to/rootfs/lib /var/lib/lxc/<container>/rootfs/lib none > ro,bind 0 0 > > # system mounts > lxc.mount.entry=proc /var/lib/lxc/<container>/rootfs/proc proc none defaults > 0 0 > lxc.mount.entry=shmfs /var/lib/lxc/<container>/rootfs/dev/shm tmpfs mode=0644 > 0 0 > lxc.mount.entry=sysfs /var/lib/lxc/<container>/rootfs/sys sysfs defaults 0 0 > > lxc.cap.drop=sys_admin > > This last line prevents that one can jumo out of the readonly bind mounts from > inside the container :)
I'm successfully using LXC with this setup too. -- David Serrano ------------------------------------------------------------------------------ AppSumo Presents a FREE Video for the SourceForge Community by Eric Ries, the creator of the Lean Startup Methodology on "Lean Startup Secrets Revealed." This video shows you how to validate your ideas, optimize your ideas and identify your business strategy. http://p.sf.net/sfu/appsumosfdev2dev _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
