On 05/11/2012 10:48 AM, Daniel P. Berrange wrote: > From: "Daniel P. Berrange" <[email protected]> > > Currently to make sysfs readonly, we remount the existing > instance and then bind it readonly. Unfortunately this means > sysfs is still showing device objects wrt the host OS namespace. > We need it to reflect the container namespace, so we must mount > a completely new instance of it. Do the same for selinuxfs since > there is no benefit to bind mounting & this lets us simplify > the code. > > * src/lxc/lxc_container.c: Mount fresh sysfs instance > > Signed-off-by: Daniel P. Berrange <[email protected]> > --- > src/lxc/lxc_container.c | 32 +++++++++++--------------------- > 1 file changed, 11 insertions(+), 21 deletions(-) >
ACK. -- Eric Blake [email protected] +1-919-301-3266 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/libvir-list
