Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: 91e93c71c7487bce07eada582397af1104d64a8e
https://github.com/lxc/lxc/commit/91e93c71c7487bce07eada582397af1104d64a8e
Author: Andrey Vagin <ava...@gmail.com>
Date: 2014-10-08 (Wed, 08 Oct 2014)
Changed paths:
M src/lxc/conf.c
Log Message:
-----------
lxc: don't call pivot_root if / is on a ramfs
pivot_root can't be called if / is on a ramfs. Currently chroot is
called before pivot_root. In this case the standard well-known
'chroot escape' technique allows to escape a container.
I think the best way to handle this situation is to make following actions:
* clean all mounts, which should not be visible in CT
* move CT's rootfs into /
* make chroot into /
I don't have a host, where / is on a ramfs, so I can't test this patch.
Signed-off-by: Andrey Vagin <ava...@openvz.org>
Signed-off-by: Serge Hallyn <serge.hal...@ubuntu.com>
Commit: 9a64d3cf9fae39337943174fd7d680a62bade2fa
https://github.com/lxc/lxc/commit/9a64d3cf9fae39337943174fd7d680a62bade2fa
Author: Serge Hallyn <serge.hal...@ubuntu.com>
Date: 2014-10-08 (Wed, 08 Oct 2014)
Changed paths:
M src/tests/lxc-test-unpriv
Log Message:
-----------
lxc-test-unpriv: don't clear out /etc/lxc/lxc-usernet
Signed-off-by: Serge Hallyn <serge.hal...@ubuntu.com>
Compare: https://github.com/lxc/lxc/compare/956f113bf0c3...9a64d3cf9fae_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
