On Fri, Dec 19, 2014 at 06:23:52PM +0000, Serge Hallyn wrote: > In contrast to what the comment above the line disabling it said, > it seems to work just fine. It also is needed on current kernels > (until Eric's patch hits upstream) to prevent unprivileged containers > from hosing fuse filesystems they inherit. > > Signed-off-by: Serge Hallyn <[email protected]>
Acked-by: Stéphane Graber <[email protected]> > --- > config/templates/userns.conf.in | 4 ---- > 1 file changed, 4 deletions(-) > > diff --git a/config/templates/userns.conf.in b/config/templates/userns.conf.in > index 2d9d7d5..5dc19c7 100644 > --- a/config/templates/userns.conf.in > +++ b/config/templates/userns.conf.in > @@ -13,7 +13,3 @@ lxc.mount.entry = /dev/random dev/random none > bind,create=file 0 0 > lxc.mount.entry = /dev/tty dev/tty none bind,create=file 0 0 > lxc.mount.entry = /dev/urandom dev/urandom none bind,create=file 0 0 > lxc.mount.entry = /dev/zero dev/zero none bind,create=file 0 0 > - > -# Default seccomp policy is not needed for unprivileged containers, and > -# non-root users cannot use seccmp without NNP anyway. > -lxc.seccomp = > -- > 2.1.0 > > _______________________________________________ > lxc-devel mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-devel -- Stéphane Graber Ubuntu developer http://www.ubuntu.com
signature.asc
Description: Digital signature
_______________________________________________ lxc-devel mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-devel
