The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/2319
This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Unprivileged containers can safely mount /sys as read-write. This also allows systemd-udevd to be started in unprivileged containers. Signed-off-by: Christian Brauner ([email protected]) <[email protected]>
From 44c5d6d33603b2cd85d09e9c8c835538c5f6b6a5 Mon Sep 17 00:00:00 2001 From: "Christian Brauner ([email protected])" <[email protected]> Date: Sun, 13 May 2018 14:48:08 +0200 Subject: [PATCH] config: allow read-write /sys in user namespace Unprivileged containers can safely mount /sys as read-write. This also allows systemd-udevd to be started in unprivileged containers. Signed-off-by: Christian Brauner ([email protected]) <[email protected]> --- config/templates/userns.conf.in | 3 +++ 1 file changed, 3 insertions(+) diff --git a/config/templates/userns.conf.in b/config/templates/userns.conf.in index 967576b4c..19013da5b 100644 --- a/config/templates/userns.conf.in +++ b/config/templates/userns.conf.in @@ -8,3 +8,6 @@ lxc.cap.keep = # We can't move bind-mounts, so don't use /dev/lxc/ lxc.tty.dir = + +# Setup the default mounts +lxc.mount.auto = sys:rw
_______________________________________________ lxc-devel mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-devel
