Quoting Dwight Engen (dwight.en...@oracle.com): > Note that since we don't drop CAP_SYS_ADMIN, root in the container can > remount proc or sys however they want to, however this at least improves > the default situation. > > Signed-off-by: Dwight Engen <dwight.en...@oracle.com>
Acked-by: Serge E. Hallyn <serge.hal...@ubuntu.com> > --- > templates/lxc-oracle.in | 7 +------ > 1 file changed, 1 insertion(+), 6 deletions(-) > > diff --git a/templates/lxc-oracle.in b/templates/lxc-oracle.in > index ddc6d74..78d99ee 100644 > --- a/templates/lxc-oracle.in > +++ b/templates/lxc-oracle.in > @@ -350,7 +350,7 @@ lxc.utsname = $name > lxc.devttydir = lxc > lxc.tty = 4 > lxc.pts = 1024 > -lxc.mount = $cfg_dir/fstab > +lxc.mount.auto = proc:mixed sys:ro > lxc.hook.clone = @DATADIR@/lxc/hooks/clonehostname > # Uncomment these if you don't run anything that needs the capability, and > # would like the container to run with less privilege. > @@ -404,11 +404,6 @@ lxc.cgroup.devices.allow = c 1:9 rwm # /dev/urandom > lxc.cgroup.devices.allow = c 136:* rwm # /dev/tty[1-4] ptys and lxc > console > lxc.cgroup.devices.allow = c 5:2 rwm # /dev/ptmx pty master > EOF > - > - cat <<EOF > $cfg_dir/fstab || die "unable to create $cfg_dir/fstab" > -proc proc proc nodev,noexec,nosuid 0 0 > -sysfs sys sysfs defaults 0 0 > -EOF > } > > container_rootfs_clone() > -- > 1.8.3.1 > > > ------------------------------------------------------------------------------ > October Webinars: Code for Performance > Free Intel webinars can help you accelerate application performance. > Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from > the latest Intel processors and coprocessors. See abstracts and register > > http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk > _______________________________________________ > Lxc-devel mailing list > Lxc-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/lxc-devel ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk _______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
