On Wed, May 23, 2018 at 06:13:02PM +0200, Dr. Todor Dimitrov wrote: > Hallo, > > is there any security benefit of using proc:mixed inside an unprivileged > container? Or does proc:rw deliver the same level of isolation?
There's no security benefit for unprivileged containers. They can't change /proc/sys and /proc/sysrq-trigger. If they can and the file isn't namespaced it's a bug. Christian > > lxc.mount.auto = proc:mixed > > vs. > > lxc.mount.auto = proc:rw > > Thanks in advance, > Todor > > _______________________________________________ > lxc-users mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-users _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
