Public bug reported: It is possible to use an ecryptfs backing store for a container's rootfs. Advantages include the inability of unprivileged processes to see the container's file contents, and, if the host is a cloud instance, confidence that when disk space is recycled for a new instance, container data will be scrambled.
To do this right, the container rootfs should be mounted in the container's namespace (so after clone(2)) and before its rootfs is mounted. That requires a new hook, 'pre-start'. This hook is trivial to add. The patch to add it will be attached to this bug for the release team's review. ** Affects: lxc (Ubuntu) Importance: Medium Status: New ** Changed in: lxc (Ubuntu) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1043052 Title: [FFE] add pre-mount container startup hook To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1043052/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs