@Steve, regarding whether disabling plymouth is the right fix: I don't know the mechanisms plymouth uses.
1. for system log entries, the right fix will be a syslog namespace, which doesn't yet exist. 2. if it uses proc files, we may be able to use apparmor to protect from plymouth, though that may make plymouth fail and cause the container to not boot right. The right fix would be a mix of user namespaces and proc file access filtering. 3. if it uses devices (ioctls or writes), we may be able to use apparmor and/or the devices namespace to protect from plymouth, but a device namespace will be the right fix. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/925513 Title: plymouth should not run in container To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/925513/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
