[lxc-devel] [lxc/lxc] f4d5cc: sshd: Don't bind-mount /sbin/init read-write
GitHub
noreply at github.com
Thu Dec 19 11:17:44 UTC 2013
Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: f4d5cc8e1f39d132b61e110674528cac727ae0e2
https://github.com/lxc/lxc/commit/f4d5cc8e1f39d132b61e110674528cac727ae0e2
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: 2013-12-19 (Thu, 19 Dec 2013)
Changed paths:
M templates/lxc-sshd.in
Log Message:
-----------
sshd: Don't bind-mount /sbin/init read-write
lxc-sshd was mounting itself (the template script) as /sbin/init in the
container using a writable bind-mount.
This shouldn't be needed and could lead to quite a few problems should
one of those containers overwrite /sbin/init for some reason.
Instead simply move to a read-only bind-mount which should prevent any
accidental dammage.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
More information about the lxc-devel
mailing list