[lxc-devel] [lxc/lxc] 336623: oracle template: restrict writeability in /proc an...
GitHub
noreply at github.com
Thu Oct 24 01:52:20 UTC 2013
Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: 33662399da0d6d29a2a49b36fe5394741e068ef0
https://github.com/lxc/lxc/commit/33662399da0d6d29a2a49b36fe5394741e068ef0
Author: Dwight Engen <dwight.engen at oracle.com>
Date: 2013-10-23 (Wed, 23 Oct 2013)
Changed paths:
M templates/lxc-oracle.in
Log Message:
-----------
oracle template: restrict writeability in /proc and /sys
Note that since we don't drop CAP_SYS_ADMIN, root in the container can
remount proc or sys however they want to, however this at least improves
the default situation.
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
More information about the lxc-devel
mailing list