[lxc-devel] [PATCH] userns: Update bind-mounted devices
Serge Hallyn
serge.hallyn at ubuntu.com
Mon Mar 24 19:02:52 UTC 2014
Quoting Stéphane Graber (stgraber at ubuntu.com):
> This updates all configs to include the exact same set of 7 bind-mounted
> devices:
> - console
> - full
> - null
> - random
> - tty
> - urandom
> - zero
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
> ---
> config/templates/centos.userns.conf.in | 5 +++--
> config/templates/debian.userns.conf.in | 3 +++
> config/templates/fedora.userns.conf.in | 5 +++--
> config/templates/gentoo.userns.conf.in | 3 +++
> config/templates/oracle.userns.conf.in | 5 +++--
> config/templates/plamo.userns.conf.in | 3 +++
> config/templates/ubuntu.userns.conf.in | 3 +++
> 7 files changed, 21 insertions(+), 6 deletions(-)
>
> diff --git a/config/templates/centos.userns.conf.in b/config/templates/centos.userns.conf.in
> index c33e38d..f6de0e9 100644
> --- a/config/templates/centos.userns.conf.in
> +++ b/config/templates/centos.userns.conf.in
> @@ -8,11 +8,12 @@ lxc.devttydir =
>
> # Extra bind-mounts for userns
> lxc.mount.entry = /dev/console dev/console none bind,create=file 0 0
> -lxc.mount.entry = /dev/null dev/null none bind,create=file 0 0
> -lxc.mount.entry = /dev/zero dev/zero none bind,create=file 0 0
> lxc.mount.entry = /dev/full dev/full none bind,create=file 0 0
> +lxc.mount.entry = /dev/null dev/null none bind,create=file 0 0
> +lxc.mount.entry = /dev/random dev/random none bind,create=file 0 0
> lxc.mount.entry = /dev/tty dev/tty none bind,create=file 0 0
> lxc.mount.entry = /dev/urandom dev/urandom none bind,create=file 0 0
> +lxc.mount.entry = /dev/zero dev/zero none bind,create=file 0 0
>
> # Extra fstab entries as mountall can't mount those by itself
> lxc.mount.entry = /sys/firmware/efi/efivars sys/firmware/efi/efivars none bind,optional 0 0
> diff --git a/config/templates/debian.userns.conf.in b/config/templates/debian.userns.conf.in
> index 330a2f0..3e9600d 100644
> --- a/config/templates/debian.userns.conf.in
> +++ b/config/templates/debian.userns.conf.in
> @@ -4,6 +4,9 @@ lxc.cgroup.devices.allow =
>
> # Extra bind-mounts for userns
> lxc.mount.entry = /dev/console dev/console none bind,create=file 0 0
> +lxc.mount.entry = /dev/full dev/full none bind,create=file 0 0
> lxc.mount.entry = /dev/null dev/null none bind,create=file 0 0
> +lxc.mount.entry = /dev/random dev/random none bind,create=file 0 0
> lxc.mount.entry = /dev/tty dev/tty none bind,create=file 0 0
> lxc.mount.entry = /dev/urandom dev/urandom none bind,create=file 0 0
> +lxc.mount.entry = /dev/zero dev/zero none bind,create=file 0 0
> diff --git a/config/templates/fedora.userns.conf.in b/config/templates/fedora.userns.conf.in
> index c33e38d..f6de0e9 100644
> --- a/config/templates/fedora.userns.conf.in
> +++ b/config/templates/fedora.userns.conf.in
> @@ -8,11 +8,12 @@ lxc.devttydir =
>
> # Extra bind-mounts for userns
> lxc.mount.entry = /dev/console dev/console none bind,create=file 0 0
> -lxc.mount.entry = /dev/null dev/null none bind,create=file 0 0
> -lxc.mount.entry = /dev/zero dev/zero none bind,create=file 0 0
> lxc.mount.entry = /dev/full dev/full none bind,create=file 0 0
> +lxc.mount.entry = /dev/null dev/null none bind,create=file 0 0
> +lxc.mount.entry = /dev/random dev/random none bind,create=file 0 0
> lxc.mount.entry = /dev/tty dev/tty none bind,create=file 0 0
> lxc.mount.entry = /dev/urandom dev/urandom none bind,create=file 0 0
> +lxc.mount.entry = /dev/zero dev/zero none bind,create=file 0 0
>
> # Extra fstab entries as mountall can't mount those by itself
> lxc.mount.entry = /sys/firmware/efi/efivars sys/firmware/efi/efivars none bind,optional 0 0
> diff --git a/config/templates/gentoo.userns.conf.in b/config/templates/gentoo.userns.conf.in
> index f47ede3..5643744 100644
> --- a/config/templates/gentoo.userns.conf.in
> +++ b/config/templates/gentoo.userns.conf.in
> @@ -7,9 +7,12 @@ lxc.devttydir =
>
> # Extra bind-mounts for userns
> lxc.mount.entry = /dev/console dev/console none bind,create=file 0 0
> +lxc.mount.entry = /dev/full dev/full none bind,create=file 0 0
> lxc.mount.entry = /dev/null dev/null none bind,create=file 0 0
> +lxc.mount.entry = /dev/random dev/random none bind,create=file 0 0
> lxc.mount.entry = /dev/tty dev/tty none bind,create=file 0 0
> lxc.mount.entry = /dev/urandom dev/urandom none bind,create=file 0 0
> +lxc.mount.entry = /dev/zero dev/zero none bind,create=file 0 0
>
> # Extra fstab entries as mountall can't mount those by itself
> lxc.mount.entry = /sys/firmware/efi/efivars sys/firmware/efi/efivars none bind,optional 0 0
> diff --git a/config/templates/oracle.userns.conf.in b/config/templates/oracle.userns.conf.in
> index 892fa1e..5643744 100644
> --- a/config/templates/oracle.userns.conf.in
> +++ b/config/templates/oracle.userns.conf.in
> @@ -7,11 +7,12 @@ lxc.devttydir =
>
> # Extra bind-mounts for userns
> lxc.mount.entry = /dev/console dev/console none bind,create=file 0 0
> -lxc.mount.entry = /dev/null dev/null none bind,create=file 0 0
> -lxc.mount.entry = /dev/zero dev/zero none bind,create=file 0 0
> lxc.mount.entry = /dev/full dev/full none bind,create=file 0 0
> +lxc.mount.entry = /dev/null dev/null none bind,create=file 0 0
> +lxc.mount.entry = /dev/random dev/random none bind,create=file 0 0
> lxc.mount.entry = /dev/tty dev/tty none bind,create=file 0 0
> lxc.mount.entry = /dev/urandom dev/urandom none bind,create=file 0 0
> +lxc.mount.entry = /dev/zero dev/zero none bind,create=file 0 0
>
> # Extra fstab entries as mountall can't mount those by itself
> lxc.mount.entry = /sys/firmware/efi/efivars sys/firmware/efi/efivars none bind,optional 0 0
> diff --git a/config/templates/plamo.userns.conf.in b/config/templates/plamo.userns.conf.in
> index 330a2f0..3e9600d 100644
> --- a/config/templates/plamo.userns.conf.in
> +++ b/config/templates/plamo.userns.conf.in
> @@ -4,6 +4,9 @@ lxc.cgroup.devices.allow =
>
> # Extra bind-mounts for userns
> lxc.mount.entry = /dev/console dev/console none bind,create=file 0 0
> +lxc.mount.entry = /dev/full dev/full none bind,create=file 0 0
> lxc.mount.entry = /dev/null dev/null none bind,create=file 0 0
> +lxc.mount.entry = /dev/random dev/random none bind,create=file 0 0
> lxc.mount.entry = /dev/tty dev/tty none bind,create=file 0 0
> lxc.mount.entry = /dev/urandom dev/urandom none bind,create=file 0 0
> +lxc.mount.entry = /dev/zero dev/zero none bind,create=file 0 0
> diff --git a/config/templates/ubuntu.userns.conf.in b/config/templates/ubuntu.userns.conf.in
> index f47ede3..5643744 100644
> --- a/config/templates/ubuntu.userns.conf.in
> +++ b/config/templates/ubuntu.userns.conf.in
> @@ -7,9 +7,12 @@ lxc.devttydir =
>
> # Extra bind-mounts for userns
> lxc.mount.entry = /dev/console dev/console none bind,create=file 0 0
> +lxc.mount.entry = /dev/full dev/full none bind,create=file 0 0
> lxc.mount.entry = /dev/null dev/null none bind,create=file 0 0
> +lxc.mount.entry = /dev/random dev/random none bind,create=file 0 0
> lxc.mount.entry = /dev/tty dev/tty none bind,create=file 0 0
> lxc.mount.entry = /dev/urandom dev/urandom none bind,create=file 0 0
> +lxc.mount.entry = /dev/zero dev/zero none bind,create=file 0 0
>
> # Extra fstab entries as mountall can't mount those by itself
> lxc.mount.entry = /sys/firmware/efi/efivars sys/firmware/efi/efivars none bind,optional 0 0
> --
> 1.9.1
>
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
More information about the lxc-devel
mailing list