[lxc-devel] [lxc/master] config: allow read-write /sys in user namespace
brauner on Github
lxc-bot at linuxcontainers.org
Sun May 13 12:50:24 UTC 2018
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 525 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180513/d4af3fe5/attachment.bin>
-------------- next part --------------
From 44c5d6d33603b2cd85d09e9c8c835538c5f6b6a5 Mon Sep 17 00:00:00 2001
From: "Christian Brauner (christian.brauner at ubuntu.com)"
<christian at brauner.io>
Date: Sun, 13 May 2018 14:48:08 +0200
Subject: [PATCH] config: allow read-write /sys in user namespace
Unprivileged containers can safely mount /sys as read-write. This also allows
systemd-udevd to be started in unprivileged containers.
Signed-off-by: Christian Brauner (christian.brauner at ubuntu.com) <christian at brauner.io>
---
config/templates/userns.conf.in | 3 +++
1 file changed, 3 insertions(+)
diff --git a/config/templates/userns.conf.in b/config/templates/userns.conf.in
index 967576b4c..19013da5b 100644
--- a/config/templates/userns.conf.in
+++ b/config/templates/userns.conf.in
@@ -8,3 +8,6 @@ lxc.cap.keep =
# We can't move bind-mounts, so don't use /dev/lxc/
lxc.tty.dir =
+
+# Setup the default mounts
+lxc.mount.auto = sys:rw
More information about the lxc-devel
mailing list