[Lxc-users] Jumping out of a read-only bind mount container

Andre Nathan andre at digirati.com.br
Mon Feb 7 10:56:25 UTC 2011

Previous message: [Lxc-users] Jumping out of a read-only bind mount container
Next message: [Lxc-users] Jumping out of a read-only bind mount container
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2011-02-07 at 11:40 +1100, Trent W. Buck wrote:
> lxc.cap.drop=sys_admin should prevent all mount(2) calls within the
> container.  It seems to work for me.  In fact...  I thought LXC *always*
> removed that capability, even if you never mentioned it?

Nice! Is there a list of capabilities LXC drops documented somewhere?

Thanks
Andre

Previous message: [Lxc-users] Jumping out of a read-only bind mount container
Next message: [Lxc-users] Jumping out of a read-only bind mount container
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the lxc-users mailing list