[Lxc-users] Jumping out of a read-only bind mount container

Dean Mao deanmao at gmail.com
Mon Feb 7 11:58:16 UTC 2011


Yeah, would be nice to have this list -- I remember looking all over, but I
didn't see lxc.console.  Is there a comprehensive list of these "abilities"?


On Mon, Feb 7, 2011 at 2:56 AM, Andre Nathan <andre at digirati.com.br> wrote:

> On Mon, 2011-02-07 at 11:40 +1100, Trent W. Buck wrote:
> > lxc.cap.drop=sys_admin should prevent all mount(2) calls within the
> > container.  It seems to work for me.  In fact...  I thought LXC *always*
> > removed that capability, even if you never mentioned it?
>
> Nice! Is there a list of capabilities LXC drops documented somewhere?
>
> Thanks
> Andre
>
>
>
> ------------------------------------------------------------------------------
> The modern datacenter depends on network connectivity to access resources
> and provide services. The best practices for maximizing a physical server's
> connectivity to a physical network are well understood - see how these
> rules translate into the virtual world?
> http://p.sf.net/sfu/oracle-sfdevnlfb
> _______________________________________________
> Lxc-users mailing list
> Lxc-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20110207/ff4e302c/attachment.html>


More information about the lxc-users mailing list