[Lxc-users] Jumping out of a read-only bind mount container
Andre Nathan
andre at digirati.com.br
Mon Feb 7 12:53:11 UTC 2011
On Mon, 2011-02-07 at 10:27 -0200, Andre Nathan wrote:
> So far, for a container running apache and cron, plus the usual stuff
> (init, getty, login), I managed to drop these:
>
> audit_control, audit_write, fowner, fsetid, ipc_lock, ipc_owner,
> lease, linux_immutable, mac_admin, mac_override, mknod, net_raw,
> setfcap, setpcap, sys_admin, sys_boot, sys_module, sys_nice,
> sys_pacct, sys_ptrace, sys_rawio, sys_resource, sys_time,
> sys_tty_config
>
> So far everything seems to be working, but possibly some more will have
> to be removed from the list.
Ping needs net_raw on Ubuntu.
More information about the lxc-users
mailing list