[lxc-users] udevadm trigger corrupts the container

Christoph Mathys eraserix at gmail.com
Mon Aug 3 07:57:34 UTC 2015


On Wed, Jul 29, 2015 at 4:14 AM, Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
> The host should be protected from udevadm trigger by your container
> being under an apparmor profile and/or readonly sys.

But if udevadm trigger is executed on the host for some reason, this
will still break all containers that use lxc.autodev = 1? A quick test
seems to suggest this... I thought about removing the call, but this
means duplicating udev logic in my maintainer scripts. I also could
not find anything in the debian policy that forbids running udevadm
trigger with the "change" action.

I tried with apparmor on 3.18, but this does not seem to change
anything. Is there a way to override some of the defaults in
"ubuntu.common.conf" in order to mount sysfs readonly?

Christoph


More information about the lxc-users mailing list