[lxc-users] 4.0.6 regression: /proc/sys/net/ipv4/ip_forward: Read-only file system

Harald Dunkel harald.dunkel at aixigo.com
Fri Feb 5 07:58:57 UTC 2021


On 2/4/21 3:32 PM, Harald Dunkel wrote:
> 
> How comes it worked before? Hopefully I am not too blind to see,
> but the git log doesn't tell that this has been changed.
> 

PS: I found

	af9dd246df7c99740f153682e0eb427f1426693d
	unmounted proc/sys/net if dropping CAP_NET_ADMIN

apparently introducing the problem for 4.0.6, and

	952ab618268b4af2773ed9d8fade817363c28a5c
	conf: fix CAP_NET_ADMIN-based mount handling

	563ec46266b8967f0ee60e0032bbe66b3b37207c
	conf: fix containers retaining CAP_NET_ADMIN

providing the fix (hopefully). Did I miss other related fixes?

Since breaking /proc is a very serious problem I wonder if it would
be reasonable to do an early release lxc 4.0.7, including these fixes?


Regards
Harri


More information about the lxc-users mailing list