config: allow read-write /sys in user namespace

Unprivileged containers can safely mount /sys as read-write. This also allows systemd-udevd to be started in unprivileged containers. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

config: allow read-write /sys in user namespace
4b18ebc2 · Christian Brauner · 34256223 · 4b18ebc2
Unverified Commit 4b18ebc2 authored May 13, 2018 by Christian Brauner
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 0 deletions

userns.conf.in config/templates/userns.conf.in +3 -0

No files found.
--- a/config/templates/userns.conf.in
+++ b/config/templates/userns.conf.in
@@ -8,3 +8,6 @@ lxc.cap.keep =

 # We can't move bind-mounts, so don't use /dev/lxc/
 lxc.tty.dir =
+
+# Setup the default mounts
+lxc.mount.auto = sys:rw