sshd: Don't bind-mount /sbin/init read-write

lxc-sshd was mounting itself (the template script) as /sbin/init in the container using a writable bind-mount. This shouldn't be needed and could lead to quite a few problems should one of those containers overwrite /sbin/init for some reason. Instead simply move to a read-only bind-mount which should prevent any accidental dammage. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

sshd: Don't bind-mount /sbin/init read-write
f4d5cc8e · Stéphane Graber · 07ece600 · f4d5cc8e
Commit f4d5cc8e authored Dec 18, 2013 by Stéphane Graber
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

lxc-sshd.in templates/lxc-sshd.in +1 -1

No files found.
--- a/templates/lxc-sshd.in
+++ b/templates/lxc-sshd.in
@@ -128,7 +128,7 @@ lxc.mount.entry = /bin bin none ro,bind 0 0
 lxc.mount.entry = /usr usr none ro,bind 0 0
 lxc.mount.entry = /sbin sbin none ro,bind 0 0
 lxc.mount.entry = tmpfs var/run/sshd tmpfs mode=0644 0 0
-lxc.mount.entry = @LXCTEMPLATEDIR@/lxc-sshd sbin/init none bind 0 0
+lxc.mount.entry = @LXCTEMPLATEDIR@/lxc-sshd sbin/init none ro,bind 0 0
 lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
 lxc.mount.entry = sysfs sys sysfs ro 0 0
 lxc.mount.entry = /etc/init.d etc/init.d none ro,bind 0 0