-
Support for automatic mounting of filesystems · 368bbc02Christian Seiler authored
This patch adds the lxc.mount.auto configuration option that allows the user to specify that certain standard filesystems should be automatically pre-mounted when the container is started. Currently, four things are implemented: - /proc (mounted read-write) - /sys (mounted read-only) - /sys/fs/cgroup (special logic, see mailing list discussions) - /proc/sysrq-trigger (see below) /proc/sysrq-trigger may be used from within a container to trigger a forced host reboot (echo b > /proc/sysrq-trigger) or do other things that a container shouldn't be able to do. The logic here is to bind-mount /dev/null over /proc/sysrq-trigger, so that that cannot happen. This obviously only protects fully if CAP_SYS_ADMIN is not available inside the container (otherwise that bind-mount could be removed). Signed-off-by:
Christian Seiler <christian@iwakd.de> Signed-off-by:
Serge Hallyn <serge.hallyn@ubuntu.com>
368bbc02
| Name |
Last commit
|
Last update |
|---|---|---|
| .. | ||
| include | Loading commit data... | |
| lua-lxc | Loading commit data... | |
| lxc | Loading commit data... | |
| python-lxc | Loading commit data... | |
| tests | Loading commit data... | |
| Makefile.am | Loading commit data... |