| Name |
Last commit
|
Last update |
|---|---|---|
| .. | ||
| container-base | ||
| container-base.in | ||
| start-container.in |
RW bind mounts need to be restricted for some paths in
order to avoid MAC restriction bypasses, but read-only bind
mounts shouldn't have that problem.
Additionally, combinations of 'nosuid', 'nodev' and
'noexec' flags shouldn't be a problem either and are
required with newer systemd versions, so let's allow those
as long as they're combined with 'ro,remount,bind'.
Signed-off-by: 
Wolfgang Bumiller <w.bumiller@proxmox.com>
| Name |
Last commit
|
Last update |
|---|---|---|
| .. | ||
| container-base | Loading commit data... | |
| container-base.in | Loading commit data... | |
| start-container.in | Loading commit data... |