[pve-devel] applied: [PATCH RFC lxc] add fix for rw sysfs issue

Wolfgang Bumiller w.bumiller at proxmox.com
Wed Nov 9 11:32:24 CET 2016


On Wed, Nov 09, 2016 at 09:43:51AM +0100, Fabian Grünbichler wrote:
> originally reported by Patrick William of Rack911Labs.
> 
> note: this has a slight (but unavoidable) potential for
> breakage for containers that need a rw /sys for whatever
> reason. those should already have set "lxc.mount.auto" to
> contain "sys:rw" (or use a custom AA profile), because
> remounting /sys rw is only possible with trickery inside the
> container even without this patch.

Maybe we should document somewhere that it's now still a bad idea to use
the `-with-nesting` AA profile on privileged containers...?
(But for different AA profiles they have to modify the config by hand
anyway...)




More information about the pve-devel mailing list