[pve-devel] applied: [PATCH lxc] fix #7006: do not restrict proc or sys if nested
Thomas Lamprecht
t.lamprecht at proxmox.com
Thu Nov 13 20:23:34 CET 2025
On Thu, 13 Nov 2025 14:08:01 +0100, Fabian Grünbichler wrote:
> if nesting is enabled, it is already possible to mount a fresh instance of
> procfs and sysfs inside the container. protecting the original one does not
> make much sense in such a scenario, the kernel already protects the bits that
> are off-limits for unprivileged users anyway..
>
> this fixes an issue with certain nested container setups, such as a recent
> enough runc nested inside LXC.
>
> [...]
Applied, thanks!
[1/1] fix #7006: do not restrict proc or sys if nested
commit: d24bcf97de7c3e59e3d3dd19945b4cd42e72db40
More information about the pve-devel
mailing list