[pve-devel] [PATCH bookworm lxc] fix #7006: do not restrict proc or sys if nested
Thomas Lamprecht
t.lamprecht at proxmox.com
Tue Nov 25 10:24:03 CET 2025
On Mon, 24 Nov 2025 12:36:37 +0100, Fabian Grünbichler wrote:
> if nesting is enabled, it is already possible to mount a fresh instance of
> procfs and sysfs inside the container. protecting the original one does not
> make much sense in such a scenario, the kernel already protects the bits that
> are off-limits for unprivileged users anyway..
>
> this fixes an issue with certain nested container setups, such as a recent
> enough runc nested inside LXC.
>
> [...]
Applied, thanks!
[1/1] fix #7006: do not restrict proc or sys if nested
commit: 864c1d3367882cfc5545384b3a6ea931c2dad739
More information about the pve-devel
mailing list