]> git.ipfire.org Git - thirdparty/libvirt.git/commit
projects / thirdparty / libvirt.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: bacc762) | patch
lxc: set nosuid+nodev+noexec flags on /proc/sys mount
authorEric W. Biederman <ebiederm@xmission.com>
Tue, 16 Jun 2015 13:44:36 +0000 (14:44 +0100)
committerDaniel P. Berrange <berrange@redhat.com>
Tue, 16 Jun 2015 16:13:59 +0000 (17:13 +0100)
commita354750ec62a4579b127b10adc39d7fe1626b77c
tree1ca6b85be9a8a299a95e771163df1b6a2292a236tree | snapshot
parentbacc762bf9dd4e02bb05de45ca306142569209e9commit | diff
lxc: set nosuid+nodev+noexec flags on /proc/sys mount

Future kernels will mandate the use of nosuid+nodev+noexec
flags when mounting the /proc/sys filesystem. Unconditionally
add them now since they don't harm things regardless and could
mitigate future security attacks.

(cherry picked from commit 24710414d403f1040794299f5304fee160d0fc23)

Conflicts:
    src/lxc/lxc_container.c
src/lxc/lxc_container.c diff | blob | blame | history
Mirror of https://github.com/libvirt/libvirt.git