]> git.ipfire.org Git - thirdparty/lxc.git/commit
projects / thirdparty / lxc.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8f47bc3) | patch
oracle template: restrict writeability in /proc and /sys
authorDwight Engen <dwight.engen@oracle.com>
Wed, 23 Oct 2013 21:03:40 +0000 (17:03 -0400)
committerStéphane Graber <stgraber@ubuntu.com>
Thu, 24 Oct 2013 01:52:16 +0000 (21:52 -0400)
commit33662399da0d6d29a2a49b36fe5394741e068ef0
tree6463bb7d569660e6b51be86a15a6d05e57d747e4tree
parent8f47bc3f318b84886e86fe3e71e37c9a9d3b79d8commit | diff
oracle template: restrict writeability in /proc and /sys

Note that since we don't drop CAP_SYS_ADMIN, root in the container can
remount proc or sys however they want to, however this at least improves
the default situation.

Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
templates/lxc-oracle.in diff | blob | blame | history
Mirror of https://github.com/lxc/lxc.git