]> git.ipfire.org Git - thirdparty/lxc.git/commitdiff
projects / thirdparty / lxc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 670c689)
config: allow read-write /sys in user namespace
authorChristian Brauner <christian.brauner@ubuntu.com>
Sun, 13 May 2018 13:02:09 +0000 (15:02 +0200)
committerChristian Brauner <christian.brauner@ubuntu.com>
Mon, 10 Dec 2018 07:22:31 +0000 (08:22 +0100)
Unprivileged containers can safely mount /sys as read-write. This also allows
systemd-udevd to be started in unprivileged containers.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
config/templates/userns.conf.in patch | blob | blame | history

diff --git a/config/templates/userns.conf.in b/config/templates/userns.conf.in
index 63d018964c478eb17b4a326b17ec669927e37a94..23b1d4b7ffd895f1ed15064d25eda4413cbee172 100644 (file)
--- a/config/templates/userns.conf.in
+++ b/config/templates/userns.conf.in
@@ -8,3 +8,6 @@ lxc.cap.keep =
 
 # We can't move bind-mounts, so don't use /dev/lxc/
 lxc.devttydir =
+
+# Setup the default mounts
+lxc.mount.auto = sys:rw
Mirror of https://github.com/lxc/lxc.git