From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Sun, 13 May 2018 13:02:09 +0000 (+0200)
Subject: config: allow read-write /sys in user namespace
X-Git-Tag: lxc-2.0.10~135
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=06c2e8932f5cc1c4de4a73ceced3fcb2e79f3952;p=thirdparty%2Flxc.git

config: allow read-write /sys in user namespace

Unprivileged containers can safely mount /sys as read-write. This also allows
systemd-udevd to be started in unprivileged containers.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---

diff --git a/config/templates/userns.conf.in b/config/templates/userns.conf.in
index 63d018964..23b1d4b7f 100644
--- a/config/templates/userns.conf.in
+++ b/config/templates/userns.conf.in
@@ -8,3 +8,6 @@ lxc.cap.keep =
 
 # We can't move bind-mounts, so don't use /dev/lxc/
 lxc.devttydir =
+
+# Setup the default mounts
+lxc.mount.auto = sys:rw