Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

use lxc.auto.mount to ensure proc and sys are readonly #10205

Merged
merged 1 commit into from
Jan 21, 2015
Merged

use lxc.auto.mount to ensure proc and sys are readonly #10205

merged 1 commit into from
Jan 21, 2015

Conversation

ashahab-altiscale
Copy link
Contributor

Set lxc.auto.mount = proc:mixed in unprivilged mode. This ensures that lxc mounts sys and proc/sysrq-trigger as readonly.

Merge after #10190

@ashahab-altiscale
use lxc.auto.mount to ensure proc and sys are readonly
d821c63 
Set lxc.auto.mount = proc:mixed in unprivilged mode. This ensures that lxc mounts sys and proc/sysrq-trigger as readonly.
Signed-off-by: Abin Shahab <ashahab@altiscale.com> (github: ashahab-altiscale)
Docker-DCO-1.1-Signed-off-by: Abin Shahab <ashahab@altiscale.com> (github: ashahab-altiscale)
@SvenDowideit
Copy link
Contributor

this needs documenation - and please, include any contrasts bewteen the lxc driver and the libcontainer one.

@jessfraz
Copy link
Contributor

I'm running this on jenkins here https://jenkins.dockerproject.com/job/LXC%20PR%20Test/label=ubuntu-aufs-lxc/4/console

@crosbymichael
Copy link
Contributor

@ashahab-altiscale you will have to rebase now that your other PR is merged

@ashahab-altiscale ashahab-altiscale force-pushed the 9875-non-privileged-proc-sys branch 2 times, most recently from 69c7526 to d821c63 Compare January 20, 2015 05:28
@ashahab-altiscale
Copy link
Contributor Author

@SvenDowideit @dineshs-altiscale @crosbymichael rebased and documented.
@jfrazelle Can you launch a new jenkins build?

@jessfraz
Copy link
Contributor

it's building here https://jenkins.dockerproject.com/job/LXC%20PR%20Test/label=ubuntu-aufs-lxc/4/console :)

@jessfraz
Copy link
Contributor

wrong link sorry, here: https://jenkins.dockerproject.com/job/LXC%20PR%20Test/5/console

and here: https://jenkins.dockerproject.com/job/LXC%20PR%20Test/label=ubuntu-aufs-lxc/5/console

@jessfraz
Copy link
Contributor

LGTM

@dineshs-altiscale
Copy link
Contributor

LGTM

@ashahab-altiscale is having a productive week! : )

@jessfraz
Copy link
Contributor

👍 ping @crosbymichael

@crosbymichael
Copy link
Contributor

LGTM

crosbymichael added a commit that referenced this pull request Jan 21, 2015
@crosbymichael
Merge pull request #10205 from ashahab-altiscale/9875-non-privileged-…
cac17f9 
…proc-sys

use lxc.auto.mount to ensure proc and sys are readonly
@crosbymichael crosbymichael merged commit cac17f9 into moby:master Jan 21, 2015
@SvenDowideit SvenDowideit mentioned this pull request Jan 27, 2015
Merged
@ashahab-altiscale ashahab-altiscale mentioned this pull request Feb 3, 2015
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@ashahab-altiscale @SvenDowideit @jessfraz @crosbymichael @dineshs-altiscale