You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently we're completely ignoring the mount section from config.json.
That's obviously not exactly ideal as there may occasionally be reasonable requests in there which are actually required for a container :)
We should add logic to ignore all the stuff we mount ourselves (/dev, /proc, /sys, /sys/fs/cgroup, /dev/mqueue, /dev/pts, ...) but then for the stuff that we're not handling, effectively turn it into liblxc config so long as it's something that looks safe (would probably initially restrict to tmpfs).
The text was updated successfully, but these errors were encountered:
Currently we're completely ignoring the mount section from
config.json.That's obviously not exactly ideal as there may occasionally be reasonable requests in there which are actually required for a container :)
We should add logic to ignore all the stuff we mount ourselves (/dev, /proc, /sys, /sys/fs/cgroup, /dev/mqueue, /dev/pts, ...) but then for the stuff that we're not handling, effectively turn it into liblxc config so long as it's something that looks safe (would probably initially restrict to tmpfs).
The text was updated successfully, but these errors were encountered: