2014-03-31 19:12:17 |
Serge Hallyn |
description |
Before cgmanager, lxc-container-default-with-nesting needed to allow the container to mount fstype=cgroup. This is no longer needed and is not safe, therefore should no longer be allowed.
(This ignores the fact that proc and sys mounts under /var/cache/lxc allow bypassing proc restrictions currently) |
Before cgmanager, lxc-container-default-with-nesting needed to allow the container to mount fstype=cgroup. This is no longer needed and is not safe, therefore should no longer be allowed. |
|