A follow-up: I assume the same applies to sys:mixed vs. sys:rw, correct? Todor
> On 23. May 2018, at 19:09, Christian Brauner <[email protected]> wrote: > > On Wed, May 23, 2018 at 06:13:02PM +0200, Dr. Todor Dimitrov wrote: >> Hallo, >> >> is there any security benefit of using proc:mixed inside an unprivileged >> container? Or does proc:rw deliver the same level of isolation? > > There's no security benefit for unprivileged containers. They can't > change /proc/sys and /proc/sysrq-trigger. If they can and the file isn't > namespaced it's a bug. > > Christian > >> >> lxc.mount.auto = proc:mixed >> >> vs. >> >> lxc.mount.auto = proc:rw >> >> Thanks in advance, >> Todor >> > > > >> _______________________________________________ >> lxc-users mailing list >> [email protected] >> http://lists.linuxcontainers.org/listinfo/lxc-users > > _______________________________________________ > lxc-users mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-users
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
