On Thu, 13 Nov 2025 14:08:01 +0100, Fabian Grünbichler wrote:
> if nesting is enabled, it is already possible to mount a fresh instance of
> procfs and sysfs inside the container. protecting the original one does not
> make much sense in such a scenario, the kernel already protects the bits that
> are off-limits for unprivileged users anyway..
>
> this fixes an issue with certain nested container setups, such as a recent
> enough runc nested inside LXC.
>
> [...]
Applied, thanks!
[1/1] fix #7006: do not restrict proc or sys if nested
commit: d24bcf97de7c3e59e3d3dd19945b4cd42e72db40
_______________________________________________
pve-devel mailing list
[email protected]
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
