On Mon, 24 Nov 2025 12:36:37 +0100, Fabian Grünbichler wrote:
> if nesting is enabled, it is already possible to mount a fresh instance of
> procfs and sysfs inside the container. protecting the original one does not
> make much sense in such a scenario, the kernel already protects the bits that
> are off-limits for unprivileged users anyway..
>
> this fixes an issue with certain nested container setups, such as a recent
> enough runc nested inside LXC.
>
> [...]
Applied, thanks!
[1/1] fix #7006: do not restrict proc or sys if nested
commit: 864c1d3367882cfc5545384b3a6ea931c2dad739
_______________________________________________
pve-devel mailing list
[email protected]
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
