On 3/17/20 10:27 AM, Wolfgang Bumiller wrote:
On 3/17/20 7:35 AM, Thomas Lamprecht wrote:
CONTAINER_INTERFACE[0] is omething systemd people call their API and
we need to adapt to it a bit, even if it means doing stupid
unnecessary things, as else systemd decides to regress and suddenly
break network stack in CT after an upgrade[1].
This mounts the parent /sys as ro, child mounts can be whatever.
Fixes the system regression introduced by[2].
[0]: https://systemd.io/CONTAINER_INTERFACE/
[1]:
https://github.com/systemd/systemd/issues/15101#issuecomment-598607582
[2]:
https://github.com/systemd/systemd/commit/bf331d87171b7750d1c72ab0b140a240c0cf32c3
Signed-off-by: Thomas Lamprecht <t.lampre...@proxmox.com>
---
I hate it.
Just a POC for commenting or picking up, probably belongs in a LXC
config or in
a "per distro, per systemd version" specific thing
Could `sys:mixed` be enough?
sys:mixed is default for privileged btw:
common.conf:46:lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
and becomes rw with user namespaces:
userns.conf:13:lxc.mount.auto = sys:rw
_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel