Looking through the top Google results on how to bind-mount a directory from the host-server into the lxc-server I notice that:
* Stéphane Graber's "LXC 1.0: Advanced container usage [3/10]" post ( https://www.stgraber.org/2013/12/21/lxc-1-0-advanced-container-usage/ ) makes use of the **relative** mount point (in the lxc-server's fstab config file on the host-server) * Unfortunately the **official**(?) Debian LXC wiki page on "LXC" has the topic "Bind mounts inside the container" ( https://wiki.debian.org/LXC#Bind_mounts_inside_the_container ) which uses the lxc.mount.entry line in the config file **and** makes use of an **absolute** mount point. So those following the official Debian LXC documentation will be caught by this security patch. ;-( Just to be definite: changing all lxc.mount.entry mount points to **relative** paths is a current workaround. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1476662 Title: lxc-start symlink vulnerabilities may allow guest to read host filesystem, interfere with apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
