git.proxmox.com Git - mirror_lxc.git/commit

author	Christian Seiler <christian@iwakd.de>
	Sat, 3 May 2014 18:57:46 +0000 (20:57 +0200)
committer	Serge Hallyn <serge.hallyn@ubuntu.com>
	Tue, 6 May 2014 15:20:10 +0000 (10:20 -0500)
commit	0769b82a42ccdb8daa378b493be8ea092a283b24
tree	d4b5a112c8edc3dd95b0e7f3965ae8b50c916fe8	tree
parent	bab88e68940f5acc451b0d0e9450292fcc9ef44c	commit \| diff

lxc.mount.auto: improve defaults for cgroup and cgroup-full

If the user specifies cgroup or cgroup-full without a specifier (:ro,
:rw or :mixed), this changes the behavior. Previously, these were
simple aliases for the :mixed variants; now they depend on whether the
container also has CAP_SYS_ADMIN; if it does they resolve to the :rw
variants, if it doesn't to the :mixed variants (as before).

If a container has CAP_SYS_ADMIN privileges, any filesystem can be
remounted read-write from within, so initially mounting the cgroup
filesystems partially read-only as a default creates a false sense of
security. It is better to default to full read-write mounts to show the
administrator what keeping CAP_SYS_ADMIN entails.

If an administrator really wants both CAP_SYS_ADMIN and the :mixed
variant of cgroup or cgroup-full automatic mounts, they can still
specify that explicitly; this commit just changes the default without
specifier.

Signed-off-by: Christian Seiler <christian@iwakd.de>
Cc: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

doc/lxc.container.conf.sgml.in		diff \| blob \| blame \| history
src/lxc/cgfs.c		diff \| blob \| blame \| history
src/lxc/conf.c		diff \| blob \| blame \| history
src/lxc/conf.h		diff \| blob \| blame \| history
src/lxc/confile.c		diff \| blob \| blame \| history