]> git.proxmox.com Git - pve-container.git/commit
projects / pve-container.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 425b62c) | patch
unshare lxc-start into a slave mount namespace
authorWolfgang Bumiller <w.bumiller@proxmox.com>
Thu, 12 Nov 2015 13:00:27 +0000 (14:00 +0100)
committerDietmar Maurer <dietmar@proxmox.com>
Fri, 13 Nov 2015 11:00:58 +0000 (12:00 +0100)
commit4162edaea3452a3ffba85db95774c3615fb47cff
treecc873ad02a5cc3b4d63289093e7e81fd21eb6701tree
parent425b62cbc4e0638a1be1bf69995f39ce8c5f797dcommit | diff
unshare lxc-start into a slave mount namespace

The rationale here is simply that if the host can see all
the mounts, then any program on the host entering a new
mount namespace can keep the mountpoints active.
This can potentially lead to hard-to-track problems with
multiple mount protection or NFS storages not syncing to the
end when stop-migrating a container to another node.
src/PVE/API2/LXC/Status.pm diff | blob | blame | history
PVE Container Toolkit