]> git.proxmox.com Git - mirror_lxc.git/commit
projects / mirror_lxc.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 07ece60) | patch
sshd: Don't bind-mount /sbin/init read-write
authorStéphane Graber <stgraber@ubuntu.com>
Wed, 18 Dec 2013 22:06:25 +0000 (23:06 +0100)
committerStéphane Graber <stgraber@ubuntu.com>
Thu, 19 Dec 2013 11:17:39 +0000 (12:17 +0100)
commitf4d5cc8e1f39d132b61e110674528cac727ae0e2
tree98398be4c5e1225d7e03fa1c5cc9a3a246d5441atree
parent07ece60087c22f03fac080edad21a2620d5737efcommit | diff
sshd: Don't bind-mount /sbin/init read-write

lxc-sshd was mounting itself (the template script) as /sbin/init in the
container using a writable bind-mount.

This shouldn't be needed and could lead to quite a few problems should
one of those containers overwrite /sbin/init for some reason.

Instead simply move to a read-only bind-mount which should prevent any
accidental dammage.

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
templates/lxc-sshd.in diff | blob | blame | history
LXC mirror