From 6b707f2cb2bc7ecb8f7b10466bcc983559dfafc0 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
Date: Tue, 7 Jun 2016 11:11:20 +0200
Subject: [PATCH] add bind mount warning

---
 pct.adoc | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/pct.adoc b/pct.adoc
index dc9f446..014e48d 100644
--- a/pct.adoc
+++ b/pct.adoc
@@ -382,6 +382,12 @@ mounting mechanisms or storage technologies, it is possible to
 establish the FUSE mount on the Proxmox host and use a bind
 mount point to make it accessible inside the container.
 
+WARNING: For security reasons, bind mounts should only be established
+using source directories especially reserved for this purpose, e.g., a
+directory hierarchy under `/mnt/bindmounts`. Never bind mount system
+directories like `/`, `/var` or `/etc` into a container - this poses a
+great security risk. The bind mount source path must not contain any symlinks.
+
 The root mount point is configured with the 'rootfs' property, and you can
 configure up to 10 additional mount points. The corresponding options
 are called 'mp0' to 'mp9', and they can contain the following setting:
-- 
2.39.2