Comment 4 for bug 1476662
Revision history for this message
| Roman Fiedler (roman-fiedler-deactivatedaccount) wrote | #4 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
2eb648a
demo site
(Get the code!)
The pivot_root part looks more solid - the "." -> "." should make any symlink trickery with host / impossible here, the MS_SLAVE should do the rest. But perhaps someone else may take a look ...
The apparmor modification may still work, I do not see major differences preventing it. Do you know of critical features allowed in lxc-start that would be disabled by standard container profile with that?
25741 open("/
25741 write(11, "changeprofile lxc-container-