mirror of
https://git.proxmox.com/git/mirror_lxc
synced 2025-07-27 05:03:17 +00:00
e6ec0a9e71
RW bind mounts need to be restricted for some paths in order to avoid MAC restriction bypasses, but read-only bind mounts shouldn't have that problem. Additionally, combinations of 'nosuid', 'nodev' and 'noexec' flags shouldn't be a problem either and are required with newer systemd versions, so let's allow those as long as they're combined with 'ro,remount,bind'. Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> |
||
|---|---|---|
| .. | ||
| container-base | ||
| container-base.in | ||
| start-container.in | ||