On 05/11/2012 10:48 AM, Daniel P. Berrange wrote: > From: "Daniel P. Berrange" <berrange@xxxxxxxxxx> > > Currently to make sysfs readonly, we remount the existing > instance and then bind it readonly. Unfortunately this means > sysfs is still showing device objects wrt the host OS namespace. > We need it to reflect the container namespace, so we must mount > a completely new instance of it. Do the same for selinuxfs since > there is no benefit to bind mounting & this lets us simplify > the code. > > * src/lxc/lxc_container.c: Mount fresh sysfs instance > > Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx> > --- > src/lxc/lxc_container.c | 32 +++++++++++--------------------- > 1 file changed, 11 insertions(+), 21 deletions(-) > ACK. -- Eric Blake eblake@xxxxxxxxxx +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list