Serge E. Hallyn wrote: > Looks good. In the very last part, you might say just a little more to > make sure it's clear: You want to mount -o newinstance before sshd > or gnome is started in the root container, so that a child container > can't reach your devpts by doing a mount -t devpts without -o > newinstance. It's not that it's not clear in what you write, it's > more that it's at the very end and brief, so I'm afraid it's not > attention-grabbing enough as is. Actually, you should just enable newinstance everywhere, in particular in your fstab, so that ALL instances of devpts in the system have newinstance (leaving the legacy one unreachable.) In that sense I think your text above is more confusing than what Sukadev had. -hpa _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
