Hi, I tripped across an LXC bug that actually appears to be an overlayfs security feature (maybe) and was wondering how to clarify the status of the code. Apparently, Ubuntu is carrying patches that enable this function, and so the question is if these or something more appropriate can be pulled into the mainline kernel or into overlayfs (or perhaps they have been already; the situation is confusing). The issue is that LXC+overlayfs seems to not work in an unprivileged container. A more detailed description, with a particularly simple test case is given in https://github.com/lxc/lxc/issues/1370#issuecomment269845311 Based on searches through google, it seems likely that the reason it does not work is due to one or more privilege-escalation exploits, except that these may or may not be patched already... thus this email. Any advice on how to proceed? --linas -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
