What | Removed | Added |
---|---|---|
CC | asarai@suse.com |
I know I'm late to the party here, but I would suggest you shouldn't be mounting /proc yourself inside a container -- especially if you are running privileged code. There are all sorts of container escapes that can occur if you have a /proc mount without any masked paths (for instance, /proc/sysrq-trigger). Instead, if you really need it for a chroot(2) then you should rbind-mount the host's /proc (which does have all of correct parts mounted-over).