since I moved from lxc 4.0.4 to 4.0.6 I get
# echo 0 >/proc/sys/net/ipv4/ip_forward
bash: /proc/sys/net/ipv4/ip_forward: Read-only file system
in the container. The man page says
lxc.mount.auto
specify which standard kernel file systems should be
automatically mounted. This may dramatically simplify
the configuration. The file systems are:
o proc:mixed (or proc): mount /proc as read-write, but
remount /proc/sys and /proc/sysrq-trigger read-only
for security / container isolation purposes.
o proc:rw: mount /proc as read-write
How comes it worked before? Hopefully I am not too blind to see,
but the git log doesn't tell that this has been changed.
Every indication of wisdom and knowledge shown here is highly
appreciated
Harri
PS: I found
af9dd246df7c99740f153682e0eb427f1426693d
unmounted proc/sys/net if dropping CAP_NET_ADMIN
apparently introducing the problem for 4.0.6, and
952ab618268b4af2773ed9d8fade817363c28a5c
conf: fix CAP_NET_ADMIN-based mount handling
563ec46266b8967f0ee60e0032bbe66b3b37207c
conf: fix containers retaining CAP_NET_ADMIN
providing the fix (hopefully). Did I miss other related fixes?
Since breaking /proc is a very serious problem I wonder if it would
be reasonable to do an early release lxc 4.0.7, including these fixes?
Regards
Harri