since I moved from lxc 4.0.4 to 4.0.6 I get
# echo 0 >/proc/sys/net/ipv4/ip_forward
bash: /proc/sys/net/ipv4/ip_forward: Read-only file system
in the container. The man page says
specify which standard kernel file systems should be
automatically mounted. This may dramatically simplify
the configuration. The file systems are:
o proc:mixed (or proc): mount /proc as read-write, but
remount /proc/sys and /proc/sysrq-trigger read-only
for security / container isolation purposes.
o proc:rw: mount /proc as read-write
How comes it worked before? Hopefully I am not too blind to see,
but the git log doesn't tell that this has been changed.
Every indication of wisdom and knowledge shown here is highly
PS: I found
unmounted proc/sys/net if dropping CAP_NET_ADMIN
apparently introducing the problem for 4.0.6, and
conf: fix CAP_NET_ADMIN-based mount handling
conf: fix containers retaining CAP_NET_ADMIN
providing the fix (hopefully). Did I miss other related fixes?
Since breaking /proc is a very serious problem I wonder if it would
be reasonable to do an early release lxc 4.0.7, including these fixes?