Safe default /dev mounts? #202
Comments
|
Somebody just pointed me at https://github.com/opencontainers/runc/blob/main/libcontainer/SPEC.md#filesystem which looks like a good list of which device files should be bind-mounted. |
|
Hi, you can mount all those things with bind mounts, so the question is if there is really a needeat all to have a flag for default devices. On the other hand, a flag could make it so that the devices would be mknod-ed instead of bind mounted. But I am not sure if that is really a difference. |
|
I think the main benefit would be saving people from the effort of looking up that list of common device files, since it seems like a pretty normal thing to want all of those devices. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
Would it be possible for nsjail to either mount some of /dev by default, or add a flag to do that? I see mentions of /dev/urandom and /dev/null in the README, but there are also /dev/zero, /dev/stdin, and a handful of other things in dev that seem like they would be safe and useful to bind-mount by default.
The text was updated successfully, but these errors were encountered: