block /proc/sys access - Githubissues

linuxkit / linuxkit

A toolkit for building secure, portable and lean operating systems for containers

Apache License 2.0

8.29k stars 1.02k forks source link

block /proc/sys access #515

Open justincormack opened 8 years ago

justincormack commented 8 years ago

The apparmor profile normally blocks a bunch of stuff in /proc/sys and /sys but without apparmor we should look at other ways of doing this (eg grsec?).

justincormack commented 8 years ago

You cant apparently bind mount to/from /sys.