From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 252071FF17E for ; Thu, 13 Nov 2025 14:08:34 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id CCA5E1BC44; Thu, 13 Nov 2025 14:09:22 +0100 (CET) From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= To: pve-devel@lists.proxmox.com Date: Thu, 13 Nov 2025 14:08:01 +0100 Message-ID: <20251113130914.789691-1-f.gruenbichler@proxmox.com> X-Mailer: git-send-email 2.47.3 MIME-Version: 1.0 X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1763039329725 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.047 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] [PATCH lxc] fix #7006: do not restrict proc or sys if nested X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" aWYgbmVzdGluZyBpcyBlbmFibGVkLCBpdCBpcyBhbHJlYWR5IHBvc3NpYmxlIHRvIG1vdW50IGEg ZnJlc2ggaW5zdGFuY2Ugb2YKcHJvY2ZzIGFuZCBzeXNmcyBpbnNpZGUgdGhlIGNvbnRhaW5lci4g cHJvdGVjdGluZyB0aGUgb3JpZ2luYWwgb25lIGRvZXMgbm90Cm1ha2UgbXVjaCBzZW5zZSBpbiBz dWNoIGEgc2NlbmFyaW8sIHRoZSBrZXJuZWwgYWxyZWFkeSBwcm90ZWN0cyB0aGUgYml0cyB0aGF0 CmFyZSBvZmYtbGltaXRzIGZvciB1bnByaXZpbGVnZWQgdXNlcnMgYW55d2F5Li4KCnRoaXMgZml4 ZXMgYW4gaXNzdWUgd2l0aCBjZXJ0YWluIG5lc3RlZCBjb250YWluZXIgc2V0dXBzLCBzdWNoIGFz IGEgcmVjZW50CmVub3VnaCBydW5jIG5lc3RlZCBpbnNpZGUgTFhDLgoKU2lnbmVkLW9mZi1ieTog RmFiaWFuIEdyw7xuYmljaGxlciA8Zi5ncnVlbmJpY2hsZXJAcHJveG1veC5jb20+Ci0tLQp0ZXN0 ZWQgdXNpbmcgdGhlIHJlcHJvZHVjZXIgZnJvbSBCWgoKIC4uLnByb2MtYW5kLXN5cy1yZXN0cmlj dGlvbnMtaWYtbmVzdGluZy5wYXRjaCB8IDcxICsrKysrKysrKysrKysrKysrKysKIGRlYmlhbi9w YXRjaGVzL3NlcmllcyAgICAgICAgICAgICAgICAgICAgICAgICB8ICAxICsKIDIgZmlsZXMgY2hh bmdlZCwgNzIgaW5zZXJ0aW9ucygrKQogY3JlYXRlIG1vZGUgMTAwNjQ0IGRlYmlhbi9wYXRjaGVz L2FwcGFybW9yLzAwMDMtYXBwYXJtb3Itc2tpcC1wcm9jLWFuZC1zeXMtcmVzdHJpY3Rpb25zLWlm LW5lc3RpbmcucGF0Y2gKCmRpZmYgLS1naXQgYS9kZWJpYW4vcGF0Y2hlcy9hcHBhcm1vci8wMDAz LWFwcGFybW9yLXNraXAtcHJvYy1hbmQtc3lzLXJlc3RyaWN0aW9ucy1pZi1uZXN0aW5nLnBhdGNo IGIvZGViaWFuL3BhdGNoZXMvYXBwYXJtb3IvMDAwMy1hcHBhcm1vci1za2lwLXByb2MtYW5kLXN5 cy1yZXN0cmljdGlvbnMtaWYtbmVzdGluZy5wYXRjaApuZXcgZmlsZSBtb2RlIDEwMDY0NAppbmRl eCAwMDAwMDAwLi40NGI5NDU0Ci0tLSAvZGV2L251bGwKKysrIGIvZGViaWFuL3BhdGNoZXMvYXBw YXJtb3IvMDAwMy1hcHBhcm1vci1za2lwLXByb2MtYW5kLXN5cy1yZXN0cmljdGlvbnMtaWYtbmVz dGluZy5wYXRjaApAQCAtMCwwICsxLDcxIEBACitGcm9tIDMzYjEwMTEwNGVhNzUwY2M3YmI3MjNm YTM3MTVmYjQyY2QxNzc2NDUgTW9uIFNlcCAxNyAwMDowMDowMCAyMDAxCitGcm9tOiA9P1VURi04 P3E/RmFiaWFuPTIwR3I9QzM9QkNuYmljaGxlcj89IDxmLmdydWVuYmljaGxlckBwcm94bW94LmNv bT4KK0RhdGU6IFRodSwgMTMgTm92IDIwMjUgMTM6MjU6MDQgKzAxMDAKK1N1YmplY3Q6IFtQQVRD SF0gYXBwYXJtb3I6IHNraXAgL3Byb2MgYW5kIC9zeXMgcmVzdHJpY3Rpb25zIGlmIG5lc3Rpbmcg aXMKKyBlbmFibGVkCitNSU1FLVZlcnNpb246IDEuMAorQ29udGVudC1UeXBlOiB0ZXh0L3BsYWlu OyBjaGFyc2V0PVVURi04CitDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA4Yml0CisKK2lmIG5l c3RpbmcgaXMgZW5hYmxlZCwgaXQncyBhbHJlYWR5IHBvc3NpYmxlIHRvIG1vdW50IHlvdXIgb3du IGluc3RhbmNlIG9mIGJvdGgKKy9wcm9jIGFuZCAvc3lzIGluc2lkZSB0aGUgY29udGFpbmVyLCBz byBwcm90ZWN0aW5nIHRoZSAib3JpZ2luYWwiIG9uZSBtYWtlcyBubworc2Vuc2UsIGJ1dCBicmVh a3MgY2VydGFpbiBuZXN0ZWQgY29udGFpbmVyIHNldHVwcy4KKworU2VlOiBodHRwczovL2dpdGh1 Yi5jb20vbHhjL2luY3VzL3B1bGwvMjYyNC9jb21taXRzLzFmYmU0YmZmYjk3NDhjYzNiMDdhYWY1 ZGIzMTBkNDYzYzFlODI3ZDAKK0ZpeGVzOiBodHRwczovL2J1Z3ppbGxhLnByb3htb3guY29tL3No b3dfYnVnLmNnaT9pZD03MDA2CisKK1NpZ25lZC1vZmYtYnk6IEZhYmlhbiBHcsO8bmJpY2hsZXIg PGYuZ3J1ZW5iaWNobGVyQHByb3htb3guY29tPgorLS0tCisgc3JjL2x4Yy9sc20vYXBwYXJtb3Iu YyB8IDE1ICsrKysrKysrKysrKy0tLQorIDEgZmlsZSBjaGFuZ2VkLCAxMiBpbnNlcnRpb25zKCsp LCAzIGRlbGV0aW9ucygtKQorCitkaWZmIC0tZ2l0IGEvc3JjL2x4Yy9sc20vYXBwYXJtb3IuYyBi L3NyYy9seGMvbHNtL2FwcGFybW9yLmMKK2luZGV4IGQ2NTE2YWU5Zi4uZTlkNDk0ZjFlIDEwMDY0 NAorLS0tIGEvc3JjL2x4Yy9sc20vYXBwYXJtb3IuYworKysrIGIvc3JjL2x4Yy9sc20vYXBwYXJt b3IuYworQEAgLTE3MCw2ICsxNzAsOSBAQCBzdGF0aWMgY29uc3QgY2hhciBBQV9QUk9GSUxFX0JB U0VbXSA9CisgIiAgbW91bnQgb3B0aW9ucz0ocncsbW92ZSkgL3NbXnldKnssLyoqfSxcbiIKKyAi ICBtb3VudCBvcHRpb25zPShydyxtb3ZlKSAvc3lbXnNdKnssLyoqfSxcbiIKKyAiICBtb3VudCBv cHRpb25zPShydyxtb3ZlKSAvc3lzPyp7LC8qKn0sXG4iCisrIlxuIjsKKysKKytzdGF0aWMgY29u c3QgY2hhciBBQV9QUk9GSUxFX0JBU0VfTk9fTkVTVElOR1tdID0KKyAiXG4iCisgIiAgIyBnZW5l cmF0ZWQgYnk6IGx4Yy1nZW5lcmF0ZS1hYS1ydWxlcy5weSBjb250YWluZXItcnVsZXMuYmFzZVxu IgorICIgIGRlbnkgL3Byb2Mvc3lzL1tea25dKnssLyoqfSB3a2x4LFxuIgorQEAgLTc1NSw2ICs3 NTgsMTAgQEAgc3RhdGljIGNoYXIgKmdldF9hcHBhcm1vcl9wcm9maWxlX2NvbnRlbnQoc3RydWN0 IGxzbV9vcHMgKm9wcywgc3RydWN0IGx4Y19jb25mICoKKyAJbXVzdF9hcHBlbmRfc2l6ZWQoJnBy b2ZpbGUsICZzaXplLCBBQV9QUk9GSUxFX0JBU0UsCisgCSAgICAgICAgICAgICAgICAgIFNUUkFS UkFZTEVOKEFBX1BST0ZJTEVfQkFTRSkpOworIAorKwlpZiAoIWNvbmYtPmxzbV9hYV9hbGxvd19u ZXN0aW5nKQorKwkJbXVzdF9hcHBlbmRfc2l6ZWQoJnByb2ZpbGUsICZzaXplLCBBQV9QUk9GSUxF X0JBU0VfTk9fTkVTVElORywKKysJCSAgICAgICAgICAgICAgICAgIFNUUkFSUkFZTEVOKEFBX1BS T0ZJTEVfQkFTRV9OT19ORVNUSU5HKSk7CisrCisgCWFwcGVuZF9hbGxfcmVtb3VudF9ydWxlcygm cHJvZmlsZSwgJnNpemUpOworIAorIAlpZiAob3BzLT5hYV9zdXBwb3J0c191bml4KQorQEAgLTc2 OCw4ICs3NzUsMTAgQEAgc3RhdGljIGNoYXIgKmdldF9hcHBhcm1vcl9wcm9maWxlX2NvbnRlbnQo c3RydWN0IGxzbV9vcHMgKm9wcywgc3RydWN0IGx4Y19jb25mICoKKyAJaWYgKG9wcy0+YWFfY2Fu X3N0YWNrICYmICFvcHMtPmFhX2lzX3N0YWNrZWQpIHsKKyAJCWNoYXIgKm5hbWVzcGFjZSwgKnRl bXA7CisgCistCQltdXN0X2FwcGVuZF9zaXplZCgmcHJvZmlsZSwgJnNpemUsIEFBX1BST0ZJTEVf U1RBQ0tJTkdfQkFTRSwKKy0JCSAgICAgICAgICAgICAgICAgIFNUUkFSUkFZTEVOKEFBX1BST0ZJ TEVfU1RBQ0tJTkdfQkFTRSkpOworKworKwkJaWYgKCFjb25mLT5sc21fYWFfYWxsb3dfbmVzdGlu ZykKKysJCQltdXN0X2FwcGVuZF9zaXplZCgmcHJvZmlsZSwgJnNpemUsIEFBX1BST0ZJTEVfU1RB Q0tJTkdfQkFTRSwKKysJCQkgICAgICAgICAgICAgICAgICBTVFJBUlJBWUxFTihBQV9QUk9GSUxF X1NUQUNLSU5HX0JBU0UpKTsKKyAKKyAJCW5hbWVzcGFjZSA9IGFwcGFybW9yX25hbWVzcGFjZShj b25mLT5uYW1lLCBseGNwYXRoKTsKKyAJCXRlbXAgPSBtdXN0X2NvbmNhdChOVUxMLCAiICBjaGFu Z2VfcHJvZmlsZSAtPiBcIjoiLCBuYW1lc3BhY2UsICI6KlwiLFxuIgorQEAgLTc3OSw3ICs3ODgs NyBAQCBzdGF0aWMgY2hhciAqZ2V0X2FwcGFybW9yX3Byb2ZpbGVfY29udGVudChzdHJ1Y3QgbHNt X29wcyAqb3BzLCBzdHJ1Y3QgbHhjX2NvbmYgKgorIAorIAkJbXVzdF9hcHBlbmRfc2l6ZWQoJnBy b2ZpbGUsICZzaXplLCB0ZW1wLCBzdHJsZW4odGVtcCkpOworIAkJZnJlZSh0ZW1wKTsKKy0JfSBl bHNlIHsKKysJfSBlbHNlIGlmICghY29uZi0+bHNtX2FhX2FsbG93X25lc3RpbmcpIHsKKyAJCW11 c3RfYXBwZW5kX3NpemVkKCZwcm9maWxlLCAmc2l6ZSwgQUFfUFJPRklMRV9OT19TVEFDS0lORywK KyAJCSAgICAgICAgICAgICAgICAgIFNUUkFSUkFZTEVOKEFBX1BST0ZJTEVfTk9fU1RBQ0tJTkcp KTsKKyAJfQorLS0gCisyLjQ3LjMKKwpkaWZmIC0tZ2l0IGEvZGViaWFuL3BhdGNoZXMvc2VyaWVz IGIvZGViaWFuL3BhdGNoZXMvc2VyaWVzCmluZGV4IDVmM2YwYjYuLmEyZjJhZDQgMTAwNjQ0Ci0t LSBhL2RlYmlhbi9wYXRjaGVzL3NlcmllcworKysgYi9kZWJpYW4vcGF0Y2hlcy9zZXJpZXMKQEAg LTEsNCArMSw1IEBACiBhcHBhcm1vci8wMDAxLWFwcGFybW9yLWFsbG93LWx4Yy1zdGFydC10by1j cmVhdGUtdXNlci1uYW1lc3BhY2VzLnBhdGNoCiBhcHBhcm1vci8wMDAyLWFwcGFybW9yLXVzZS1h YmktZGlyZWN0aXZlLWluLWFwcGFybW9yLXByb2ZpbGVzLnBhdGNoCithcHBhcm1vci8wMDAzLWFw cGFybW9yLXNraXAtcHJvYy1hbmQtc3lzLXJlc3RyaWN0aW9ucy1pZi1uZXN0aW5nLnBhdGNoCiBw dmUvMDAwMS1QVkUtQ29uZmlnLWRlbnktcnctbW91bnRpbmctb2Ytc3lzLWFuZC1wcm9jLnBhdGNo CiBwdmUvMDAwMi1QVkUtQ29uZmlnLWF0dGFjaC1hbHdheXMtdXNlLWdldGVudC5wYXRjaAotLSAK Mi40Ny4zCgoKCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f CnB2ZS1kZXZlbCBtYWlsaW5nIGxpc3QKcHZlLWRldmVsQGxpc3RzLnByb3htb3guY29tCmh0dHBz Oi8vbGlzdHMucHJveG1veC5jb20vY2dpLWJpbi9tYWlsbWFuL2xpc3RpbmZvL3B2ZS1kZXZlbAo=