From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id AA0DE1FF15E for ; Mon, 24 Nov 2025 12:36:55 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id B545B209A1; Mon, 24 Nov 2025 12:37:03 +0100 (CET) From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= To: pve-devel@lists.proxmox.com Date: Mon, 24 Nov 2025 12:36:37 +0100 Message-ID: <20251124113659.693748-1-f.gruenbichler@proxmox.com> X-Mailer: git-send-email 2.47.3 MIME-Version: 1.0 X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1763984185651 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.046 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] [PATCH bookworm lxc] fix #7006: do not restrict proc or sys if nested X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" aWYgbmVzdGluZyBpcyBlbmFibGVkLCBpdCBpcyBhbHJlYWR5IHBvc3NpYmxlIHRvIG1vdW50IGEg ZnJlc2ggaW5zdGFuY2Ugb2YKcHJvY2ZzIGFuZCBzeXNmcyBpbnNpZGUgdGhlIGNvbnRhaW5lci4g cHJvdGVjdGluZyB0aGUgb3JpZ2luYWwgb25lIGRvZXMgbm90Cm1ha2UgbXVjaCBzZW5zZSBpbiBz dWNoIGEgc2NlbmFyaW8sIHRoZSBrZXJuZWwgYWxyZWFkeSBwcm90ZWN0cyB0aGUgYml0cyB0aGF0 CmFyZSBvZmYtbGltaXRzIGZvciB1bnByaXZpbGVnZWQgdXNlcnMgYW55d2F5Li4KCnRoaXMgZml4 ZXMgYW4gaXNzdWUgd2l0aCBjZXJ0YWluIG5lc3RlZCBjb250YWluZXIgc2V0dXBzLCBzdWNoIGFz IGEgcmVjZW50CmVub3VnaCBydW5jIG5lc3RlZCBpbnNpZGUgTFhDLgoKU2lnbmVkLW9mZi1ieTog RmFiaWFuIEdyw7xuYmljaGxlciA8Zi5ncnVlbmJpY2hsZXJAcHJveG1veC5jb20+Ckxpbms6IGh0 dHBzOi8vbG9yZS5wcm94bW94LmNvbS8yMDI1MTExMzEzMDkxNC43ODk2OTEtMS1mLmdydWVuYmlj aGxlckBwcm94bW94LmNvbQooY2hlcnJ5IHBpY2tlZCBmcm9tIGNvbW1pdCBkMjRiY2Y5N2RlN2Mz ZTU5ZTNkM2RkMTk5NDViNGNkNDJlNzJkYjQwKQpyZW5hbWVkIHBhdGNoIGZvciBiYWNrcG9ydApT aWduZWQtb2ZmLWJ5OiBGYWJpYW4gR3LDvG5iaWNobGVyIDxmLmdydWVuYmljaGxlckBwcm94bW94 LmNvbT4KLS0tCiAuLi5wcm9jLWFuZC1zeXMtcmVzdHJpY3Rpb25zLWlmLW5lc3RpbmcucGF0Y2gg fCA3MSArKysrKysrKysrKysrKysrKysrCiBkZWJpYW4vcGF0Y2hlcy9zZXJpZXMgICAgICAgICAg ICAgICAgICAgICAgICAgfCAgMSArCiAyIGZpbGVzIGNoYW5nZWQsIDcyIGluc2VydGlvbnMoKykK IGNyZWF0ZSBtb2RlIDEwMDY0NCBkZWJpYW4vcGF0Y2hlcy8wMDAyLWFwcGFybW9yLXNraXAtcHJv Yy1hbmQtc3lzLXJlc3RyaWN0aW9ucy1pZi1uZXN0aW5nLnBhdGNoCgpkaWZmIC0tZ2l0IGEvZGVi aWFuL3BhdGNoZXMvMDAwMi1hcHBhcm1vci1za2lwLXByb2MtYW5kLXN5cy1yZXN0cmljdGlvbnMt aWYtbmVzdGluZy5wYXRjaCBiL2RlYmlhbi9wYXRjaGVzLzAwMDItYXBwYXJtb3Itc2tpcC1wcm9j LWFuZC1zeXMtcmVzdHJpY3Rpb25zLWlmLW5lc3RpbmcucGF0Y2gKbmV3IGZpbGUgbW9kZSAxMDA2 NDQKaW5kZXggMDAwMDAwMC4uMjRiMjU1YQotLS0gL2Rldi9udWxsCisrKyBiL2RlYmlhbi9wYXRj aGVzLzAwMDItYXBwYXJtb3Itc2tpcC1wcm9jLWFuZC1zeXMtcmVzdHJpY3Rpb25zLWlmLW5lc3Rp bmcucGF0Y2gKQEAgLTAsMCArMSw3MSBAQAorRnJvbSAzM2IxMDExMDRlYTc1MGNjN2JiNzIzZmEz NzE1ZmI0MmNkMTc3NjQ1IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQorRnJvbTogPT9VVEYtOD9x P0ZhYmlhbj0yMEdyPUMzPUJDbmJpY2hsZXI/PSA8Zi5ncnVlbmJpY2hsZXJAcHJveG1veC5jb20+ CitEYXRlOiBUaHUsIDEzIE5vdiAyMDI1IDEzOjI1OjA0ICswMTAwCitTdWJqZWN0OiBbUEFUQ0hd IGFwcGFybW9yOiBza2lwIC9wcm9jIGFuZCAvc3lzIHJlc3RyaWN0aW9ucyBpZiBuZXN0aW5nIGlz CisgZW5hYmxlZAorTUlNRS1WZXJzaW9uOiAxLjAKK0NvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsg Y2hhcnNldD1VVEYtOAorQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogOGJpdAorCitpZiBuZXN0 aW5nIGlzIGVuYWJsZWQsIGl0J3MgYWxyZWFkeSBwb3NzaWJsZSB0byBtb3VudCB5b3VyIG93biBp bnN0YW5jZSBvZiBib3RoCisvcHJvYyBhbmQgL3N5cyBpbnNpZGUgdGhlIGNvbnRhaW5lciwgc28g cHJvdGVjdGluZyB0aGUgIm9yaWdpbmFsIiBvbmUgbWFrZXMgbm8KK3NlbnNlLCBidXQgYnJlYWtz IGNlcnRhaW4gbmVzdGVkIGNvbnRhaW5lciBzZXR1cHMuCisKK1NlZTogaHR0cHM6Ly9naXRodWIu Y29tL2x4Yy9pbmN1cy9wdWxsLzI2MjQvY29tbWl0cy8xZmJlNGJmZmI5NzQ4Y2MzYjA3YWFmNWRi MzEwZDQ2M2MxZTgyN2QwCitGaXhlczogaHR0cHM6Ly9idWd6aWxsYS5wcm94bW94LmNvbS9zaG93 X2J1Zy5jZ2k/aWQ9NzAwNgorCitTaWduZWQtb2ZmLWJ5OiBGYWJpYW4gR3LDvG5iaWNobGVyIDxm LmdydWVuYmljaGxlckBwcm94bW94LmNvbT4KKy0tLQorIHNyYy9seGMvbHNtL2FwcGFybW9yLmMg fCAxNSArKysrKysrKysrKystLS0KKyAxIGZpbGUgY2hhbmdlZCwgMTIgaW5zZXJ0aW9ucygrKSwg MyBkZWxldGlvbnMoLSkKKworZGlmZiAtLWdpdCBhL3NyYy9seGMvbHNtL2FwcGFybW9yLmMgYi9z cmMvbHhjL2xzbS9hcHBhcm1vci5jCitpbmRleCBkNjUxNmFlOWYuLmU5ZDQ5NGYxZSAxMDA2NDQK Ky0tLSBhL3NyYy9seGMvbHNtL2FwcGFybW9yLmMKKysrKyBiL3NyYy9seGMvbHNtL2FwcGFybW9y LmMKK0BAIC0xNzAsNiArMTcwLDkgQEAgc3RhdGljIGNvbnN0IGNoYXIgQUFfUFJPRklMRV9CQVNF W10gPQorICIgIG1vdW50IG9wdGlvbnM9KHJ3LG1vdmUpIC9zW155XSp7LC8qKn0sXG4iCisgIiAg bW91bnQgb3B0aW9ucz0ocncsbW92ZSkgL3N5W15zXSp7LC8qKn0sXG4iCisgIiAgbW91bnQgb3B0 aW9ucz0ocncsbW92ZSkgL3N5cz8qeywvKip9LFxuIgorKyJcbiI7CisrCisrc3RhdGljIGNvbnN0 IGNoYXIgQUFfUFJPRklMRV9CQVNFX05PX05FU1RJTkdbXSA9CisgIlxuIgorICIgICMgZ2VuZXJh dGVkIGJ5OiBseGMtZ2VuZXJhdGUtYWEtcnVsZXMucHkgY29udGFpbmVyLXJ1bGVzLmJhc2VcbiIK KyAiICBkZW55IC9wcm9jL3N5cy9bXmtuXSp7LC8qKn0gd2tseCxcbiIKK0BAIC03NTUsNiArNzU4 LDEwIEBAIHN0YXRpYyBjaGFyICpnZXRfYXBwYXJtb3JfcHJvZmlsZV9jb250ZW50KHN0cnVjdCBs c21fb3BzICpvcHMsIHN0cnVjdCBseGNfY29uZiAqCisgCW11c3RfYXBwZW5kX3NpemVkKCZwcm9m aWxlLCAmc2l6ZSwgQUFfUFJPRklMRV9CQVNFLAorIAkgICAgICAgICAgICAgICAgICBTVFJBUlJB WUxFTihBQV9QUk9GSUxFX0JBU0UpKTsKKyAKKysJaWYgKCFjb25mLT5sc21fYWFfYWxsb3dfbmVz dGluZykKKysJCW11c3RfYXBwZW5kX3NpemVkKCZwcm9maWxlLCAmc2l6ZSwgQUFfUFJPRklMRV9C QVNFX05PX05FU1RJTkcsCisrCQkgICAgICAgICAgICAgICAgICBTVFJBUlJBWUxFTihBQV9QUk9G SUxFX0JBU0VfTk9fTkVTVElORykpOworKworIAlhcHBlbmRfYWxsX3JlbW91bnRfcnVsZXMoJnBy b2ZpbGUsICZzaXplKTsKKyAKKyAJaWYgKG9wcy0+YWFfc3VwcG9ydHNfdW5peCkKK0BAIC03Njgs OCArNzc1LDEwIEBAIHN0YXRpYyBjaGFyICpnZXRfYXBwYXJtb3JfcHJvZmlsZV9jb250ZW50KHN0 cnVjdCBsc21fb3BzICpvcHMsIHN0cnVjdCBseGNfY29uZiAqCisgCWlmIChvcHMtPmFhX2Nhbl9z dGFjayAmJiAhb3BzLT5hYV9pc19zdGFja2VkKSB7CisgCQljaGFyICpuYW1lc3BhY2UsICp0ZW1w OworIAorLQkJbXVzdF9hcHBlbmRfc2l6ZWQoJnByb2ZpbGUsICZzaXplLCBBQV9QUk9GSUxFX1NU QUNLSU5HX0JBU0UsCistCQkgICAgICAgICAgICAgICAgICBTVFJBUlJBWUxFTihBQV9QUk9GSUxF X1NUQUNLSU5HX0JBU0UpKTsKKysKKysJCWlmICghY29uZi0+bHNtX2FhX2FsbG93X25lc3Rpbmcp CisrCQkJbXVzdF9hcHBlbmRfc2l6ZWQoJnByb2ZpbGUsICZzaXplLCBBQV9QUk9GSUxFX1NUQUNL SU5HX0JBU0UsCisrCQkJICAgICAgICAgICAgICAgICAgU1RSQVJSQVlMRU4oQUFfUFJPRklMRV9T VEFDS0lOR19CQVNFKSk7CisgCisgCQluYW1lc3BhY2UgPSBhcHBhcm1vcl9uYW1lc3BhY2UoY29u Zi0+bmFtZSwgbHhjcGF0aCk7CisgCQl0ZW1wID0gbXVzdF9jb25jYXQoTlVMTCwgIiAgY2hhbmdl X3Byb2ZpbGUgLT4gXCI6IiwgbmFtZXNwYWNlLCAiOipcIixcbiIKK0BAIC03NzksNyArNzg4LDcg QEAgc3RhdGljIGNoYXIgKmdldF9hcHBhcm1vcl9wcm9maWxlX2NvbnRlbnQoc3RydWN0IGxzbV9v cHMgKm9wcywgc3RydWN0IGx4Y19jb25mICoKKyAKKyAJCW11c3RfYXBwZW5kX3NpemVkKCZwcm9m aWxlLCAmc2l6ZSwgdGVtcCwgc3RybGVuKHRlbXApKTsKKyAJCWZyZWUodGVtcCk7CistCX0gZWxz ZSB7CisrCX0gZWxzZSBpZiAoIWNvbmYtPmxzbV9hYV9hbGxvd19uZXN0aW5nKSB7CisgCQltdXN0 X2FwcGVuZF9zaXplZCgmcHJvZmlsZSwgJnNpemUsIEFBX1BST0ZJTEVfTk9fU1RBQ0tJTkcsCisg CQkgICAgICAgICAgICAgICAgICBTVFJBUlJBWUxFTihBQV9QUk9GSUxFX05PX1NUQUNLSU5HKSk7 CisgCX0KKy0tIAorMi40Ny4zCisKZGlmZiAtLWdpdCBhL2RlYmlhbi9wYXRjaGVzL3NlcmllcyBi L2RlYmlhbi9wYXRjaGVzL3NlcmllcwppbmRleCAyNDdlYzg4Li42M2Q1NGQyIDEwMDY0NAotLS0g YS9kZWJpYW4vcGF0Y2hlcy9zZXJpZXMKKysrIGIvZGViaWFuL3BhdGNoZXMvc2VyaWVzCkBAIC0x LDMgKzEsNCBAQAogMDAwMS1SZXZlcnQtbHNtLWFwcGFybW9yLWFsbG93LXRvLWNoYW5nZS1tb3Vu dC1wcm9wYWdhdGlvLnBhdGNoCiswMDAyLWFwcGFybW9yLXNraXAtcHJvYy1hbmQtc3lzLXJlc3Ry aWN0aW9ucy1pZi1uZXN0aW5nLnBhdGNoCiBwdmUvMDAwMS1QVkUtQ29uZmlnLWRlbnktcnctbW91 bnRpbmctb2Ytc3lzLWFuZC1wcm9jLnBhdGNoCiBwdmUvMDAwMi1QVkUtQ29uZmlnLWF0dGFjaC1h bHdheXMtdXNlLWdldGVudC5wYXRjaAotLSAKMi40Ny4zCgoKCl9fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fCnB2ZS1kZXZlbCBtYWlsaW5nIGxpc3QKcHZlLWRl dmVsQGxpc3RzLnByb3htb3guY29tCmh0dHBzOi8vbGlzdHMucHJveG1veC5jb20vY2dpLWJpbi9t YWlsbWFuL2xpc3RpbmZvL3B2ZS1kZXZlbAo=