Commit 1209d5e8 authored by Colin Walters's avatar Colin Walters

TODO: Update

parent 4b9efbfb
Import read only system
I'd like to make it easy to capture just /usr from the host, without
e.g. /home or any other network mounts. Probably the easiest way to
do this is `--tmpfs-root` or something, and have that auto-create
mount points for `/dev` etc. Then one could `--mount-bind /usr /usr`.
seccomp profile +1
- Look at what Chromium/ChromeOS are doing?
Avoid creating any files as root/share tmpfs
We're creating device nodes owned by root, which means
quota is counted against root. Can we share a tmpfs
that we create as non-root, and ensure every file we
make is owned by the target uid?
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment