How can I set proc (/proc) mount options for an LXC container on ProxmoxVE 4.2 (using ZFS storage)? I am talking about hidepid=2, which means: Users are only able too see their own processes (like with hidepid=1), but also the other process IDs are hidden for them in /proc.
On Proxmox 3.4 this was possible for OpenVZ containers simply by adding the following line to /etc/fstab inside the container:
This won't work in a LXC container...
On Proxmox 3.4 this was possible for OpenVZ containers simply by adding the following line to /etc/fstab inside the container:
Code:
proc /proc proc defaults,noexec,nosuid,nodev,hidepid=2 0 0
This won't work in a LXC container...
Code:
$ mount | grep proc
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
proc on /proc/sys/net type proc (rw,nosuid,nodev,noexec,relatime)
proc on /proc/sys type proc (ro,nosuid,nodev,noexec,relatime)
proc on /proc/sysrq-trigger type proc (ro,nosuid,nodev,noexec,relatime)
lxcfs on /proc/cpuinfo type fuse.lxcfs (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other)
lxcfs on /proc/diskstats type fuse.lxcfs (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other)
lxcfs on /proc/meminfo type fuse.lxcfs (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other)
lxcfs on /proc/stat type fuse.lxcfs (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other)
lxcfs on /proc/swaps type fuse.lxcfs (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other)
lxcfs on /proc/uptime type fuse.lxcfs (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other)