New mounts of /proc or /sys in usernamespaces are blocked unless unmasked

Solution Verified - Updated -

Issue

  • After updating to RHEL 7.5 the kernel blocks any new mounts of /proc or /sys within an unprivelaged Docker container with usernamespaces enabled.

Environment

  • Red Hat Enterprise Linux 7.5+
  • Docker
  • namespace.unpriv_enable=1
  • kernel-3.10.0-862.6.3.el7

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In