This update resolved the above issue by using a read-only bind-mount
instead preventing any form of potentially accidental damage.
The container config is owned by the admin or user on the host, so we
do not try to guard against bad entries. However, since the mount
target is in the container, it’s possible that the container admin
could divert the mount with symbolic links. This could bypass proper
container startup (i.e. confinement of a root-owned container by the
restrictive apparmor policy, by diverting the required write to
/proc/self/attr/current), or bypass the (path-based) apparmor policy
by diverting, say, /proc to /mnt in the container.
This update implements a safe_mount() function that prevents lxc from
doing mounts onto symbolic links.