From 320277b87f8e75e5f79576dc26b038deb54d9186 Mon Sep 17 00:00:00 2001
From: CyberMind-FR <gandalf@Gk2.net>
Date: Sun, 8 Feb 2026 06:24:09 +0100
Subject: [PATCH] fix(haproxy): Add proc/sys mount to LXC config for lxc-attach

The HAProxy LXC container was missing lxc.mount.auto = proc:mixed sys:ro
which caused lxc-attach to fail with "mount -t proc proc /proc" error.

This prevented the LED watchdog from checking HAProxy status via
lxc-attach -n haproxy -- pgrep haproxy, triggering false SPUNK alerts.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 package/secubox/secubox-app-haproxy/files/usr/sbin/haproxyctl | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/package/secubox/secubox-app-haproxy/files/usr/sbin/haproxyctl b/package/secubox/secubox-app-haproxy/files/usr/sbin/haproxyctl
index 053b4752..ec4cd15b 100644
--- a/package/secubox/secubox-app-haproxy/files/usr/sbin/haproxyctl
+++ b/package/secubox/secubox-app-haproxy/files/usr/sbin/haproxyctl
@@ -276,7 +276,8 @@ lxc.arch = $arch
 # Network: use host network for binding ports
 lxc.net.0.type = none
 
-# Mount points - avoid cgroup:mixed which causes failures on some systems
+# Mount points - proc/sys needed for lxc-attach, avoid cgroup:mixed which causes failures
+lxc.mount.auto = proc:mixed sys:ro
 lxc.mount.entry = $data_path opt/haproxy none bind,create=dir 0 0
 
 # Disable seccomp for compatibility