[gentoo-commits] repo/gentoo:master commit in: app-emulation/lxc/ - gentoo-commits

From:	Markos Chandras <hwoarang@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: app-emulation/lxc/
Date:	Mon, 05 Oct 2015 17:12:03
Message-Id:	`1441409532.a226893bb48e8979b054b1b8cb463402a8d58e27.hwoarang@gentoo`

1

commit:     a226893bb48e8979b054b1b8cb463402a8d58e27

2

Author:     Jakub Jirutka <jakub <AT> jirutka <DOT> cz>

3

AuthorDate: Fri Sep  4 23:32:12 2015 +0000

4

Commit:     Markos Chandras <hwoarang <AT> gentoo <DOT> org>

5

CommitDate: Fri Sep  4 23:32:12 2015 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a226893b

7

8

app-emulation/lxc: GRKERNSEC_SYSFS_RESTRICT is incompatible with unprivileged containers

9

10

Since lxc-1.1.0 unprivileged containers fail to mount sysfs if

11

GRKERNSEC_SYSFS_RESTRICT is enabled:

12

13

    lxc-start: conf.c: lxc_mount_auto_mounts: 819 Permission denied - \

14

    error mounting sysfs on /var/lib/lxc/rootfs/sys/devices/virtual/net flags 0

15

16

 app-emulation/lxc/lxc-1.1.0-r6.ebuild | 2 ++

17

 app-emulation/lxc/lxc-1.1.1-r1.ebuild | 2 ++

18

 app-emulation/lxc/lxc-1.1.2-r1.ebuild | 2 ++

19

 app-emulation/lxc/lxc-1.1.2-r2.ebuild | 2 ++

20

 app-emulation/lxc/lxc-1.1.2.ebuild    | 2 ++

21

 5 files changed, 10 insertions(+)

22

23

diff --git a/app-emulation/lxc/lxc-1.1.0-r6.ebuild b/app-emulation/lxc/lxc-1.1.0-r6.ebuild

24

index 57b24da..3976c1f 100644

25

--- a/app-emulation/lxc/lxc-1.1.0-r6.ebuild

26

+++ b/app-emulation/lxc/lxc-1.1.0-r6.ebuild

27

@@ -62,6 +62,7 @@ CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE

28

 	~!GRKERNSEC_CHROOT_CHMOD

29

 	~!GRKERNSEC_CHROOT_CAPS

30

 	~!GRKERNSEC_PROC

31

+	~!GRKERNSEC_SYSFS_RESTRICT

32

"

33

34

 ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES:  needed for pts inside container"

35

@@ -91,6 +92,7 @@ ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT:  some GRSEC feature

36

 ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD:  some GRSEC features make LXC unusable see postinst notes"

37

 ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS:  some GRSEC features make LXC unusable see postinst notes"

38

 ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC:  this GRSEC feature is incompatible with unprivileged containers"

39

+ERROR_GRKERNSEC_SYSFS_RESTRICT="CONFIG_GRKERNSEC_SYSFS_RESTRICT:  this GRSEC feature is incompatible with unprivileged containers"

40

41

 DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)

42

43

44

diff --git a/app-emulation/lxc/lxc-1.1.1-r1.ebuild b/app-emulation/lxc/lxc-1.1.1-r1.ebuild

45

index bd4c9cd..a4f137c 100644

46

--- a/app-emulation/lxc/lxc-1.1.1-r1.ebuild

47

+++ b/app-emulation/lxc/lxc-1.1.1-r1.ebuild

48

@@ -62,6 +62,7 @@ CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE

49

 	~!GRKERNSEC_CHROOT_CHMOD

50

 	~!GRKERNSEC_CHROOT_CAPS

51

 	~!GRKERNSEC_PROC

52

+	~!GRKERNSEC_SYSFS_RESTRICT

53

"

54

55

 ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES:  needed for pts inside container"

56

@@ -91,6 +92,7 @@ ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT:  some GRSEC feature

57

 ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD:  some GRSEC features make LXC unusable see postinst notes"

58

 ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS:  some GRSEC features make LXC unusable see postinst notes"

59

 ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC:  this GRSEC feature is incompatible with unprivileged containers"

60

+ERROR_GRKERNSEC_SYSFS_RESTRICT="CONFIG_GRKERNSEC_SYSFS_RESTRICT:  this GRSEC feature is incompatible with unprivileged containers"

61

62

 DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)

63

64

65

diff --git a/app-emulation/lxc/lxc-1.1.2-r1.ebuild b/app-emulation/lxc/lxc-1.1.2-r1.ebuild

66

index 50b4d5b..6e09da1 100644

67

--- a/app-emulation/lxc/lxc-1.1.2-r1.ebuild

68

+++ b/app-emulation/lxc/lxc-1.1.2-r1.ebuild

69

@@ -62,6 +62,7 @@ CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE

70

 	~!GRKERNSEC_CHROOT_CHMOD

71

 	~!GRKERNSEC_CHROOT_CAPS

72

 	~!GRKERNSEC_PROC

73

+	~!GRKERNSEC_SYSFS_RESTRICT

74

"

75

76

 ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES:  needed for pts inside container"

77

@@ -91,6 +92,7 @@ ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT:  some GRSEC feature

78

 ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD:  some GRSEC features make LXC unusable see postinst notes"

79

 ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS:  some GRSEC features make LXC unusable see postinst notes"

80

 ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC:  this GRSEC feature is incompatible with unprivileged containers"

81

+ERROR_GRKERNSEC_SYSFS_RESTRICT="CONFIG_GRKERNSEC_SYSFS_RESTRICT:  this GRSEC feature is incompatible with unprivileged containers"

82

83

 DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)

84

85

86

diff --git a/app-emulation/lxc/lxc-1.1.2-r2.ebuild b/app-emulation/lxc/lxc-1.1.2-r2.ebuild

87

index 50b4d5b..6e09da1 100644

88

--- a/app-emulation/lxc/lxc-1.1.2-r2.ebuild

89

+++ b/app-emulation/lxc/lxc-1.1.2-r2.ebuild

90

@@ -62,6 +62,7 @@ CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE

91

 	~!GRKERNSEC_CHROOT_CHMOD

92

 	~!GRKERNSEC_CHROOT_CAPS

93

 	~!GRKERNSEC_PROC

94

+	~!GRKERNSEC_SYSFS_RESTRICT

95

"

96

97

 ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES:  needed for pts inside container"

98

@@ -91,6 +92,7 @@ ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT:  some GRSEC feature

99

 ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD:  some GRSEC features make LXC unusable see postinst notes"

100

 ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS:  some GRSEC features make LXC unusable see postinst notes"

101

 ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC:  this GRSEC feature is incompatible with unprivileged containers"

102

+ERROR_GRKERNSEC_SYSFS_RESTRICT="CONFIG_GRKERNSEC_SYSFS_RESTRICT:  this GRSEC feature is incompatible with unprivileged containers"

103

104

 DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)

105

106

107

diff --git a/app-emulation/lxc/lxc-1.1.2.ebuild b/app-emulation/lxc/lxc-1.1.2.ebuild

108

index 8d89bca..542aca0 100644

109

--- a/app-emulation/lxc/lxc-1.1.2.ebuild

110

+++ b/app-emulation/lxc/lxc-1.1.2.ebuild

111

@@ -62,6 +62,7 @@ CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE

112

 	~!GRKERNSEC_CHROOT_CHMOD

113

 	~!GRKERNSEC_CHROOT_CAPS

114

 	~!GRKERNSEC_PROC

115

+	~!GRKERNSEC_SYSFS_RESTRICT

116

"

117

118

 ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES:  needed for pts inside container"

119

@@ -91,6 +92,7 @@ ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT:  some GRSEC feature

120

 ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD:  some GRSEC features make LXC unusable see postinst notes"

121

 ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS:  some GRSEC features make LXC unusable see postinst notes"

122

 ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC:  this GRSEC feature is incompatible with unprivileged containers"

123

+ERROR_GRKERNSEC_SYSFS_RESTRICT="CONFIG_GRKERNSEC_SYSFS_RESTRICT:  this GRSEC feature is incompatible with unprivileged containers"

124

125

 DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)

1	commit: a226893bb48e8979b054b1b8cb463402a8d58e27
2	Author: Jakub Jirutka <jakub <AT> jirutka <DOT> cz>
3	AuthorDate: Fri Sep 4 23:32:12 2015 +0000
4	Commit: Markos Chandras <hwoarang <AT> gentoo <DOT> org>
5	CommitDate: Fri Sep 4 23:32:12 2015 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a226893b
7
8	app-emulation/lxc: GRKERNSEC_SYSFS_RESTRICT is incompatible with unprivileged containers
9
10	Since lxc-1.1.0 unprivileged containers fail to mount sysfs if
11	GRKERNSEC_SYSFS_RESTRICT is enabled:
12
13	lxc-start: conf.c: lxc_mount_auto_mounts: 819 Permission denied - \
14	error mounting sysfs on /var/lib/lxc/rootfs/sys/devices/virtual/net flags 0
15
16	app-emulation/lxc/lxc-1.1.0-r6.ebuild \| 2 ++
17	app-emulation/lxc/lxc-1.1.1-r1.ebuild \| 2 ++
18	app-emulation/lxc/lxc-1.1.2-r1.ebuild \| 2 ++
19	app-emulation/lxc/lxc-1.1.2-r2.ebuild \| 2 ++
20	app-emulation/lxc/lxc-1.1.2.ebuild \| 2 ++
21	5 files changed, 10 insertions(+)
22
23	diff --git a/app-emulation/lxc/lxc-1.1.0-r6.ebuild b/app-emulation/lxc/lxc-1.1.0-r6.ebuild
24	index 57b24da..3976c1f 100644
25	--- a/app-emulation/lxc/lxc-1.1.0-r6.ebuild
26	+++ b/app-emulation/lxc/lxc-1.1.0-r6.ebuild
27	@@ -62,6 +62,7 @@ CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE
28	~!GRKERNSEC_CHROOT_CHMOD
29	~!GRKERNSEC_CHROOT_CAPS
30	~!GRKERNSEC_PROC
31	+ ~!GRKERNSEC_SYSFS_RESTRICT
32	"
33
34	ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES: needed for pts inside container"
35	@@ -91,6 +92,7 @@ ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT: some GRSEC feature
36	ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD: some GRSEC features make LXC unusable see postinst notes"
37	ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS: some GRSEC features make LXC unusable see postinst notes"
38	ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC: this GRSEC feature is incompatible with unprivileged containers"
39	+ERROR_GRKERNSEC_SYSFS_RESTRICT="CONFIG_GRKERNSEC_SYSFS_RESTRICT: this GRSEC feature is incompatible with unprivileged containers"
40
41	DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)
42
43
44	diff --git a/app-emulation/lxc/lxc-1.1.1-r1.ebuild b/app-emulation/lxc/lxc-1.1.1-r1.ebuild
45	index bd4c9cd..a4f137c 100644
46	--- a/app-emulation/lxc/lxc-1.1.1-r1.ebuild
47	+++ b/app-emulation/lxc/lxc-1.1.1-r1.ebuild
48	@@ -62,6 +62,7 @@ CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE
49	~!GRKERNSEC_CHROOT_CHMOD
50	~!GRKERNSEC_CHROOT_CAPS
51	~!GRKERNSEC_PROC
52	+ ~!GRKERNSEC_SYSFS_RESTRICT
53	"
54
55	ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES: needed for pts inside container"
56	@@ -91,6 +92,7 @@ ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT: some GRSEC feature
57	ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD: some GRSEC features make LXC unusable see postinst notes"
58	ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS: some GRSEC features make LXC unusable see postinst notes"
59	ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC: this GRSEC feature is incompatible with unprivileged containers"
60	+ERROR_GRKERNSEC_SYSFS_RESTRICT="CONFIG_GRKERNSEC_SYSFS_RESTRICT: this GRSEC feature is incompatible with unprivileged containers"
61
62	DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)
63
64
65	diff --git a/app-emulation/lxc/lxc-1.1.2-r1.ebuild b/app-emulation/lxc/lxc-1.1.2-r1.ebuild
66	index 50b4d5b..6e09da1 100644
67	--- a/app-emulation/lxc/lxc-1.1.2-r1.ebuild
68	+++ b/app-emulation/lxc/lxc-1.1.2-r1.ebuild
69	@@ -62,6 +62,7 @@ CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE
70	~!GRKERNSEC_CHROOT_CHMOD
71	~!GRKERNSEC_CHROOT_CAPS
72	~!GRKERNSEC_PROC
73	+ ~!GRKERNSEC_SYSFS_RESTRICT
74	"
75
76	ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES: needed for pts inside container"
77	@@ -91,6 +92,7 @@ ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT: some GRSEC feature
78	ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD: some GRSEC features make LXC unusable see postinst notes"
79	ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS: some GRSEC features make LXC unusable see postinst notes"
80	ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC: this GRSEC feature is incompatible with unprivileged containers"
81	+ERROR_GRKERNSEC_SYSFS_RESTRICT="CONFIG_GRKERNSEC_SYSFS_RESTRICT: this GRSEC feature is incompatible with unprivileged containers"
82
83	DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)
84
85
86	diff --git a/app-emulation/lxc/lxc-1.1.2-r2.ebuild b/app-emulation/lxc/lxc-1.1.2-r2.ebuild
87	index 50b4d5b..6e09da1 100644
88	--- a/app-emulation/lxc/lxc-1.1.2-r2.ebuild
89	+++ b/app-emulation/lxc/lxc-1.1.2-r2.ebuild
90	@@ -62,6 +62,7 @@ CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE
91	~!GRKERNSEC_CHROOT_CHMOD
92	~!GRKERNSEC_CHROOT_CAPS
93	~!GRKERNSEC_PROC
94	+ ~!GRKERNSEC_SYSFS_RESTRICT
95	"
96
97	ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES: needed for pts inside container"
98	@@ -91,6 +92,7 @@ ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT: some GRSEC feature
99	ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD: some GRSEC features make LXC unusable see postinst notes"
100	ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS: some GRSEC features make LXC unusable see postinst notes"
101	ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC: this GRSEC feature is incompatible with unprivileged containers"
102	+ERROR_GRKERNSEC_SYSFS_RESTRICT="CONFIG_GRKERNSEC_SYSFS_RESTRICT: this GRSEC feature is incompatible with unprivileged containers"
103
104	DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)
105
106
107	diff --git a/app-emulation/lxc/lxc-1.1.2.ebuild b/app-emulation/lxc/lxc-1.1.2.ebuild
108	index 8d89bca..542aca0 100644
109	--- a/app-emulation/lxc/lxc-1.1.2.ebuild
110	+++ b/app-emulation/lxc/lxc-1.1.2.ebuild
111	@@ -62,6 +62,7 @@ CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE
112	~!GRKERNSEC_CHROOT_CHMOD
113	~!GRKERNSEC_CHROOT_CAPS
114	~!GRKERNSEC_PROC
115	+ ~!GRKERNSEC_SYSFS_RESTRICT
116	"
117
118	ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES: needed for pts inside container"
119	@@ -91,6 +92,7 @@ ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT: some GRSEC feature
120	ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD: some GRSEC features make LXC unusable see postinst notes"
121	ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS: some GRSEC features make LXC unusable see postinst notes"
122	ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC: this GRSEC feature is incompatible with unprivileged containers"
123	+ERROR_GRKERNSEC_SYSFS_RESTRICT="CONFIG_GRKERNSEC_SYSFS_RESTRICT: this GRSEC feature is incompatible with unprivileged containers"
124
125	DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)

Gentoo Archives: gentoo-commits