| 1 |
commit: c2c88ec4ea7cba331b6486cab9041cb909b49b6a |
| 2 |
Author: Jakub Jirutka <jakub <AT> jirutka <DOT> cz> |
| 3 |
AuthorDate: Thu Oct 15 12:21:15 2015 +0000 |
| 4 |
Commit: Michał Górny <mgorny <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sat Oct 31 01:06:25 2015 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c2c88ec4 |
| 7 |
|
| 8 |
app-emulation/lxc: Forward-port !GRKERNSEC* checks to 1.1.3+ |
| 9 |
|
| 10 |
See 78ef1b565ae26608f11a81f2b60e4a8e404ef9c3 |
| 11 |
and a226893bb48e8979b054b1b8cb463402a8d58e27. |
| 12 |
|
| 13 |
app-emulation/lxc/lxc-1.1.3.ebuild | 4 ++++ |
| 14 |
app-emulation/lxc/lxc-1.1.4.ebuild | 4 ++++ |
| 15 |
2 files changed, 8 insertions(+) |
| 16 |
|
| 17 |
diff --git a/app-emulation/lxc/lxc-1.1.3.ebuild b/app-emulation/lxc/lxc-1.1.3.ebuild |
| 18 |
index 4a336ef..b41c685 100644 |
| 19 |
--- a/app-emulation/lxc/lxc-1.1.3.ebuild |
| 20 |
+++ b/app-emulation/lxc/lxc-1.1.3.ebuild |
| 21 |
@@ -61,6 +61,8 @@ CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE |
| 22 |
~!GRKERNSEC_CHROOT_PIVOT |
| 23 |
~!GRKERNSEC_CHROOT_CHMOD |
| 24 |
~!GRKERNSEC_CHROOT_CAPS |
| 25 |
+ ~!GRKERNSEC_PROC |
| 26 |
+ ~!GRKERNSEC_SYSFS_RESTRICT |
| 27 |
" |
| 28 |
|
| 29 |
ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES: needed for pts inside container" |
| 30 |
@@ -89,6 +91,8 @@ ERROR_GRKERNSEC_CHROOT_DOUBLE="CONFIG_GRKERNSEC_CHROOT_DOUBLE: some GRSEC featu |
| 31 |
ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT: some GRSEC features make LXC unusable see postinst notes" |
| 32 |
ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD: some GRSEC features make LXC unusable see postinst notes" |
| 33 |
ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS: some GRSEC features make LXC unusable see postinst notes" |
| 34 |
+ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC: this GRSEC feature is incompatible with unprivileged containers" |
| 35 |
+ERROR_GRKERNSEC_SYSFS_RESTRICT="CONFIG_GRKERNSEC_SYSFS_RESTRICT: this GRSEC feature is incompatible with unprivileged containers" |
| 36 |
|
| 37 |
DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt) |
| 38 |
|
| 39 |
|
| 40 |
diff --git a/app-emulation/lxc/lxc-1.1.4.ebuild b/app-emulation/lxc/lxc-1.1.4.ebuild |
| 41 |
index 7344904..12c1751 100644 |
| 42 |
--- a/app-emulation/lxc/lxc-1.1.4.ebuild |
| 43 |
+++ b/app-emulation/lxc/lxc-1.1.4.ebuild |
| 44 |
@@ -61,6 +61,8 @@ CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE |
| 45 |
~!GRKERNSEC_CHROOT_PIVOT |
| 46 |
~!GRKERNSEC_CHROOT_CHMOD |
| 47 |
~!GRKERNSEC_CHROOT_CAPS |
| 48 |
+ ~!GRKERNSEC_PROC |
| 49 |
+ ~!GRKERNSEC_SYSFS_RESTRICT |
| 50 |
" |
| 51 |
|
| 52 |
ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES: needed for pts inside container" |
| 53 |
@@ -89,6 +91,8 @@ ERROR_GRKERNSEC_CHROOT_DOUBLE="CONFIG_GRKERNSEC_CHROOT_DOUBLE: some GRSEC featu |
| 54 |
ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT: some GRSEC features make LXC unusable see postinst notes" |
| 55 |
ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD: some GRSEC features make LXC unusable see postinst notes" |
| 56 |
ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS: some GRSEC features make LXC unusable see postinst notes" |
| 57 |
+ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC: this GRSEC feature is incompatible with unprivileged containers" |
| 58 |
+ERROR_GRKERNSEC_SYSFS_RESTRICT="CONFIG_GRKERNSEC_SYSFS_RESTRICT: this GRSEC feature is incompatible with unprivileged containers" |
| 59 |
|
| 60 |
DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt) |
Archives