[lxc-devel] [PATCH 1/6] Move lxcbr0 setup logic into lxc.net script
Serge Hallyn
serge.hallyn at ubuntu.com
Fri Aug 1 13:39:28 UTC 2014
Quoting Martin Pitt (martin.pitt at ubuntu.com):
> Hey Serge,
>
> Serge Hallyn [2014-07-31 17:46 +0000]:
> > Note there is no Signed-off-by line here. (git commit -s will add one)
>
> Right, do you need one? I'm already the Author:, so signing off my own
> commits seems a little redundant?
But just because you sent the patch doesn't guarantee that you're the
author :) If you can just reply to this email with something like
"""
Signed-off-by: ...
for the whole set
"""
that'll do.
> > Now, if we're going to move this out of upstart, should we be putting
> > in full paths for all of the commands? Who knows how admins will get to
> > the script...
>
> Not sure what you mean here, you mean the full path for things like
> iptables, brctl, dnsmasq? I really wouldn't want to do that -- that
> would make the script highly platform dependant and break the
> possibility of using /usr/local/bin etc.
We could detect all the tools in configure.in, use @IPTABLES@ etc in
the script, and process the script at build time.
> For an upstart context this doesn't change anything -- the upstart
> job has a default $PATH set which gets inherited by calling lxc.net
> from the job:
>
> > > +pre-start exec /usr/share/lxc/lxc.net start
> > > +post-stop exec /usr/share/lxc/lxc.net stop
>
> For systemd units it is similar. At least it works fine under a
Ok, then I guess we can wait on this. I'm more worried about the
sysvinit case, but it's not yet using the script.
> Debian/Ubuntu context, I haven't tested it under Fedora; but it would
> be weird if their tools wouldn't be in $PATH for the root user?
The concern isn't the tools not being under $PATH, but exploit versions
being put into a mangled path.
-serge
More information about the lxc-devel
mailing list