[lxc-devel] [lxc/lxc] cd4c25: lxc-opensuse: default release changed to 13.1, as ...
GitHub
noreply at github.com
Fri Dec 19 18:51:35 UTC 2014
Branch: refs/heads/stable-1.0
Home: https://github.com/lxc/lxc
Commit: cd4c250df41822c25b22303dea84ccd3c81a589b
https://github.com/lxc/lxc/commit/cd4c250df41822c25b22303dea84ccd3c81a589b
Author: Johannes Kastl <mail at ojkastl.de>
Date: 2014-12-19 (Fri, 19 Dec 2014)
Changed paths:
M templates/lxc-opensuse.in
Log Message:
-----------
lxc-opensuse: default release changed to 13.1, as 12.3 reaches end-of-life soon
Signed-off-by: Johannes Kastl <git at ojkastl.de>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: 96c3d526640d1e1f15052d0c87796ba604d58b50
https://github.com/lxc/lxc/commit/96c3d526640d1e1f15052d0c87796ba604d58b50
Author: Johannes Kastl <git at ojkastl.de>
Date: 2014-12-19 (Fri, 19 Dec 2014)
Changed paths:
M templates/lxc-opensuse.in
Log Message:
-----------
lxc-opensuse: Disable building openSUSE containers on 13.2/Tumbleweed only if wrong version of build package is installed
Signed-off-by: Johannes Kastl <git at ojkastl.de>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: 18d8dd1e72354a806452df0779f132c2c069d94b
https://github.com/lxc/lxc/commit/18d8dd1e72354a806452df0779f132c2c069d94b
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2014-12-19 (Fri, 19 Dec 2014)
Changed paths:
M config/templates/common.seccomp
M src/lxc/seccomp.c
Log Message:
-----------
seccomp: add rule to reject umount -f
If a container has a bind mount from a host nfs or fuse
filesystem, and does 'umount -f', it will disconnect the
host's filesystem. This patch adds a seccomp rule to
block umount -f from a container. It also adds that rule
to the default seccomp profile.
Thanks stgraber for the idea :)
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: 5cb9ed613b2b3d8f3d0f1c0c4e41a74bb98fa5b1
https://github.com/lxc/lxc/commit/5cb9ed613b2b3d8f3d0f1c0c4e41a74bb98fa5b1
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2014-12-19 (Fri, 19 Dec 2014)
Changed paths:
M config/templates/centos.userns.conf.in
M config/templates/debian.userns.conf.in
M config/templates/fedora.userns.conf.in
M config/templates/gentoo.userns.conf.in
M config/templates/oracle.userns.conf.in
M config/templates/plamo.userns.conf.in
M config/templates/ubuntu.userns.conf.in
Log Message:
-----------
Enable seccomp by default for unprivileged users.
In contrast to what the comment above the line disabling it said,
it seems to work just fine. It also is needed on current kernels
(until Eric's patch hits upstream) to prevent unprivileged containers
from hosing fuse filesystems they inherit.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Compare: https://github.com/lxc/lxc/compare/1c5ccb98a75b...5cb9ed613b2b
More information about the lxc-devel
mailing list