[lxc-devel] [lxc/lxc] dc76ac: add lxc-default-cgns profile
GitHub
noreply at github.com
Mon Feb 22 05:37:01 UTC 2016
Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: dc76ac7ab5295b8ad40ac57c51e03da4dbd28479
https://github.com/lxc/lxc/commit/dc76ac7ab5295b8ad40ac57c51e03da4dbd28479
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2016-02-21 (Sun, 21 Feb 2016)
Changed paths:
M config/apparmor/Makefile.am
A config/apparmor/profiles/lxc-default-cgns
Log Message:
-----------
add lxc-default-cgns profile
This isn't safe for privileged containers which do not use cgroup
namespaces, but is required for systemd containers with cgroup
namespaces. So create a new profile for it which lxc will use as
the default when it knows it can.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Commit: 603fd08406d10d924f7bb9ed57cb09ed237115db
https://github.com/lxc/lxc/commit/603fd08406d10d924f7bb9ed57cb09ed237115db
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2016-02-21 (Sun, 21 Feb 2016)
Changed paths:
M src/lxc/lsm/apparmor.c
Log Message:
-----------
Apparmor: use lxc-default-cgns if cgns is enabled
Because containers need to - and safely can - mount cgroufs in that
case.
Note that if cgns is enabled but the unshare fails, we fail the container
start, so checking whether they are enabled is enough.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Commit: 787ff6e2d2e534926e4f70de4cd49aa15ec41c58
https://github.com/lxc/lxc/commit/787ff6e2d2e534926e4f70de4cd49aa15ec41c58
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2016-02-21 (Sun, 21 Feb 2016)
Changed paths:
M config/apparmor/profiles/lxc-default-with-nesting
Log Message:
-----------
allow cgroup mounting in nesting profile
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Commit: 7a126ae1f20ad6089f9c39ef3965fcfe3fa498b6
https://github.com/lxc/lxc/commit/7a126ae1f20ad6089f9c39ef3965fcfe3fa498b6
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2016-02-21 (Sun, 21 Feb 2016)
Changed paths:
M doc/lxc.container.conf.sgml.in
Log Message:
-----------
lxc.container.conf / apparmor : document cgns profile
Also document 'unchanged' which we had never documented before.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Commit: f58236fd702f8979a68a74e17c7a81f37899edf7
https://github.com/lxc/lxc/commit/f58236fd702f8979a68a74e17c7a81f37899edf7
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2016-02-21 (Sun, 21 Feb 2016)
Changed paths:
M src/tests/attach.c
M src/tests/lxc-test-apparmor-mount
M src/tests/lxc-test-ubuntu
Log Message:
-----------
update tests to recognize cgns profile
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Commit: 7bf0dbae71c20fd8f7a37cd1a7f359a1abb020ec
https://github.com/lxc/lxc/commit/7bf0dbae71c20fd8f7a37cd1a7f359a1abb020ec
Author: Stéphane Graber <stgraber at stgraber.org>
Date: 2016-02-22 (Mon, 22 Feb 2016)
Changed paths:
M config/apparmor/Makefile.am
A config/apparmor/profiles/lxc-default-cgns
M config/apparmor/profiles/lxc-default-with-nesting
M doc/lxc.container.conf.sgml.in
M src/lxc/lsm/apparmor.c
M src/tests/attach.c
M src/tests/lxc-test-apparmor-mount
M src/tests/lxc-test-ubuntu
Log Message:
-----------
Merge pull request #836 from hallyn/2016-02-21/cgns.aa
2016 02 21/cgns.aa
Compare: https://github.com/lxc/lxc/compare/82d97f876552...7bf0dbae71c2
More information about the lxc-devel
mailing list