This seems to work. I also just tested it with cgmanager disabled and using cgroup namespaces. Seems to be functioning so far.
With cgroup namespaces however, manual intervention is required for people who use custom apparmor profiles, because they must be based on lxc-container-default-cgns instead of just lxc-container-default. I think we should go push this set + --disable-cgmanager to staging/testing soon. On Tue, Jul 12, 2016 at 09:27:41AM +0200, Dominik Csapak wrote: > this patch series updates to lxc 2.0.3 > just for testing purposes > do a "make download" before building > to get the latest source from github > > Dominik Csapak (4): > update to 2.0.3 > rebase systemd service patch and var lib vz patch > drop patches applied upstream > update changelog and pkg version > > Makefile | 6 +- > debian/changelog | 6 + > ...rmor-add-make-rslave-to-usr.bin.lxc-start.patch | 32 --- > debian/patches/0001-added-stop-hook-entries.patch | 72 ------ > ...armor-allow-binding-run-lock-var-run-lock.patch | 32 --- > .../patches/0002-Added-lxc.monitor.unshare.patch | 131 ----------- > ...-hook-between-STOPPING-and-STOPPED-states.patch | 27 --- > ...3-pass-namespace-handles-to-the-stop-hook.patch | 53 ----- > debian/patches/0004-document-the-stop-hook.patch | 60 ----- > .../0005-added-the-unmount-namespace-hook.patch | 250 > --------------------- > ...oks-put-binary-hooks-in-usr-lib-lxc-hooks.patch | 44 ---- > debian/patches/fix-systemd-service-depends.patch | 2 +- > debian/patches/series | 10 - > debian/patches/use-var-lib-vz-as-default-dir.patch | 16 +- > 14 files changed, 17 insertions(+), 724 deletions(-) > delete mode 100644 > debian/patches/0001-AppArmor-add-make-rslave-to-usr.bin.lxc-start.patch > delete mode 100644 debian/patches/0001-added-stop-hook-entries.patch > delete mode 100644 > debian/patches/0001-apparmor-allow-binding-run-lock-var-run-lock.patch > delete mode 100644 debian/patches/0002-Added-lxc.monitor.unshare.patch > delete mode 100644 > debian/patches/0002-run-stop-hook-between-STOPPING-and-STOPPED-states.patch > delete mode 100644 > debian/patches/0003-pass-namespace-handles-to-the-stop-hook.patch > delete mode 100644 debian/patches/0004-document-the-stop-hook.patch > delete mode 100644 debian/patches/0005-added-the-unmount-namespace-hook.patch > delete mode 100644 > debian/patches/0006-hooks-put-binary-hooks-in-usr-lib-lxc-hooks.patch > > -- > 2.1.4 > > > _______________________________________________ > pve-devel mailing list > pve-devel@pve.proxmox.com > http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel > _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
