[lxc-devel] Status of usability of lxc
Can I get a quick rundown of what is implemented w.r.t UID/GID containerization, is it safe yet to give containerized root to an everyday user without huge security issues? -- Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [ lxc-Bugs-3276038 ] lxc-attach fails on kernel with the setns feature
Bugs item #3276038, was opened at 2011-04-05 13:53 Message generated for change (Tracker Item Submitted) made by legoater You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=826303&aid=3276038&group_id=163076 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: liblxc Group: None Status: Open Resolution: None Priority: 3 Private: No Submitted By: Cedric Le Goater (legoater) Assigned to: Nobody/Anonymous (nobody) Summary: lxc-attach fails on kernel with the setns feature Initial Comment: when running the lxc -attach command on a kernel patched with the setns syscall, it fails with the following message : lxc-attach: Does this kernel version support 'attach' ? lxc-attach: failed to enter the namespace it seems that the check done in commit : http://lxc.git.sourceforge.net/git/gitweb.cgi?p=lxc/lxc;a=commit;h=9f53d717c4fea7bb2a493d911da0abbe9c78aef5 is too strong. Please see attached patch for a possible fix. Thanks, -- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=826303&aid=3276038&group_id=163076 -- Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] lxc: default log appender on stderr
The default appender for logs is currently the file one: this
make macros from log.h unusable as long as lxc_log_init() hasn't
been called. This prevents errors from even being printed on
stderr in lxc_caps_init() for example.
Let's make stderr the default appender.
Signed-off-by: Greg Kurz
---
src/lxc/log.c |3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/src/lxc/log.c b/src/lxc/log.c
index 0661360..7f3b6b2 100644
--- a/src/lxc/log.c
+++ b/src/lxc/log.c
@@ -111,7 +111,7 @@ static struct lxc_log_category log_root = {
struct lxc_log_category lxc_log_category_lxc = {
.name = "lxc",
.priority = LXC_LOG_PRIORITY_ERROR,
- .appender = &log_appender_logfile,
+ .appender = &log_appender_stderr,
.parent = &log_root
};
@@ -163,6 +163,7 @@ extern int lxc_log_init(const char *file, const char
*priority,
}
lxc_log_category_lxc.priority = lxc_priority;
+ lxc_log_category_lxc.appender = &log_appender_logfile;
if (!quiet)
lxc_log_category_lxc.appender->next = &log_appender_stderr;
--
Gregory Kurz gk...@fr.ibm.com
Software Engineer @ IBM/Meiosys http://www.ibm.com
Tel +33 (0)534 638 479 Fax +33 (0)561 400 420
"Anarchy is about taking complete responsibility for yourself."
Alan Moore.
--
Xperia(TM) PLAY
It's a major breakthrough. An authentic gaming
smartphone on the nation's most reliable network.
And it wants your games.
http://p.sf.net/sfu/verizon-sfdev
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [ lxc-Bugs-3276038 ] lxc-attach fails on kernel with the setns feature
Bugs item #3276038, was opened at 2011-04-05 13:53 Message generated for change (Settings changed) made by legoater You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=826303&aid=3276038&group_id=163076 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: liblxc Group: None Status: Open Resolution: None Priority: 3 Private: No Submitted By: Cedric Le Goater (legoater) >Assigned to: Cedric Le Goater (legoater) Summary: lxc-attach fails on kernel with the setns feature Initial Comment: when running the lxc -attach command on a kernel patched with the setns syscall, it fails with the following message : lxc-attach: Does this kernel version support 'attach' ? lxc-attach: failed to enter the namespace it seems that the check done in commit : http://lxc.git.sourceforge.net/git/gitweb.cgi?p=lxc/lxc;a=commit;h=9f53d717c4fea7bb2a493d911da0abbe9c78aef5 is too strong. Please see attached patch for a possible fix. Thanks, -- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=826303&aid=3276038&group_id=163076 -- Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] Detecting a non-root container
Hi LXC folks, from my bug report against udev, so that it doesn't try to start when running in a non-root container: Marco d'Itri (05/04/2011): > On Apr 05, Cyril Brulebois wrote: > > > from a quick glance, it looks like running udev in a linux > > container isn't supported, so I guess it might make sense to use a > > check similar to is_chrooted in its postinst to decide whether to > > start the daemon. > No objections, but please come back with a detection method which is > sanctioned by the LXC people. Could you please advise on the best way to detect running in a non-root container? It looks like grepping /proc/1/cgroup for :/$ could be a way to determine that (as opposed to :/foo$ in a "foo" container). Can you please confirm? Thanks already. KiBi. signature.asc Description: Digital signature -- Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
