[lxc-devel] [PATCH] Improper pty permissions - missing mode=0620, gid=5

This fix is coming from Debian bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720122 The reason for the hardcoded gid= and mode= is because of the fix for CVE-2013-2207 which removes pt_chown from glibc and so requires proper write access to devpts. It looks like the "tty" group is guarant

[lxc-devel] [PATCH 3/3] support setting lsm label at exec or immediately

- Add attach test cases - Moved setting of LSM label later to avoid failure of IPC between parent and child during attach Signed-off-by: Dwight Engen --- .gitignore | 1 + src/lxc/attach.c | 20 ++- src/lxc/attach_options.h | 5 +- src/lxc/lsm/appa

[lxc-devel] [PATCH 2/3] add lsm op for checking if an lsm is present/enabled

Signed-off-by: Dwight Engen --- src/lxc/lsm/apparmor.c | 1 + src/lxc/lsm/lsm.c | 7 +++ src/lxc/lsm/lsm.h | 3 +++ src/lxc/lsm/nop.c | 6 ++ src/lxc/lsm/selinux.c | 1 + 5 files changed, 18 insertions(+) diff --git a/src/lxc/lsm/apparmor.c b/src/lxc/lsm/apparmor.c index

[lxc-devel] [PATCH 1/3] fix busybox template for use with AppArmor

Ensure /proc and /sys are mounted in the container, otherwise apparmor_enabled() will fail to find /sys/module/apparmor/parameters/enabled Signed-off-by: Dwight Engen --- templates/lxc-busybox.in | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/templates/lxc-busybox.in b/te

[lxc-devel] [PATCH 0/3] support setting lsm label at exec or immediately

Hi Serge, This patch set implements what you suggested WRT setting /proc/self/attr/current in order to set a profile/context now instead of only at exec(2) time. I don't know how I missed the regular setcon(3) vs setexeccon(3) call, so doing "now" is obviously possible in SELinux as well, thanks f

[lxc-devel] [PATCH] add more detail in automount error message

Signed-off-by: Dwight Engen --- src/lxc/conf.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/lxc/conf.c b/src/lxc/conf.c index ecbcf41..457fa26 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -800,10 +800,11 @@ static int lxc_mount_auto_mounts(struct lxc_conf *conf

Re: [lxc-devel] [PATCH] do not allocate lxc_snapshot array if NULL is passed into snapshot_list as a ret_snaps parameter.

Hi, I just realized that the only reason of not being able to pass native data types to C world was my mistake so I believe you can ignore this patch :) Best, On Tue, Oct 15, 2013 at 12:32 AM, S.Çağlar Onur wrote: > All the other (similar) API calls behaves this way, aka passing NULL > return

[lxc-devel] [PATCH] Make 'make dist' match git content

This fixes a few obvious issues when comparing the make dist output with the git tree. - Make all templates non-executable in git - Remove unused files: - src/lxc/list.c (empty, only includes the list.h header) - src/lxc/lxc-destroy.in (replace by lxc_destroy.c) - Add missing files to dis

[lxc-devel] LXC 1.0 alpha2 to be released this Friday (18th of October)

Hello, Just a quick note that I'll tag LXC 1.0~alpha2 on Friday. Current master is working reasonably well here that I don't think it'll be a problem. If you have any bugfixes around, please make sure to send them (or nag me about them), as soon as possible. Oh and just a quick reminder with reg

[lxc-devel] [lxc/lxc] f57a02: doc: Improve Japanese lxc.conf(5) to be easy to re...

Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: f57a029f3924df300a12e9f54f1778049719913b https://github.com/lxc/lxc/commit/f57a029f3924df300a12e9f54f1778049719913b Author: KATOH Yasufumi Date: 2013-10-15 (Tue, 15 Oct 2013) Changed paths: M doc/ja/lxc.c