IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
I opened a PR at lxc-upstream with these changes [0].
Testing in my hybrid layout environment fixes the issue with
priviledged container reported in the forum.
(Note that the issue also occurs with unprivileged container, if they
have a `lxc.cgroup.devices.(allow|deny)` entry (which they don't in
our default config)
[0] https://github.com/lxc/lxc/pull/3911
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
where the previously deprecated passing of fail-missing to dh_install
got an real error, so adapt to that and use the new dh_missing
debhelper.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
commit 863845075d3f77d27c91bd9f47d2f8ddc4867bd5 in upstream only partially
fixes the apparmor deny for mounting boot_id (used for example for identifying
different boots with `journalctl`) inside the container.
Tested by editing the profile and replacing it disregarding the cache:
`apparmor_parser -W -T -r /etc/apparmor.d/usr.bin.lxc-start`
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
This commit fast-forwards 7 commits from upstream/master. The first commit
(partially) fixes a missing apparmor rule for /proc/sys/kernel/random/boot_id)
The last commit fixes running containers in pure cgroupv2 environments (by
premounting cgroup2).
It contains one other fix for a netlink bug, which I haven't seen in our
support channels, thus assume limited potential for regressions.
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
We dropped some configuration aptches with lxc-4 which
pve-container needs to account for when writing a
container's /var/lib/lxc/$vmid/config file, so lxc-4 should
not be used with an older pve-container package.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
since the debhelper-generated default enabling should come before we
attempt to start/reload/restart it.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
otherwise this could fail posinst execution (and thus package
installation!) on systems coming from plain Debian, or where lxc.service
is masked.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
the previous patch removed some required lines from the
nesting profile part, this brings it closer to lxd plus the
additional read-only-bind-remount rule generation
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Merge: attach: always use getent
Commit message:
In debian buster, some libnss plugins (if installed) can
cause getpwent to segfault instead of erroring out cleanly.
To avoid this, stick to always using getent.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Add a patch to add an ExecReload for lxc.service, and use
the new dh_installsystemd instead of the old
dh_systemd_start.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
