Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 6ce8e67825258fe8a38b057b1459a4f35e4b39bb https://github.com/lxc/lxc/commit/6ce8e67825258fe8a38b057b1459a4f35e4b39bb Author: Alexander Livenets <a.liven...@gmail.com> Date: 2020-06-30 (Tue, 30 Jun 2020)
Changed paths: M src/lxc/attach.c Log Message: ----------- attach: set no_new_privs flag after LSM label In `start.c:1284`, no_new_privs flag is set after LSM label is set. Also, in `lxc.container.conf` documentation it is written that: ``` Note that PR_SET_NO_NEW_PRIVS is applied after the container has changed into its intended AppArmor profile or SElinux context. ``` This commit fixes the behavior of `lxc_attach` by moving `PR_SET_NO_NEW_PRIVS` set logic after LSM for the process is configured; Closes #3393 Signed-off-by: Alexander Livenets <a.liven...@gmail.com> Commit: f88d8e68b0c4c3c061fa828ae8c0742326c213b4 https://github.com/lxc/lxc/commit/f88d8e68b0c4c3c061fa828ae8c0742326c213b4 Author: Christian Brauner <christian.brau...@ubuntu.com> Date: 2020-06-30 (Tue, 30 Jun 2020) Changed paths: M src/lxc/attach.c Log Message: ----------- Merge pull request #3466 from alivenets/fix-no-new-privs attach: set no_new_privs flag after LSM label Compare: https://github.com/lxc/lxc/compare/7c8b10e515c7...f88d8e68b0c4 _______________________________________________ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel