subject:"\[Bug 1576341\] Re\: fails in lxd container"

[Bug 1576341] Re: fails in lxd container

2017-01-27 Thread Launchpad Bug Tracker

This bug was fixed in the package open-iscsi -
2.0.873+git0.3b4b4500-14ubuntu14

---
open-iscsi (2.0.873+git0.3b4b4500-14ubuntu14) zesty; urgency=medium

  * Make systemd job not run in containers (LP: #1576341)

 -- Serge Hallyn   Sun, 15 Jan 2017 23:08:29
-0600

** Changed in: open-iscsi (Ubuntu)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1576341

Title:
  fails in lxd container

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/1576341/+subscriptions

-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1576341] Re: fails in lxd container

2016-04-28 Thread Stéphane Graber

LXC doesn't drop many capabilities, we only really drop mac_admin,
mac_override, sys_time, sys_module and sys_rawio.

That's because we do run workloads which do need the other capabilities,
including cap_sys_admin.


Now in an unprivileged container, having those capabilities will only do you 
good against resources owned by the container and will (obviously) not let you 
gain any more rights than you had as the owning uid prior to entering the 
container.

So you absolutely do have cap_sys_admin and it will let you do a bunch
of things against the network devices owned by your container or mount
entries owned by the container, ... but it will not let you mess with
things that aren't namespaced and that you wouldn't be allowed to touch
as a normal unprivileged user.

The kernel has a nice ns_capable(ns, CAP) function which lets you check
whether you do have the named capability against a given resource, I'm
not aware of a userspace equivalent though.

Having us drop a bunch of capabilities is the wrong answer though and we
won't be doing that.

** Changed in: lxd (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1576341

Title:
  fails in lxd container

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/1576341/+subscriptions

-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1576341] Re: fails in lxd container

2016-04-28 Thread Martin Pitt

** Also affects: lxd (Ubuntu)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1576341

Title:
  fails in lxd container

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/1576341/+subscriptions

-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1576341] Re: fails in lxd container

[Bug 1576341] Re: fails in lxd container

[Bug 1576341] Re: fails in lxd container

3 matches

Site Navigation

Mail list logo

Footer information