[lxc-devel] [PATCH] prune_init_cgroup: don't dereference NULL

This is to avoid: https://errors.ubuntu.com/problem/d640a68bf7343705899d7ca8c6bc070d477cd845 Signed-off-by: Serge Hallyn --- src/lxc/cgroup.c | 9 - 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/lxc/cgroup.c b/src/lxc/cgroup.c index b1c764f..9894fb7 100644 --- a/src/l

Re: [lxc-devel] mountflag propagation from slave to host

Quoting Wolfgang Bumiller (w.bumil...@proxmox.com): > Not sure this is the right place to ask as I've narrowed it down to > raw mount commands, but it also affects privileged unconfined > containers when using bind-mounts to bind _mountpoints_ (not arbitrary > subdirectories) into a container (and

Re: [lxc-devel] [PATCH RFC] Introduce new security.nscapability xattr

Quoting Eric W. Biederman (ebied...@xmission.com): > "Serge E. Hallyn" writes: > > > A common way for daemons to run with minimal privilege is to start as root, > > perhaps setuid-root, choose a desired capability set, set PR_SET_KEEPCAPS, > > then change uid to non-root. A simpler way to achiev

[lxc-devel] mountflag propagation from slave to host

Not sure this is the right place to ask as I've narrowed it down to raw mount commands, but it also affects privileged unconfined containers when using bind-mounts to bind _mountpoints_ (not arbitrary subdirectories) into a container (and I found it through some hooks in my containers). For some r

[lxc-devel] [PATCH] Add LXC_TARGET env to Korean lxc.container.conf(5)

Update for commit c154af9 Signed-off-by: Sungbae Yoo diff --git a/doc/ko/lxc.container.conf.sgml.in b/doc/ko/lxc.container.conf.sgml.in index 741003b..73b16a2 100644 --- a/doc/ko/lxc.container.conf.sgml.in +++ b/doc/ko/lxc.container.conf.sgml.in @@ -2138,7 +2138,22 @@ mknod errno 0