A fix [1] in LXC was pushed recently and actually allows systemd daemon-
reexec without the cap sys_admin in a container.
We tested that it totally solved the issue for us.
Would it possible to move this bug report to the LXC project? And to ask for a
backport of such fix to Xenial LXC?
Thanks!
>From our analysis, we indeed agree with the fact that it has nothing to do
>with LXC (hence the report in the systemd tracker).
We believe that only the package is faulty here and should not attempt to
blindly reexec systemd on upgrade.
--
You received this bug notification because you are a
Public bug reported:
Dear all,
Following up the bug report #1713674, when executing systemd in a
hardened LXC context, it might not be suitable to reexec systemd daemon,
that would not be able to perform.
For instance, in our LXC, we drop several capabilities, including
sys_admin and we set
Public bug reported:
Dear all,
When trying to start an LXC container with Xenial on both host and
container, if sys_admin capability is dropped (lxc.cap.drop = sys_admin
in the config file), the container fails to start, because systemd fails
to mount the cgroup filesystem in the container. The
Public bug reported:
Dear all,
All the G++ shipped with Ubuntu 14.04 (including the latest 4.8 package)
are suffering a bug from G++ in the C++11 implementation. It is not
possible to build code that contains variadic templates with variadic
lambda.
The bug was fixed upstream. Would it be
5 matches
Mail list logo