** Changed in: lxc (Ubuntu)
Status: New = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/509647
Title:
[MIR] lxc
To manage notifications about this bug go to:
That's because we can't use PIE for the library, now to figure out how
to have it ignored there...
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/509647
Title:
[MIR] lxc
To manage
I can build with:
export DEB_BUILD_MAINT_OPTIONS =
hardening=+stackprotector,+fortify,+format,+relro,+bindnow
But adding +pie causes a FTBFS:
http://lxc.dev.stgraber.org/stgraber/20130809-1020/ubuntu-saucy-
amd64/lxc_0.9.0.0~stgraber~20130809-1020-0ubuntu1~ppa1~saucy1_amd64-20130809-1021.build
Ok, so dpkg-buildflags is too much of a pain to get right, so I'll just
go the lazy way and use hardening-wrapper.
Here's the result going this way:
stgraber@castiana:~# hardening-check /usr/bin/lxc-monitor
/usr/bin/lxc-monitor:
Position Independent Executable: yes
Stack protected: yes
Fortify
Stéphane, thanks for fixing this.
Security team ACK for main.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/509647
Title:
[MIR] lxc
To manage notifications about this bug go to:
I reviewed lxc 0.9.0-0ubuntu18 as checked into saucy. This is not
a complete security audit but only a quick gauge of code cleanliness.
I previously reviewed lxc (0.9.0~rc1-0ubuntu3), details here:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/509647/comments/4
The code quality of the
Seth, Stephane says the bindings have been updated. Can you take another
look?
** Changed in: lxc (Ubuntu)
Assignee: MIR approval team (ubuntu-mir) = Seth Arnold (seth-arnold)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc
I just pushed the remaining python C extension fixes to saucy now and
will SRU to raring.
Seth, would it be possible for you to recheck the binding as it stands in saucy?
https://github.com/lxc/lxc/blob/staging/src/python-lxc/lxc.c is the current
version of the file
I think this was the last
Quoting Seth Arnold (509...@bugs.launchpad.net):
Urgh. sorry for losing track of this bug. I forgot to subscribe after
submitting my comment.
I believe your proposed additional check would be sufficient. I _think_
better might be to destroy the lock pointer in the shared structure when
Oh but I'm being silly - once the use count goes to 0 it
cannot go back up, so we can check for that before trying
to take the lock.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/509647
Hi Seth,
I just wanted to comment on the python side of things.
I'm the author of the binding and sadly it's now used by some of the
very well used bits of LXC (lxc-ls and lxc-start-ephemeral to list the
most populars), so I don't think building without this is really an
option for us.
However
Urgh. sorry for losing track of this bug. I forgot to subscribe after
submitting my comment.
I believe your proposed additional check would be sufficient. I _think_
better might be to destroy the lock pointer in the shared structure when
freeing the object but before unlocking -- preventing other
I audited lxc version 0.9.0~rc1-0ubuntu3 as checked into Raring.
This should not be considered a complete security audit, but rather
a quick gauge of maintainability.
- lxc provides userspace convenience wrappers around the Linux kernel's
containers implementation to make using containers
Hi Seth, thanks very much for the review.
Everything else:
- Calling lxc_container_free() _after_ releasing the privlock feels wrong
- lxc_container_get() may follow stale pointers while locking
- lxc_container_put() could be freeing an object that was acquired
I think this was an
** Changed in: lxc (Ubuntu)
Assignee: Jamie Strandboge (jdstrand) = Seth Arnold (seth-arnold)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/509647
Title:
[MIR] lxc
To manage
Just a quick update here that I updated libseccomp in Ubuntu to address the few
issues raised in its MIR (bug 1082431).
I think that was the only blocking bits for lxc's MIR, so it'd be nice if an
MIR team member could now review LXC.
--
You received this bug notification because you are a
** Changed in: lxc (Ubuntu)
Status: New = Confirmed
** Changed in: lxc (Ubuntu)
Status: Confirmed = Triaged
** Changed in: lxc (Ubuntu)
Importance: Undecided = Wishlist
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to
** Changed in: lxc (Ubuntu)
Status: Triaged = New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/509647
Title:
[MIR] lxc
To manage notifications about this bug go to:
** Changed in: lxc (Ubuntu)
Assignee: (unassigned) = Jamie Strandboge (jdstrand)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/509647
Title:
[MIR] lxc
To manage notifications
** Changed in: lxc (Ubuntu)
Status: Won't Fix = New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/509647
Title:
[MIR] lxc
To manage notifications about this bug go to:
** Description changed:
Binary package hint: lxc
- Hello,
+ The LXC team would like the MIR team to reconsider promotion of LXC to
+ main.
- I'd like lxc (userspace tools for the Linux Containers) to be moved to
- main as was discussed in the specification and the session at the last
-
** Description changed:
Binary package hint: lxc
The LXC team would like the MIR team to reconsider promotion of LXC to
main.
The reason is that since the last request back in Lucid, the kernel has had a
lot of time to stabilize and improve for the various calls used by lxc.
We
22 matches
Mail list logo
