lxc-android-config

Merge lp:~morphis/lxc-android-config/share-ipc-ns-with-host into lp:lxc-android-config/15.04

  1. share-ipc-ns-with-host
  2. Merge into 15.04
Proposed by Simon Fels
Status: Needs review
Proposed branch: lp:~morphis/lxc-android-config/share-ipc-ns-with-host
Merge into: lp:lxc-android-config/15.04
Diff against target: 12 lines (+1/-1)
1 file modified
debian/lxc-android-config.upstart (+1/-1)
To merge this branch: bzr merge lp:~morphis/lxc-android-config/share-ipc-ns-with-host
Reviewer Review Type Date Requested Status
Simon Fels Needs Fixing
Konrad Zapałowicz (community) code Approve
Review via email: mp+299807@code.launchpad.net

Commit message

Tell LXC to let the android container share the IPC namespace with host

With upcoming namespace support for binder which will then be handled
with the IPC namespace we need to make sure the host can still
communicate with the device enablement Android container. Otherwise
the Android container will get its own binder namespace and can't
talk with the host anymore.

Description of the change

Tell LXC to let the android container share the IPC namespace with host

With upcoming namespace support for binder which will then be handled
with the IPC namespace we need to make sure the host can still
communicate with the device enablement Android container. Otherwise
the Android container will get its own binder namespace and can't
talk with the host anymore.

To post a comment you must log in.
Revision history for this message
Konrad Zapałowicz (kzapalowicz) wrote :

LGTM

review: Approve (code)
Reply
Revision history for this message
Oliver Grawert (ogra) wrote :

did you have anyone from the security team glance over this featue ? (just to make sure there are no giant security holes ripped out of the blue i remember binder always being a very sore point for them)

Reply
Revision history for this message
Simon Fels (morphis) wrote :

@ogra: Now. This is just for the time being. We didn't agreed yet that we will go forward with this or not.

review: Needs Fixing
Reply

Unmerged revisions

21. By Simon Fels

Use host IPC namespace for Android container

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/lxc-android-config.upstart'
2--- debian/lxc-android-config.upstart 2015-09-02 07:50:44 +0000
3+++ debian/lxc-android-config.upstart 2016-07-12 13:24:25 +0000
4@@ -11,7 +11,7 @@
5
6 console none
7
8-exec lxc-start -n android -F -- /init
9+exec lxc-start -n android -F --share-ipc 1 -- /init
10
11 post-start script
12 if [ ! -d /dev/cpuctl ] && [ -d /sys/fs/cgroup/cpu ]; then

Subscribers

People subscribed via source and target branches