Ubuntu
lxc package

Merge lp:~ubuntu-branches/ubuntu/precise/lxc/precise-201201192036 into lp:ubuntu/precise/lxc

  1. Precise (12.04)
  2. precise-201201192036
  3. Merge into precise
Proposed by Ubuntu Package Importer
Status: Rejected
Rejected by: James Westby
Proposed branch: lp:~ubuntu-branches/ubuntu/precise/lxc/precise-201201192036
Merge into: lp:ubuntu/precise/lxc
Diff against target: 595 lines (+580/-0) (has conflicts)
2 files modified
.pc/0020-drop-cap-mac-admin.patch/templates/lxc-ubuntu.in (+561/-0)
debian/patches/0020-drop-cap-mac-admin.patch (+19/-0)
Conflict adding file .pc/0020-drop-cap-mac-admin.patch.  Moved existing file to .pc/0020-drop-cap-mac-admin.patch.moved.
Conflict adding file debian/patches/0020-drop-cap-mac-admin.patch.  Moved existing file to debian/patches/0020-drop-cap-mac-admin.patch.moved.
To merge this branch: bzr merge lp:~ubuntu-branches/ubuntu/precise/lxc/precise-201201192036
Reviewer Review Type Date Requested Status
Ubuntu branches Pending
Review via email: mp+89340@code.launchpad.net

Description of the change

The package importer has detected a possible inconsistency between the package history in the archive and the history in bzr. As the archive is authoritative the importer has made lp:ubuntu/precise/lxc reflect what is in the archive and the old bzr branch has been pushed to lp:~ubuntu-branches/ubuntu/precise/lxc/precise-201201192036. This merge proposal was created so that an Ubuntu developer can review the situations and perform a merge/upload if necessary. There are three typical cases where this can happen.
  1. Where someone pushes a change to bzr and someone else uploads the package without that change. This is the reason that this check is done by the importer. If this appears to be the case then a merge/upload should be done if the changes that were in bzr are still desirable.
  2. The importer incorrectly detected the above situation when someone made a change in bzr and then uploaded it.
  3. The importer incorrectly detected the above situation when someone just uploaded a package and didn't touch bzr.

If this case doesn't appear to be the first situation then set the status of the merge proposal to "Rejected" and help avoid the problem in future by filing a bug at https://bugs.launchpad.net/udd linking to this merge proposal.

(this is an automatically generated message)

To post a comment you must log in.

Unmerged revisions

47. By Serge Hallyn

* update 0016-nested-cgroups.patch: create cgroup dirs 0755 so that
* debian/local/lxc-start-ephemeral: support in-line commands (LP: #914169)

46. By Serge Hallyn

udpate 0016-nested-cgroups.patch: create cgroup dirs 0755 so that
unprivileged users can read them (with lxc-ls).

45. By Serge Hallyn

debian/patches/0020-drop-cap-mac-admin.patch - to prevent containers
from loading apparmor policy.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== added directory '.pc/0020-drop-cap-mac-admin.patch'
2=== renamed directory '.pc/0020-drop-cap-mac-admin.patch' => '.pc/0020-drop-cap-mac-admin.patch.moved'
3=== added file '.pc/0020-drop-cap-mac-admin.patch/.timestamp'
4=== added directory '.pc/0020-drop-cap-mac-admin.patch/templates'
5=== added file '.pc/0020-drop-cap-mac-admin.patch/templates/lxc-ubuntu.in'
6--- .pc/0020-drop-cap-mac-admin.patch/templates/lxc-ubuntu.in 1970-01-01 00:00:00 +0000
7+++ .pc/0020-drop-cap-mac-admin.patch/templates/lxc-ubuntu.in 2012-01-19 20:42:35 +0000
8@@ -0,0 +1,561 @@
9+#!/bin/bash
10+
11+#
12+# template script for generating ubuntu container for LXC
13+#
14+# This script consolidates and extends the existing lxc ubuntu scripts
15+#
16+
17+# XXX todo: add -lvm option
18+
19+# Copyright © 2011 Serge Hallyn <serge.hallyn@canonical.com>
20+# Copyright © 2010 Wilhelm Meier
21+# Author: Wilhelm Meier <wilhelm.meier@fh-kl.de>
22+#
23+# This program is free software; you can redistribute it and/or modify
24+# it under the terms of the GNU General Public License version 2, as
25+# published by the Free Software Foundation.
26+
27+# This program is distributed in the hope that it will be useful,
28+# but WITHOUT ANY WARRANTY; without even the implied warranty of
29+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
30+# GNU General Public License for more details.
31+
32+# You should have received a copy of the GNU General Public License along
33+# with this program; if not, write to the Free Software Foundation, Inc.,
34+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
35+#
36+
37+if [ -r /etc/default/lxc ]; then
38+ . /etc/default/lxc
39+fi
40+
41+configure_ubuntu()
42+{
43+ rootfs=$1
44+ hostname=$2
45+
46+ # configure the network using the dhcp
47+ cat <<EOF > $rootfs/etc/network/interfaces
48+auto lo
49+iface lo inet loopback
50+
51+auto eth0
52+iface eth0 inet dhcp
53+EOF
54+
55+ # so you can 'ssh $hostname.' or 'ssh $hostname.local'
56+ if [ -f $rootfs/etc/dhcp/dhclient.conf ]; then
57+ sed -i "s/<hostname>/$hostname/" $rootfs/etc/dhcp/dhclient.conf
58+ elif [ -f $rootfs/etc/dhcp3/dhclient.conf ]; then
59+ sed -i "s/<hostname>/$hostname/" $rootfs/etc/dhcp3/dhclient.conf
60+ fi
61+
62+ # set the hostname
63+ cat <<EOF > $rootfs/etc/hostname
64+$hostname
65+EOF
66+ # set minimal hosts
67+ cat <<EOF > $rootfs/etc/hosts
68+127.0.0.1 localhost $hostname
69+EOF
70+
71+ # suppress log level output for udev
72+ sed -i "s/=\"err\"/=0/" $rootfs/etc/udev/udev.conf
73+
74+ # remove jobs for consoles 5 and 6 since we only create 4 consoles in
75+ # this template
76+ rm -f $rootfs/etc/init/tty{5,6}.conf
77+
78+ echo "Please change root-password !"
79+ echo "root:root" | chroot $rootfs chpasswd
80+
81+ return 0
82+}
83+
84+download_ubuntu()
85+{
86+ cache=$1
87+ arch=$2
88+ release=$3
89+
90+ if [ $release = "lucid" ]; then
91+ packages=dialog,apt,apt-utils,resolvconf,iproute,inetutils-ping,vim,dhcp3-client,ssh,lsb-release,gnupg
92+ elif [ $release = "maverick" ]; then
93+ packages=dialog,apt,apt-utils,resolvconf,iproute,inetutils-ping,vim,dhcp3-client,ssh,lsb-release,gnupg,netbase
94+ elif [ $release = "natty" ]; then
95+ packages=dialog,apt,apt-utils,resolvconf,iproute,inetutils-ping,vim,isc-dhcp-client,isc-dhcp-common,ssh,lsb-release,gnupg,netbase
96+ else
97+ packages=dialog,apt,apt-utils,iproute,inetutils-ping,vim,isc-dhcp-client,isc-dhcp-common,ssh,lsb-release,gnupg,netbase,ubuntu-keyring
98+ fi
99+ echo "installing packages: $packages"
100+
101+ # check the mini ubuntu was not already downloaded
102+ mkdir -p "$cache/partial-$arch"
103+ if [ $? -ne 0 ]; then
104+ echo "Failed to create '$cache/partial-$arch' directory"
105+ return 1
106+ fi
107+
108+ # download a mini ubuntu into a cache
109+ echo "Downloading ubuntu $release minimal ..."
110+ debootstrap --verbose --components=main,universe --arch=$arch --include=$packages $release $cache/partial-$arch $MIRROR
111+ if [ $? -ne 0 ]; then
112+ echo "Failed to download the rootfs, aborting."
113+ return 1
114+ fi
115+
116+ # Serge isn't sure whether we should avoid doing this when
117+ # $release == `distro-info -d`
118+ echo "Installing updates"
119+ case $arch in
120+ amd64|i386)
121+ MIRROR=${MIRROR:-http://archive.ubuntu.com/ubuntu}
122+ SECURITY_MIRROR=${SECURITY_MIRROR:-http://security.ubuntu.com/ubuntu}
123+ ;;
124+ sparc)
125+ case $SUITE in
126+ gutsy)
127+ MIRROR=${MIRROR:-http://archive.ubuntu.com/ubuntu}
128+ SECURITY_MIRROR=${SECURITY_MIRRORMIRROR:-http://security.ubuntu.com/ubuntu}
129+ ;;
130+ *)
131+ MIRROR=${MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
132+ SECURITY_MIRROR=${SECURITY_MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
133+ ;;
134+ esac
135+ ;;
136+ *)
137+ MIRROR=${MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
138+ SECURITY_MIRROR=${SECURITY_MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
139+ ;;
140+ esac
141+ cat >> "$1/partial-${arch}/etc/apt/sources.list" << EOF
142+deb $MIRROR ${release}-updates main universe
143+deb $SECURITY_MIRROR ${release}-security main universe
144+EOF
145+ chroot "$1/partial-${arch}" apt-get update
146+ if [ $? -ne 0 ]; then
147+ echo "Failed to update the apt cache"
148+ return 1
149+ fi
150+ cat > "$1/partial-${arch}"/usr/sbin/policy-rc.d << EOF
151+#!/bin/sh
152+exit 101
153+EOF
154+ chmod +x "$1/partial-${arch}"/usr/sbin/policy-rc.d
155+
156+ lxc-unshare -s MOUNT -- chroot "$1/partial-${arch}" apt-get dist-upgrade -y
157+ ret=$?
158+ rm -f "$1/partial-${arch}"/usr/sbin/policy-rc.d
159+
160+ if [ $ret -ne 0 ]; then
161+ echo "Failed to upgrade the cache"
162+ return 1
163+ fi
164+
165+ mv "$1/partial-$arch" "$1/rootfs-$arch"
166+ echo "Download complete"
167+ return 0
168+}
169+
170+copy_ubuntu()
171+{
172+ cache=$1
173+ arch=$2
174+ rootfs=$3
175+
176+ # make a local copy of the miniubuntu
177+ echo -n "Copying rootfs to $rootfs ..."
178+ cp -a $cache/rootfs-$arch $rootfs || return 1
179+ return 0
180+}
181+
182+install_ubuntu()
183+{
184+ rootfs=$1
185+ release=$2
186+ cache="/var/cache/lxc/$release"
187+ mkdir -p /var/lock/subsys/
188+ (
189+ flock -n -x 200
190+ if [ $? -ne 0 ]; then
191+ echo "Cache repository is busy."
192+ return 1
193+ fi
194+
195+
196+ echo "Checking cache download in $cache/rootfs-$arch ... "
197+ if [ ! -e "$cache/rootfs-$arch" ]; then
198+ download_ubuntu $cache $arch $release
199+ if [ $? -ne 0 ]; then
200+ echo "Failed to download 'ubuntu $release base'"
201+ return 1
202+ fi
203+ fi
204+
205+ echo "Copy $cache/rootfs-$arch to $rootfs ... "
206+ copy_ubuntu $cache $arch $rootfs
207+ if [ $? -ne 0 ]; then
208+ echo "Failed to copy rootfs"
209+ return 1
210+ fi
211+
212+ return 0
213+
214+ ) 200>/var/lock/subsys/lxc
215+
216+ return $?
217+}
218+
219+copy_configuration()
220+{
221+ path=$1
222+ rootfs=$2
223+ name=$3
224+ arch=$4
225+
226+ if [ $arch = "i386" ]; then
227+ arch="i686"
228+ fi
229+
230+ cat <<EOF >> $path/config
231+lxc.utsname = $name
232+
233+lxc.tty = 4
234+lxc.pts = 1024
235+lxc.rootfs = $rootfs
236+lxc.mount = $path/fstab
237+lxc.arch = $arch
238+lxc.cap.drop = sys_module
239+
240+lxc.cgroup.devices.deny = a
241+# Allow any mknod (but not using the node)
242+lxc.cgroup.devices.allow = c *:* m
243+lxc.cgroup.devices.allow = b *:* m
244+# /dev/null and zero
245+lxc.cgroup.devices.allow = c 1:3 rwm
246+lxc.cgroup.devices.allow = c 1:5 rwm
247+# consoles
248+lxc.cgroup.devices.allow = c 5:1 rwm
249+lxc.cgroup.devices.allow = c 5:0 rwm
250+#lxc.cgroup.devices.allow = c 4:0 rwm
251+#lxc.cgroup.devices.allow = c 4:1 rwm
252+# /dev/{,u}random
253+lxc.cgroup.devices.allow = c 1:9 rwm
254+lxc.cgroup.devices.allow = c 1:8 rwm
255+lxc.cgroup.devices.allow = c 136:* rwm
256+lxc.cgroup.devices.allow = c 5:2 rwm
257+# rtc
258+lxc.cgroup.devices.allow = c 254:0 rwm
259+#fuse
260+lxc.cgroup.devices.allow = c 10:229 rwm
261+#tun
262+lxc.cgroup.devices.allow = c 10:200 rwm
263+EOF
264+
265+ cat <<EOF > $path/fstab
266+proc $rootfs/proc proc nodev,noexec,nosuid 0 0
267+sysfs $rootfs/sys sysfs defaults 0 0
268+EOF
269+
270+ if [ $? -ne 0 ]; then
271+ echo "Failed to add configuration"
272+ return 1
273+ fi
274+
275+ return 0
276+}
277+
278+trim()
279+{
280+ rootfs=$1
281+ release=$2
282+
283+ # provide the lxc service
284+ cat <<EOF > $rootfs/etc/init/lxc.conf
285+# fake some events needed for correct startup other services
286+
287+description "Container Upstart"
288+
289+start on startup
290+
291+script
292+ rm -rf /var/run/*.pid
293+ rm -rf /var/run/network/*
294+ /sbin/initctl emit stopped JOB=udevtrigger --no-wait
295+ /sbin/initctl emit started JOB=udev --no-wait
296+end script
297+EOF
298+
299+ # fix buggus runlevel with sshd
300+ cat <<EOF > $rootfs/etc/init/ssh.conf
301+# ssh - OpenBSD Secure Shell server
302+#
303+# The OpenSSH server provides secure shell access to the system.
304+
305+description "OpenSSH server"
306+
307+start on filesystem
308+stop on runlevel [!2345]
309+
310+expect fork
311+respawn
312+respawn limit 10 5
313+umask 022
314+# replaces SSHD_OOM_ADJUST in /etc/default/ssh
315+oom never
316+
317+pre-start script
318+ test -x /usr/sbin/sshd || { stop; exit 0; }
319+ test -e /etc/ssh/sshd_not_to_be_run && { stop; exit 0; }
320+ test -c /dev/null || { stop; exit 0; }
321+
322+ mkdir -p -m0755 /var/run/sshd
323+end script
324+
325+# if you used to set SSHD_OPTS in /etc/default/ssh, you can change the
326+# 'exec' line here instead
327+exec /usr/sbin/sshd
328+EOF
329+
330+ cat <<EOF > $rootfs/etc/init/console.conf
331+# console - getty
332+#
333+# This service maintains a console on tty1 from the point the system is
334+# started until it is shut down again.
335+
336+start on stopped rc RUNLEVEL=[2345]
337+stop on runlevel [!2345]
338+
339+respawn
340+exec /sbin/getty -8 38400 /dev/console
341+EOF
342+
343+ cat <<EOF > $rootfs/lib/init/fstab
344+# /lib/init/fstab: cleared out for bare-bones lxc
345+EOF
346+
347+ # reconfigure some services
348+ if [ -z "$LANG" ]; then
349+ chroot $rootfs locale-gen en_US.UTF-8
350+ chroot $rootfs update-locale LANG=en_US.UTF-8
351+ else
352+ chroot $rootfs locale-gen $LANG
353+ chroot $rootfs update-locale LANG=$LANG
354+ fi
355+
356+ # remove pointless services in a container
357+ chroot $rootfs /usr/sbin/update-rc.d -f ondemand remove
358+
359+ chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls u*.conf); do mv $f $f.orig; done'
360+ chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls tty[2-9].conf); do mv $f $f.orig; done'
361+ chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls plymouth*.conf); do mv $f $f.orig; done'
362+ chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls hwclock*.conf); do mv $f $f.orig; done'
363+ chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls module*.conf); do mv $f $f.orig; done'
364+
365+ # if this isn't lucid, then we need to twiddle the network upstart bits :(
366+ if [ $release != "lucid" ]; then
367+ sed -i 's/^.*emission handled.*$/echo Emitting lo/' $rootfs/etc/network/if-up.d/upstart
368+ fi
369+}
370+
371+post_process()
372+{
373+ rootfs=$1
374+ release=$2
375+ trim_container=$3
376+
377+ if [ $trim_container -eq 1 ]; then
378+ trim $rootfs $release
379+ else
380+ # for lucid and maverick, if not trimming, then add the ubuntu-virt
381+ # ppa and install lxcguest
382+ if [ $release = "lucid" -o $release = "maverick" ]; then
383+ chroot $rootfs apt-get install --force-yes -y python-software-properties
384+ chroot $rootfs add-apt-repository ppa:ubuntu-virt/ppa
385+ fi
386+ cp /etc/resolv.conf "${rootfs}/etc"
387+ chroot $rootfs apt-get update
388+ chroot $rootfs apt-get install --force-yes -y lxcguest
389+ fi
390+}
391+
392+do_bindhome()
393+{
394+ rootfs=$1
395+ user=$2
396+
397+ # copy /etc/passwd, /etc/shadow, and /etc/group entries into container
398+ pwd=`getent passwd $user`
399+ if [ $? -ne 0 ]; then
400+ echo 'Warning: failed to copy password entry for $user'
401+ return
402+ else
403+ echo $pwd >> $rootfs/etc/passwd
404+ fi
405+ shad=`getent shadow $user`
406+ echo $shad >> $rootfs/etc/shadow
407+
408+ # bind-mount the user's path into the container's /home
409+ h=`getent passwd $user | cut -d: -f 6`
410+ mkdir -p $rootfs/$h
411+ echo "$h $rootfs/$h none bind 0 0" >> $path/fstab
412+}
413+
414+clean()
415+{
416+ release=$1
417+ cache="/var/cache/lxc/$release"
418+
419+ if [ ! -e $cache ]; then
420+ exit 0
421+ fi
422+
423+ # lock, so we won't purge while someone is creating a repository
424+ (
425+ flock -n -x 200
426+ if [ $? != 0 ]; then
427+ echo "Cache repository is busy."
428+ exit 1
429+ fi
430+
431+ echo -n "Purging the download cache..."
432+ rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1
433+ exit 0
434+
435+ ) 200>/var/lock/subsys/lxc
436+}
437+
438+usage()
439+{
440+ cat <<EOF
441+$1 -h|--help -p|--path=<path> --clean [-a|--arch] [-b|--bindhome <user>] [--trim] [-r|--release]
442+release: lucid | maverick | natty | oneiric | precise
443+trim: make a minimal (faster, but not upgrade-safe) container
444+bindhome: bind <user>'s home into the container
445+arch: amd64 or i386: defaults to host arch
446+EOF
447+ return 0
448+}
449+
450+options=$(getopt -o a:b:hp:r:xn:c -l arch:,bindhome:,help,path:,release:,trim,name:,clean -- "$@")
451+if [ $? -ne 0 ]; then
452+ usage $(basename $0)
453+ exit 1
454+fi
455+eval set -- "$options"
456+
457+release=lucid
458+if [ -f /etc/lsb-release ]; then
459+ . /etc/lsb-release
460+ case "$DISTRIB_CODENAME" in
461+ lucid|maverick|natty|oneiric|precise)
462+ release=$DISTRIB_CODENAME
463+ ;;
464+ esac
465+fi
466+
467+bindhome=
468+arch=$(arch)
469+
470+# Code taken from debootstrap
471+if [ -x /usr/bin/dpkg ] && /usr/bin/dpkg --print-architecture >/dev/null 2>&1; then
472+ arch=`/usr/bin/dpkg --print-architecture`
473+elif type udpkg >/dev/null 2>&1 && udpkg --print-architecture >/dev/null 2>&1; then
474+ arch=`/usr/bin/udpkg --print-architecture`
475+else
476+ arch=$(arch)
477+ if [ "$arch" = "i686" ]; then
478+ arch="i386"
479+ elif [ "$arch" = "x86_64" ]; then
480+ arch="amd64"
481+ elif [ "$arch" = "armv7l" ]; then
482+ arch="armel"
483+ fi
484+fi
485+
486+trim_container=0
487+hostarch=$arch
488+while true
489+do
490+ case "$1" in
491+ -h|--help) usage $0 && exit 0;;
492+ -p|--path) path=$2; shift 2;;
493+ -n|--name) name=$2; shift 2;;
494+ -c|--clean) clean=$2; shift 2;;
495+ -r|--release) release=$2; shift 2;;
496+ -b|--bindhome) bindhome=$2; shift 2;;
497+ -a|--arch) arch=$2; shift 2;;
498+ -x|--trim) trim_container=1; shift 1;;
499+ --) shift 1; break ;;
500+ *) break ;;
501+ esac
502+done
503+
504+pwd=`getent passwd $bindhome`
505+if [ $? -ne 0 ]; then
506+ echo "Error: no password entry found for $bindhome"
507+ exit 1
508+fi
509+
510+
511+if [ "$arch" == "i686" ]; then
512+ arch=i386
513+fi
514+
515+if [ ! -z "$clean" -a -z "$path" ]; then
516+ clean || exit 1
517+ exit 0
518+fi
519+
520+if [ $hostarch = "i386" -a $arch = "amd64" ]; then
521+ echo "can't create amd64 container on i386"
522+ exit 1
523+fi
524+
525+type debootstrap
526+if [ $? -ne 0 ]; then
527+ echo "'debootstrap' command is missing"
528+ exit 1
529+fi
530+
531+if [ -z "$path" ]; then
532+ echo "'path' parameter is required"
533+ exit 1
534+fi
535+
536+if [ "$(id -u)" != "0" ]; then
537+ echo "This script should be run as 'root'"
538+ exit 1
539+fi
540+
541+rootfs=$path/rootfs
542+
543+install_ubuntu $rootfs $release
544+if [ $? -ne 0 ]; then
545+ echo "failed to install ubuntu $release"
546+ exit 1
547+fi
548+
549+configure_ubuntu $rootfs $name
550+if [ $? -ne 0 ]; then
551+ echo "failed to configure ubuntu $release for a container"
552+ exit 1
553+fi
554+
555+copy_configuration $path $rootfs $name $arch
556+if [ $? -ne 0 ]; then
557+ echo "failed write configuration file"
558+ exit 1
559+fi
560+
561+post_process $rootfs $release $trim_container
562+if [ ! -z $bindhome ]; then
563+ do_bindhome $rootfs $bindhome
564+fi
565+
566+if [ ! -z $clean ]; then
567+ clean $release || exit 1
568+ exit 0
569+fi
570
571=== added file 'debian/patches/0020-drop-cap-mac-admin.patch'
572--- debian/patches/0020-drop-cap-mac-admin.patch 1970-01-01 00:00:00 +0000
573+++ debian/patches/0020-drop-cap-mac-admin.patch 2012-01-19 20:42:35 +0000
574@@ -0,0 +1,19 @@
575+Description: lxc-ubuntu: drop mac_admin capability
576+ This is to prevent the container from loading apparmor policy.
577+ Stackable policies will be coming, but we don't have them yet.
578+Author: Serge Hallyn <serge.hallyn@ubuntu.com>
579+Forwarded: no
580+
581+Index: lxc/templates/lxc-ubuntu.in
582+===================================================================
583+--- lxc.orig/templates/lxc-ubuntu.in 2012-01-13 15:08:16.362152000 +0100
584++++ lxc/templates/lxc-ubuntu.in 2012-01-13 15:11:02.600363556 +0100
585+@@ -227,7 +227,7 @@
586+ lxc.rootfs = $rootfs
587+ lxc.mount = $path/fstab
588+ lxc.arch = $arch
589+-lxc.cap.drop = sys_module
590++lxc.cap.drop = sys_module mac_admin
591+
592+ lxc.cgroup.devices.deny = a
593+ # Allow any mknod (but not using the node)
594
595=== renamed file 'debian/patches/0020-drop-cap-mac-admin.patch' => 'debian/patches/0020-drop-cap-mac-admin.patch.moved'

Subscribers

People subscribed via source and target branches

to all changes: