From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id B6BFE138BED for ; Mon, 5 Oct 2015 17:12:03 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 3A9ABE07EE; Mon, 5 Oct 2015 17:12:01 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 9EF3FE07EE for ; Mon, 5 Oct 2015 17:12:00 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 4E77F340923 for ; Mon, 5 Oct 2015 17:11:58 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 43ACE763 for ; Mon, 5 Oct 2015 17:11:56 +0000 (UTC) From: "Markos Chandras" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Markos Chandras" Message-ID: <1441409080.78ef1b565ae26608f11a81f2b60e4a8e404ef9c3.hwoarang@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: app-emulation/lxc/ X-VCS-Repository: repo/gentoo X-VCS-Files: app-emulation/lxc/lxc-1.0.6-r1.ebuild app-emulation/lxc/lxc-1.0.7.ebuild app-emulation/lxc/lxc-1.1.0-r6.ebuild app-emulation/lxc/lxc-1.1.1-r1.ebuild app-emulation/lxc/lxc-1.1.2-r1.ebuild app-emulation/lxc/lxc-1.1.2-r2.ebuild app-emulation/lxc/lxc-1.1.2.ebuild X-VCS-Directories: app-emulation/lxc/ X-VCS-Committer: hwoarang X-VCS-Committer-Name: Markos Chandras X-VCS-Revision: 78ef1b565ae26608f11a81f2b60e4a8e404ef9c3 X-VCS-Branch: master Date: Mon, 5 Oct 2015 17:11:56 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 0739fa84-3673-4faa-b3ac-d6bb1f037c8c X-Archives-Hash: f430c06092b09addfc18cbe13ee589da commit: 78ef1b565ae26608f11a81f2b60e4a8e404ef9c3 Author: Jakub Jirutka jirutka cz> AuthorDate: Fri Sep 4 23:24:40 2015 +0000 Commit: Markos Chandras gentoo org> CommitDate: Fri Sep 4 23:24:40 2015 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=78ef1b56 app-emulation/lxc: GRKERNSEC_PROC is incompatible with unprivileged containers LXC uses newuidmap/newgidmap from the shadow package to map UIDs/GIDs for unprivileged containers and this doesn't play well with GRKERNSEC_PROC. You can read more details in https://github.com/shadow-maint/shadow/commit/884895ae25f4e684b8ca75ac03e775370f43a63d app-emulation/lxc/lxc-1.0.6-r1.ebuild | 2 ++ app-emulation/lxc/lxc-1.0.7.ebuild | 2 ++ app-emulation/lxc/lxc-1.1.0-r6.ebuild | 2 ++ app-emulation/lxc/lxc-1.1.1-r1.ebuild | 2 ++ app-emulation/lxc/lxc-1.1.2-r1.ebuild | 2 ++ app-emulation/lxc/lxc-1.1.2-r2.ebuild | 2 ++ app-emulation/lxc/lxc-1.1.2.ebuild | 2 ++ 7 files changed, 14 insertions(+) diff --git a/app-emulation/lxc/lxc-1.0.6-r1.ebuild b/app-emulation/lxc/lxc-1.0.6-r1.ebuild index a9b43e5..5fcb857 100644 --- a/app-emulation/lxc/lxc-1.0.6-r1.ebuild +++ b/app-emulation/lxc/lxc-1.0.6-r1.ebuild @@ -56,6 +56,7 @@ CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE ~!GRKERNSEC_CHROOT_PIVOT ~!GRKERNSEC_CHROOT_CHMOD ~!GRKERNSEC_CHROOT_CAPS + ~!GRKERNSEC_PROC " ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES: needed for pts inside container" @@ -77,6 +78,7 @@ ERROR_GRKERNSEC_CHROOT_DOUBLE=":CONFIG_GRKERNSEC_CHROOT_DOUBLE some GRSEC featur ERROR_GRKERNSEC_CHROOT_PIVOT=":CONFIG_GRKERNSEC_CHROOT_PIVOT some GRSEC features make LXC unusable see postinst notes" ERROR_GRKERNSEC_CHROOT_CHMOD=":CONFIG_GRKERNSEC_CHROOT_CHMOD some GRSEC features make LXC unusable see postinst notes" ERROR_GRKERNSEC_CHROOT_CAPS=":CONFIG_GRKERNSEC_CHROOT_CAPS some GRSEC features make LXC unusable see postinst notes" +ERROR_GRKERNSEC_PROC=":CONFIG_GRKERNSEC_PROC: this GRSEC feature is incompatible with unprivileged containers" DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt) diff --git a/app-emulation/lxc/lxc-1.0.7.ebuild b/app-emulation/lxc/lxc-1.0.7.ebuild index bb1af21..e762896 100644 --- a/app-emulation/lxc/lxc-1.0.7.ebuild +++ b/app-emulation/lxc/lxc-1.0.7.ebuild @@ -56,6 +56,7 @@ CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE ~!GRKERNSEC_CHROOT_PIVOT ~!GRKERNSEC_CHROOT_CHMOD ~!GRKERNSEC_CHROOT_CAPS + ~!GRKERNSEC_PROC " ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES: needed for pts inside container" @@ -77,6 +78,7 @@ ERROR_GRKERNSEC_CHROOT_DOUBLE=":CONFIG_GRKERNSEC_CHROOT_DOUBLE some GRSEC featur ERROR_GRKERNSEC_CHROOT_PIVOT=":CONFIG_GRKERNSEC_CHROOT_PIVOT some GRSEC features make LXC unusable see postinst notes" ERROR_GRKERNSEC_CHROOT_CHMOD=":CONFIG_GRKERNSEC_CHROOT_CHMOD some GRSEC features make LXC unusable see postinst notes" ERROR_GRKERNSEC_CHROOT_CAPS=":CONFIG_GRKERNSEC_CHROOT_CAPS some GRSEC features make LXC unusable see postinst notes" +ERROR_GRKERNSEC_PROC=":CONFIG_GRKERNSEC_PROC: this GRSEC feature is incompatible with unprivileged containers" DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt) diff --git a/app-emulation/lxc/lxc-1.1.0-r6.ebuild b/app-emulation/lxc/lxc-1.1.0-r6.ebuild index 5551bc9..57b24da 100644 --- a/app-emulation/lxc/lxc-1.1.0-r6.ebuild +++ b/app-emulation/lxc/lxc-1.1.0-r6.ebuild @@ -61,6 +61,7 @@ CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE ~!GRKERNSEC_CHROOT_PIVOT ~!GRKERNSEC_CHROOT_CHMOD ~!GRKERNSEC_CHROOT_CAPS + ~!GRKERNSEC_PROC " ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES: needed for pts inside container" @@ -89,6 +90,7 @@ ERROR_GRKERNSEC_CHROOT_DOUBLE="CONFIG_GRKERNSEC_CHROOT_DOUBLE: some GRSEC featu ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT: some GRSEC features make LXC unusable see postinst notes" ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD: some GRSEC features make LXC unusable see postinst notes" ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS: some GRSEC features make LXC unusable see postinst notes" +ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC: this GRSEC feature is incompatible with unprivileged containers" DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt) diff --git a/app-emulation/lxc/lxc-1.1.1-r1.ebuild b/app-emulation/lxc/lxc-1.1.1-r1.ebuild index fbdb089..bd4c9cd 100644 --- a/app-emulation/lxc/lxc-1.1.1-r1.ebuild +++ b/app-emulation/lxc/lxc-1.1.1-r1.ebuild @@ -61,6 +61,7 @@ CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE ~!GRKERNSEC_CHROOT_PIVOT ~!GRKERNSEC_CHROOT_CHMOD ~!GRKERNSEC_CHROOT_CAPS + ~!GRKERNSEC_PROC " ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES: needed for pts inside container" @@ -89,6 +90,7 @@ ERROR_GRKERNSEC_CHROOT_DOUBLE="CONFIG_GRKERNSEC_CHROOT_DOUBLE: some GRSEC featu ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT: some GRSEC features make LXC unusable see postinst notes" ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD: some GRSEC features make LXC unusable see postinst notes" ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS: some GRSEC features make LXC unusable see postinst notes" +ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC: this GRSEC feature is incompatible with unprivileged containers" DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt) diff --git a/app-emulation/lxc/lxc-1.1.2-r1.ebuild b/app-emulation/lxc/lxc-1.1.2-r1.ebuild index 8dd8dd2..50b4d5b 100644 --- a/app-emulation/lxc/lxc-1.1.2-r1.ebuild +++ b/app-emulation/lxc/lxc-1.1.2-r1.ebuild @@ -61,6 +61,7 @@ CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE ~!GRKERNSEC_CHROOT_PIVOT ~!GRKERNSEC_CHROOT_CHMOD ~!GRKERNSEC_CHROOT_CAPS + ~!GRKERNSEC_PROC " ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES: needed for pts inside container" @@ -89,6 +90,7 @@ ERROR_GRKERNSEC_CHROOT_DOUBLE="CONFIG_GRKERNSEC_CHROOT_DOUBLE: some GRSEC featu ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT: some GRSEC features make LXC unusable see postinst notes" ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD: some GRSEC features make LXC unusable see postinst notes" ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS: some GRSEC features make LXC unusable see postinst notes" +ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC: this GRSEC feature is incompatible with unprivileged containers" DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt) diff --git a/app-emulation/lxc/lxc-1.1.2-r2.ebuild b/app-emulation/lxc/lxc-1.1.2-r2.ebuild index 8dd8dd2..50b4d5b 100644 --- a/app-emulation/lxc/lxc-1.1.2-r2.ebuild +++ b/app-emulation/lxc/lxc-1.1.2-r2.ebuild @@ -61,6 +61,7 @@ CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE ~!GRKERNSEC_CHROOT_PIVOT ~!GRKERNSEC_CHROOT_CHMOD ~!GRKERNSEC_CHROOT_CAPS + ~!GRKERNSEC_PROC " ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES: needed for pts inside container" @@ -89,6 +90,7 @@ ERROR_GRKERNSEC_CHROOT_DOUBLE="CONFIG_GRKERNSEC_CHROOT_DOUBLE: some GRSEC featu ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT: some GRSEC features make LXC unusable see postinst notes" ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD: some GRSEC features make LXC unusable see postinst notes" ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS: some GRSEC features make LXC unusable see postinst notes" +ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC: this GRSEC feature is incompatible with unprivileged containers" DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt) diff --git a/app-emulation/lxc/lxc-1.1.2.ebuild b/app-emulation/lxc/lxc-1.1.2.ebuild index 660348e..8d89bca 100644 --- a/app-emulation/lxc/lxc-1.1.2.ebuild +++ b/app-emulation/lxc/lxc-1.1.2.ebuild @@ -61,6 +61,7 @@ CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE ~!GRKERNSEC_CHROOT_PIVOT ~!GRKERNSEC_CHROOT_CHMOD ~!GRKERNSEC_CHROOT_CAPS + ~!GRKERNSEC_PROC " ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES: needed for pts inside container" @@ -89,6 +90,7 @@ ERROR_GRKERNSEC_CHROOT_DOUBLE="CONFIG_GRKERNSEC_CHROOT_DOUBLE: some GRSEC featu ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT: some GRSEC features make LXC unusable see postinst notes" ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD: some GRSEC features make LXC unusable see postinst notes" ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS: some GRSEC features make LXC unusable see postinst notes" +ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC: this GRSEC feature is incompatible with unprivileged containers" DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)