[gentoo-commits] repo/gentoo:master commit in: app-emulation/lxc/

Mon, 05 Oct 2015 10:13:58 -0700 

commit:     78ef1b565ae26608f11a81f2b60e4a8e404ef9c3
Author:     Jakub Jirutka <jakub <AT> jirutka <DOT> cz>
AuthorDate: Fri Sep  4 23:24:40 2015 +0000
Commit:     Markos Chandras <hwoarang <AT> gentoo <DOT> org>
CommitDate: Fri Sep  4 23:24:40 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=78ef1b56

app-emulation/lxc: GRKERNSEC_PROC is incompatible with unprivileged containers

LXC uses newuidmap/newgidmap from the shadow package to map UIDs/GIDs
for unprivileged containers and this doesn't play well with
GRKERNSEC_PROC. You can read more details in
https://github.com/shadow-maint/shadow/commit/884895ae25f4e684b8ca75ac03e775370f43a63d

 app-emulation/lxc/lxc-1.0.6-r1.ebuild | 2 ++
 app-emulation/lxc/lxc-1.0.7.ebuild    | 2 ++
 app-emulation/lxc/lxc-1.1.0-r6.ebuild | 2 ++
 app-emulation/lxc/lxc-1.1.1-r1.ebuild | 2 ++
 app-emulation/lxc/lxc-1.1.2-r1.ebuild | 2 ++
 app-emulation/lxc/lxc-1.1.2-r2.ebuild | 2 ++
 app-emulation/lxc/lxc-1.1.2.ebuild    | 2 ++
 7 files changed, 14 insertions(+)

diff --git a/app-emulation/lxc/lxc-1.0.6-r1.ebuild 
b/app-emulation/lxc/lxc-1.0.6-r1.ebuild
index a9b43e5..5fcb857 100644
--- a/app-emulation/lxc/lxc-1.0.6-r1.ebuild
+++ b/app-emulation/lxc/lxc-1.0.6-r1.ebuild
@@ -56,6 +56,7 @@ CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE
        ~!GRKERNSEC_CHROOT_PIVOT
        ~!GRKERNSEC_CHROOT_CHMOD
        ~!GRKERNSEC_CHROOT_CAPS
+       ~!GRKERNSEC_PROC
 "
 
 ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES:     needed 
for pts inside container"
@@ -77,6 +78,7 @@ 
ERROR_GRKERNSEC_CHROOT_DOUBLE=":CONFIG_GRKERNSEC_CHROOT_DOUBLE        some 
GRSEC featur
 ERROR_GRKERNSEC_CHROOT_PIVOT=":CONFIG_GRKERNSEC_CHROOT_PIVOT   some GRSEC 
features make LXC unusable see postinst notes"
 ERROR_GRKERNSEC_CHROOT_CHMOD=":CONFIG_GRKERNSEC_CHROOT_CHMOD   some GRSEC 
features make LXC unusable see postinst notes"
 ERROR_GRKERNSEC_CHROOT_CAPS=":CONFIG_GRKERNSEC_CHROOT_CAPS     some GRSEC 
features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_PROC=":CONFIG_GRKERNSEC_PROC:  this GRSEC feature is 
incompatible with unprivileged containers"
 
 DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)
 

diff --git a/app-emulation/lxc/lxc-1.0.7.ebuild 
b/app-emulation/lxc/lxc-1.0.7.ebuild
index bb1af21..e762896 100644
--- a/app-emulation/lxc/lxc-1.0.7.ebuild
+++ b/app-emulation/lxc/lxc-1.0.7.ebuild
@@ -56,6 +56,7 @@ CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE
        ~!GRKERNSEC_CHROOT_PIVOT
        ~!GRKERNSEC_CHROOT_CHMOD
        ~!GRKERNSEC_CHROOT_CAPS
+       ~!GRKERNSEC_PROC
 "
 
 ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES:     needed 
for pts inside container"
@@ -77,6 +78,7 @@ 
ERROR_GRKERNSEC_CHROOT_DOUBLE=":CONFIG_GRKERNSEC_CHROOT_DOUBLE        some 
GRSEC featur
 ERROR_GRKERNSEC_CHROOT_PIVOT=":CONFIG_GRKERNSEC_CHROOT_PIVOT   some GRSEC 
features make LXC unusable see postinst notes"
 ERROR_GRKERNSEC_CHROOT_CHMOD=":CONFIG_GRKERNSEC_CHROOT_CHMOD   some GRSEC 
features make LXC unusable see postinst notes"
 ERROR_GRKERNSEC_CHROOT_CAPS=":CONFIG_GRKERNSEC_CHROOT_CAPS     some GRSEC 
features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_PROC=":CONFIG_GRKERNSEC_PROC:  this GRSEC feature is 
incompatible with unprivileged containers"
 
 DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)
 

diff --git a/app-emulation/lxc/lxc-1.1.0-r6.ebuild 
b/app-emulation/lxc/lxc-1.1.0-r6.ebuild
index 5551bc9..57b24da 100644
--- a/app-emulation/lxc/lxc-1.1.0-r6.ebuild
+++ b/app-emulation/lxc/lxc-1.1.0-r6.ebuild
@@ -61,6 +61,7 @@ CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE
        ~!GRKERNSEC_CHROOT_PIVOT
        ~!GRKERNSEC_CHROOT_CHMOD
        ~!GRKERNSEC_CHROOT_CAPS
+       ~!GRKERNSEC_PROC
 "
 
 ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES:  needed for 
pts inside container"
@@ -89,6 +90,7 @@ 
ERROR_GRKERNSEC_CHROOT_DOUBLE="CONFIG_GRKERNSEC_CHROOT_DOUBLE:  some GRSEC featu
 ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT:  some GRSEC 
features make LXC unusable see postinst notes"
 ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD:  some GRSEC 
features make LXC unusable see postinst notes"
 ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS:  some GRSEC 
features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC:  this GRSEC feature is 
incompatible with unprivileged containers"
 
 DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)
 

diff --git a/app-emulation/lxc/lxc-1.1.1-r1.ebuild 
b/app-emulation/lxc/lxc-1.1.1-r1.ebuild
index fbdb089..bd4c9cd 100644
--- a/app-emulation/lxc/lxc-1.1.1-r1.ebuild
+++ b/app-emulation/lxc/lxc-1.1.1-r1.ebuild
@@ -61,6 +61,7 @@ CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE
        ~!GRKERNSEC_CHROOT_PIVOT
        ~!GRKERNSEC_CHROOT_CHMOD
        ~!GRKERNSEC_CHROOT_CAPS
+       ~!GRKERNSEC_PROC
 "
 
 ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES:  needed for 
pts inside container"
@@ -89,6 +90,7 @@ 
ERROR_GRKERNSEC_CHROOT_DOUBLE="CONFIG_GRKERNSEC_CHROOT_DOUBLE:  some GRSEC featu
 ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT:  some GRSEC 
features make LXC unusable see postinst notes"
 ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD:  some GRSEC 
features make LXC unusable see postinst notes"
 ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS:  some GRSEC 
features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC:  this GRSEC feature is 
incompatible with unprivileged containers"
 
 DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)
 

diff --git a/app-emulation/lxc/lxc-1.1.2-r1.ebuild 
b/app-emulation/lxc/lxc-1.1.2-r1.ebuild
index 8dd8dd2..50b4d5b 100644
--- a/app-emulation/lxc/lxc-1.1.2-r1.ebuild
+++ b/app-emulation/lxc/lxc-1.1.2-r1.ebuild
@@ -61,6 +61,7 @@ CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE
        ~!GRKERNSEC_CHROOT_PIVOT
        ~!GRKERNSEC_CHROOT_CHMOD
        ~!GRKERNSEC_CHROOT_CAPS
+       ~!GRKERNSEC_PROC
 "
 
 ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES:  needed for 
pts inside container"
@@ -89,6 +90,7 @@ 
ERROR_GRKERNSEC_CHROOT_DOUBLE="CONFIG_GRKERNSEC_CHROOT_DOUBLE:  some GRSEC featu
 ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT:  some GRSEC 
features make LXC unusable see postinst notes"
 ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD:  some GRSEC 
features make LXC unusable see postinst notes"
 ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS:  some GRSEC 
features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC:  this GRSEC feature is 
incompatible with unprivileged containers"
 
 DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)
 

diff --git a/app-emulation/lxc/lxc-1.1.2-r2.ebuild 
b/app-emulation/lxc/lxc-1.1.2-r2.ebuild
index 8dd8dd2..50b4d5b 100644
--- a/app-emulation/lxc/lxc-1.1.2-r2.ebuild
+++ b/app-emulation/lxc/lxc-1.1.2-r2.ebuild
@@ -61,6 +61,7 @@ CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE
        ~!GRKERNSEC_CHROOT_PIVOT
        ~!GRKERNSEC_CHROOT_CHMOD
        ~!GRKERNSEC_CHROOT_CAPS
+       ~!GRKERNSEC_PROC
 "
 
 ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES:  needed for 
pts inside container"
@@ -89,6 +90,7 @@ 
ERROR_GRKERNSEC_CHROOT_DOUBLE="CONFIG_GRKERNSEC_CHROOT_DOUBLE:  some GRSEC featu
 ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT:  some GRSEC 
features make LXC unusable see postinst notes"
 ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD:  some GRSEC 
features make LXC unusable see postinst notes"
 ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS:  some GRSEC 
features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC:  this GRSEC feature is 
incompatible with unprivileged containers"
 
 DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)
 

diff --git a/app-emulation/lxc/lxc-1.1.2.ebuild 
b/app-emulation/lxc/lxc-1.1.2.ebuild
index 660348e..8d89bca 100644
--- a/app-emulation/lxc/lxc-1.1.2.ebuild
+++ b/app-emulation/lxc/lxc-1.1.2.ebuild
@@ -61,6 +61,7 @@ CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE
        ~!GRKERNSEC_CHROOT_PIVOT
        ~!GRKERNSEC_CHROOT_CHMOD
        ~!GRKERNSEC_CHROOT_CAPS
+       ~!GRKERNSEC_PROC
 "
 
 ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES:  needed for 
pts inside container"
@@ -89,6 +90,7 @@ 
ERROR_GRKERNSEC_CHROOT_DOUBLE="CONFIG_GRKERNSEC_CHROOT_DOUBLE:  some GRSEC featu
 ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT:  some GRSEC 
features make LXC unusable see postinst notes"
 ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD:  some GRSEC 
features make LXC unusable see postinst notes"
 ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS:  some GRSEC 
features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC:  this GRSEC feature is 
incompatible with unprivileged containers"
 
 DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)

Reply via email to