Blueprint changed by Serge Hallyn: Whiteboard changed: Status: Started NOTE: (jdstrand) jjohansen's work items are being tracked as part ot security-p-apparmor-containers and I added a dependency of this bp to that one Work Items: [serge-hallyn] LXC init script to create default bridge if enabled in /etc/default/lxc: DONE [daniel-lezcano] Get patchset accepted into kernel so kernel can send reboot signal to container : INPROGRESS [serge-hallyn] Change userspace lxc to not need to watch utmp for reboot: DONE [serge-hallyn] queue ubuntu package delta for upstream on github: DONE [stgraber] Make sure we can build in a working LXC container for arm on x86 (need new apt): BLOCKED [stgraber] Allow mknod in the default Ubuntu template for precise: DONE [stgraber] modprobe should not work in a container ( check libvirt ): DONE [smoser] open bug for libvirt to check capsys-module, capmac*: TODO [stgraber] make mountall not mount certain things when inside a container: DONE - Move lxc-is-container (as generic is-container) into upstart: TODO - Move lxc consoles into upstart: TODO - [serge-hallyn] Add apparmor profile: INPROGRESS + Move lxc-is-container (as generic is-container) into upstart: INPROGRESS + Move lxc consoles into upstart: INPROGRESS + [serge-hallyn] Add apparmor profile: DONE + [serge-hallyn] When mount controls are in kernel, use them in apparmor profile: TODO [serge-hallyn] Keep pushing on the patchset for userns vfs patches: POSTPONED Questions/Comments: Would we be able to get some documentation of what we can expect (and not expect) from a security aspect this cycle soon? -- Daviey See wiki.ubuntu.com/LxcSecurity. Please let me know if more is needed. Thanks.
-- LXC development for Precise https://blueprints.launchpad.net/ubuntu/+spec/servercloud-p-lxc -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
