Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: 4fef78bc332a2d186dca6f1c29952a0ec5423217
https://github.com/lxc/lxc/commit/4fef78bc332a2d186dca6f1c29952a0ec5423217
Author: Maximilian Blenk <maximilian.bl...@bmw.de>
Date: 2020-01-31 (Fri, 31 Jan 2020)
Changed paths:
M config/selinux/lxc.te
M src/lxc/conf.c
M src/lxc/conf.h
M src/lxc/confile.c
M src/lxc/lsm/lsm.c
M src/lxc/lsm/lsm.h
M src/lxc/lsm/selinux.c
M src/lxc/utils.c
M src/lxc/utils.h
Log Message:
-----------
container.conf: Add option to set keyring SELinux context
lxc set's up a new session keyring for every container by default.
If executed on an SELinux enabled system, by default, the keyring
inherits the label of the creating process. If executed with the
currently available SELinux policy, this means that the keyring
is labeled with the lxc_t type. Applications inside the container,
however, might expect that the keyring is labeled with a certain
context (and will fail to access the keyring if it's not explicitly
allowed in the global policy). This patch introduces the config
option lxc.selinux.context.keyring which enables to specify the
label of the newly created keyring. That is, the keyring can be
labeled with the label expected by the started application.
Signed-off-by: Maximilian Blenk <maximilian.bl...@bmw.de>
Commit: 8f818a845432b36b3b344a24ae9dee596bac4687
https://github.com/lxc/lxc/commit/8f818a845432b36b3b344a24ae9dee596bac4687
Author: Maximilian Blenk <maximilian.bl...@bmw.de>
Date: 2020-01-31 (Fri, 31 Jan 2020)
Changed paths:
M src/lxc/conf.c
M src/lxc/conf.h
M src/lxc/confile.c
M src/lxc/confile_utils.c
M src/lxc/confile_utils.h
Log Message:
-----------
container.conf: Add option to disable session keyring creation
lxc set's up a new session keyring for every container by default.
There might be valid use-cases where this is not wanted / needed
(e.g. systemd by default creates a new session keyring anyway).
Signed-off-by: Maximilian Blenk <maximilian.bl...@bmw.de>
Commit: ad36e96a3d54667dcde6f124a8c36d8e7bdbc4a3
https://github.com/lxc/lxc/commit/ad36e96a3d54667dcde6f124a8c36d8e7bdbc4a3
Author: Maximilian Blenk <maximilian.bl...@bmw.de>
Date: 2020-01-31 (Fri, 31 Jan 2020)
Changed paths:
M doc/lxc.container.conf.sgml.in
Log Message:
-----------
doc: Add doc for keyring options
Signed-off-by: Maximilian Blenk <maximilian.bl...@bmw.de>
Commit: a8b9febda3102c98468586bc59c69f899f7f1f19
https://github.com/lxc/lxc/commit/a8b9febda3102c98468586bc59c69f899f7f1f19
Author: Christian Brauner <christian.brau...@ubuntu.com>
Date: 2020-01-31 (Fri, 31 Jan 2020)
Changed paths:
M config/selinux/lxc.te
M doc/lxc.container.conf.sgml.in
M src/lxc/conf.c
M src/lxc/conf.h
M src/lxc/confile.c
M src/lxc/confile_utils.c
M src/lxc/confile_utils.h
M src/lxc/lsm/lsm.c
M src/lxc/lsm/lsm.h
M src/lxc/lsm/selinux.c
M src/lxc/utils.c
M src/lxc/utils.h
Log Message:
-----------
Merge pull request #3260 from blenk92/add-keyring-option
Add keyring option
Compare: https://github.com/lxc/lxc/compare/f5a15e1e3d92...a8b9febda310
_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
