Quoting Christian Seiler (christ...@iwakd.de):
No objection to pushing the patch as is, so
Acked-by: Serge E. Hallyn <serge.hal...@ubuntu.com>
but one question:
> + /* load apparmor profile */
> + if ((options->namespaces & CLONE_NEWNS) && (options->attach_flags &
> LXC_ATTACH_APPARMOR)) {
> + ret = attach_apparmor(init_ctx->aa_profile);
> + if (ret < 0) {
> + shutdown(ipc_socket, SHUT_RDWR);
> + rexit(-1);
> + }
> + }
Are you doign the CLONE_NEWNS check because proc might otherwise not be
mounted? Would it make sense to move attach-apparmor to after the
lxc_attach_remount_sys_proc() below so we can run it in that case too?
> +
> + /* A description of the purpose of this functionality is
> + * provided in the lxc-attach(1) manual page. We have to
> + * remount here and not in the parent process, otherwise
> + * /proc may not properly reflect the new pid namespace.
> + */
> + if (!(options->namespaces & CLONE_NEWNS) && (options->attach_flags &
> LXC_ATTACH_REMOUNT_PROC_SYS)) {
> + ret = lxc_attach_remount_sys_proc();
> + if (ret < 0) {
> + shutdown(ipc_socket, SHUT_RDWR);
> + rexit(-1);
> + }
> + }
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
