Cool, thanks, that is very nicely done :)
I'll leave it to you and Stéphane to decide whether this ought to be
integrated with the config scripts shipped in lxc or not. The
way you have it set up doesn't appear to lose any of the protections
for the host from the unprivileged users, so I'd be
Quoting Rory McCann (rory.mcc...@riverbed.com):
Serge Hallyn serge.hallyn@... writes:
Quoting Serge Hallyn (serge.hallyn at ubuntu.com):
Quoting Rory McCann (Rory.McCann at riverbed.com):
..
Now, after exiting the container and re-running the lxc-execute
command, I straightaway get
Is there a way to alter the selinux context of certain directories or
files in /proc and /sys inside the container? AppArmor looks to have
the an easier config in this matter but I can't seem to get it to build
correctly on Fedora 21.
Most of these files share the same context, so I don't
Quoting Serge Hallyn (serge.hal...@ubuntu.com):
Quoting Rory McCann (rory.mcc...@riverbed.com):
Serge Hallyn serge.hallyn@... writes:
Quoting Serge Hallyn (serge.hallyn at ubuntu.com):
Quoting Rory McCann (Rory.McCann at riverbed.com):
..
Now, after exiting the container and
On Wed, Feb 18, 2015 at 12:27 AM, Serge Hallyn serge.hal...@ubuntu.com wrote:
Quoting Fajar A. Nugraha (l...@fajar.net):
# c1's veth name on host side
auto v-c1-0
iface v-c1-0 inet static
I'm probably just ignorant here, but - does this not cause 'ifup -a' to
fail when the containers are
Serge Hallyn serge.hallyn@... writes:
Quoting Serge Hallyn (serge.hallyn at ubuntu.com):
Quoting Rory McCann (Rory.McCann at riverbed.com):
..
Now, after exiting the container and re-running the lxc-execute
command, I straightaway get a
segmentation fault, and the following kernel