Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
+lxc-pve (4.0.2-1) pve; urgency=medium
+
+ * update teo lxc-4.0.2
+
+ -- Proxmox Support Team <support@proxmox.com> Mon, 20 Apr 2020 11:48:54 +0200
+
lxc-pve (4.0.0-2) pve; urgency=medium
* update to include devices cgroup fixes for cgroup isolation
lxc-pve (4.0.0-2) pve; urgency=medium
* update to include devices cgroup fixes for cgroup isolation
-From 04922f2a329f7a8144efd38ac95aaf8c57c3f2fc Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Fri, 10 Feb 2017 09:13:40 +0100
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Fri, 10 Feb 2017 09:13:40 +0100
-Subject: [PATCH lxc 1/3] PVE: [Config] lxc.service: start after a potential
+Subject: [PATCH lxc] PVE: [Config] lxc.service: start after a potential
syslog.service
We could add this as a snippet from pve-container instead.
syslog.service
We could add this as a snippet from pve-container instead.
Wants=lxc-net.service
Documentation=man:lxc-autostart man:lxc
Wants=lxc-net.service
Documentation=man:lxc-autostart man:lxc
-From b27de3448f4e1254f8a91c9241877e8bb768b752 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
Date: Wed, 9 Nov 2016 09:14:26 +0100
From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
Date: Wed, 9 Nov 2016 09:14:26 +0100
-Subject: [PATCH lxc 2/3] PVE: [Config] deny rw mounting of /sys and /proc
+Subject: [PATCH lxc] PVE: [Config] deny rw mounting of /sys and /proc
Note that we don't actually make use of this anymore, since
we switched to the generated profiles which already do this.
Note that we don't actually make use of this anymore, since
we switched to the generated profiles which already do this.
# allow paths to be made slave, shared, private or unbindable
# FIXME: This currently doesn't work due to the apparmor parser treating those as allowing all mounts.
# mount options=(rw,make-slave) -> **,
# allow paths to be made slave, shared, private or unbindable
# FIXME: This currently doesn't work due to the apparmor parser treating those as allowing all mounts.
# mount options=(rw,make-slave) -> **,
-From 580f2f5423b975f2d6a19004139788758a34359f Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Tue, 13 Aug 2019 13:57:22 +0200
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Tue, 13 Aug 2019 13:57:22 +0200
-Subject: [PATCH lxc 3/3] PVE: [Config] attach: always use getent
+Subject: [PATCH lxc] PVE: [Config] attach: always use getent
In debian buster, some libnss plugins (if installed) can
cause getpwent to segfault instead of erroring out cleanly.
In debian buster, some libnss plugins (if installed) can
cause getpwent to segfault instead of erroring out cleanly.
1 file changed, 2 insertions(+), 26 deletions(-)
diff --git a/src/lxc/attach.c b/src/lxc/attach.c
1 file changed, 2 insertions(+), 26 deletions(-)
diff --git a/src/lxc/attach.c b/src/lxc/attach.c
-index 406b8ec74..0a82c0a5d 100644
+index bbf95bd5b..de3a98cf9 100644
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
-@@ -1454,12 +1454,8 @@ int lxc_attach_run_command(void *payload)
+@@ -1456,12 +1456,8 @@ int lxc_attach_run_command(void *payload)
int lxc_attach_run_shell(void* payload)
{
int lxc_attach_run_shell(void* payload)
{
int ret;
/* Ignore payload parameter. */
int ret;
/* Ignore payload parameter. */
-@@ -1467,32 +1463,13 @@ int lxc_attach_run_shell(void* payload)
+@@ -1469,32 +1465,13 @@ int lxc_attach_run_shell(void* payload)
if (user_shell)
execlp(user_shell, user_shell, (char *)NULL);
if (user_shell)
execlp(user_shell, user_shell, (char *)NULL);
-@@ -1502,8 +1479,7 @@ int lxc_attach_run_shell(void* payload)
+@@ -1504,8 +1481,7 @@ int lxc_attach_run_shell(void* payload)
execlp("/bin/sh", "/bin/sh", (char *)NULL);
SYSERROR("Failed to execute shell");
execlp("/bin/sh", "/bin/sh", (char *)NULL);
SYSERROR("Failed to execute shell");
-Subproject commit 51c8368a374726485b7a99b7e4dff05f60b1872c
+Subproject commit 538337ee9dc5ca385cc8d9b6faaac1575c014a1b