fixup patch names namespace separation patch

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

diff --git a/debian/patches/pve/0006-PVE-Config-namespace-separation.patch b/debian/patches/pve/0006-PVE-Config-namespace-separation.patch
new file mode 100644 (file)
index 0000000..20e6b90
--- /dev/null
+++ b/debian/patches/pve/0006-PVE-Config-namespace-separation.patch
@@ -0,0 +1,43 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Wolfgang Bumiller <w.bumiller@proxmox.com>
+Date: Fri, 23 Dec 2016 15:57:24 +0100
+Subject: [PATCH] PVE: [Config] namespace separation
+
+* rename cgroup namespace directory to ns
+* set lxc.cgroup.protect_limits default to 'both'
+
+Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
+---
+ src/lxc/cgroups/cgroup.h | 2 +-
+ src/lxc/initutils.h      | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/lxc/cgroups/cgroup.h b/src/lxc/cgroups/cgroup.h
+index b12c1f4c..6b8df1b3 100644
+--- a/src/lxc/cgroups/cgroup.h
++++ b/src/lxc/cgroups/cgroup.h
+@@ -32,7 +32,7 @@
+  * will be moved into an additional subdirectory "cgns/" inside the cgroup in
+  * order to prevent it from accessing the outer limiting cgroup.
+  */
+-#define CGROUP_NAMESPACE_SUBDIR "cgns"
++#define CGROUP_NAMESPACE_SUBDIR "ns"
+ 
+ struct lxc_handler;
+ struct lxc_conf;
+diff --git a/src/lxc/initutils.h b/src/lxc/initutils.h
+index 4d005679..653869b5 100644
+--- a/src/lxc/initutils.h
++++ b/src/lxc/initutils.h
+@@ -42,7 +42,7 @@
+ #define DEFAULT_THIN_POOL "lxc"
+ #define DEFAULT_ZFSROOT "lxc"
+ #define DEFAULT_RBDPOOL "lxc"
+-#define DEFAULT_CGPROTECT "privileged"
++#define DEFAULT_CGPROTECT "both"
+ 
+ #ifndef PR_SET_MM
+ #define PR_SET_MM 35
+-- 
+2.11.0
+

diff --git a/debian/patches/pve/0006-PVE-Config-rename-cgroup-namespace-directory-to-ns.patch b/debian/patches/pve/0006-PVE-Config-rename-cgroup-namespace-directory-to-ns.patch
deleted file mode 100644 (file)
index 45d340b..0000000
--- a/debian/patches/pve/0006-PVE-Config-rename-cgroup-namespace-directory-to-ns.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Wolfgang Bumiller <w.bumiller@proxmox.com>
-Date: Fri, 23 Dec 2016 15:57:24 +0100
-Subject: [PATCH] PVE: [Config] rename cgroup namespace directory to ns
-
-Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
----
- src/lxc/cgroups/cgroup.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/lxc/cgroups/cgroup.h b/src/lxc/cgroups/cgroup.h
-index b12c1f4c..6b8df1b3 100644
---- a/src/lxc/cgroups/cgroup.h
-+++ b/src/lxc/cgroups/cgroup.h
-@@ -32,7 +32,7 @@
-  * will be moved into an additional subdirectory "cgns/" inside the cgroup in
-  * order to prevent it from accessing the outer limiting cgroup.
-  */
--#define CGROUP_NAMESPACE_SUBDIR "cgns"
-+#define CGROUP_NAMESPACE_SUBDIR "ns"
- 
- struct lxc_handler;
- struct lxc_conf;
--- 
-2.11.0
-

diff --git a/debian/patches/series b/debian/patches/series
index 1abfe9e949d1fa5ee3d3d38748dc74281aa81b0f..c12ebd15c8c7b8019b7fd654a81a3ceaba4d4732 100644 (file)
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -3,7 +3,7 @@ pve/0002-PVE-Down-run-lxcnetaddbr-when-instantiating-veths.patch
 pve/0003-PVE-Config-deny-rw-mounting-of-sys-and-proc.patch
 pve/0004-PVE-Up-separate-the-limiting-from-the-namespaced-cgr.patch
 pve/0005-PVE-Up-start-initutils-make-cgroupns-separation-leve.patch
-pve/0006-PVE-Config-rename-cgroup-namespace-directory-to-ns.patch
+pve/0006-PVE-Config-namespace-separation.patch
 pve/0007-PVE-Up-possibility-to-run-lxc-monitord-as-a-regular-.patch
 pve/0008-PVE-Deprecated-Make-lxc-.service-forking.patch
 extra/0001-confile-add-lxc.monitor.signal.pdeath.patch