From f62d31fd511bb9e5bbb4e3a6a90ae950fca7c60c Mon Sep 17 00:00:00 2001 From: Wolfgang Bumiller Date: Thu, 11 Oct 2018 11:48:58 +0200 Subject: [PATCH] fixup patch names namespace separation patch Signed-off-by: Wolfgang Bumiller --- ...006-PVE-Config-namespace-separation.patch} | 21 +++++++++++++++++-- debian/patches/series | 2 +- 2 files changed, 20 insertions(+), 3 deletions(-) rename debian/patches/pve/{0006-PVE-Config-rename-cgroup-namespace-directory-to-ns.patch => 0006-PVE-Config-namespace-separation.patch} (54%) diff --git a/debian/patches/pve/0006-PVE-Config-rename-cgroup-namespace-directory-to-ns.patch b/debian/patches/pve/0006-PVE-Config-namespace-separation.patch similarity index 54% rename from debian/patches/pve/0006-PVE-Config-rename-cgroup-namespace-directory-to-ns.patch rename to debian/patches/pve/0006-PVE-Config-namespace-separation.patch index 45d340b..20e6b90 100644 --- a/debian/patches/pve/0006-PVE-Config-rename-cgroup-namespace-directory-to-ns.patch +++ b/debian/patches/pve/0006-PVE-Config-namespace-separation.patch @@ -1,12 +1,16 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Wolfgang Bumiller Date: Fri, 23 Dec 2016 15:57:24 +0100 -Subject: [PATCH] PVE: [Config] rename cgroup namespace directory to ns +Subject: [PATCH] PVE: [Config] namespace separation + +* rename cgroup namespace directory to ns +* set lxc.cgroup.protect_limits default to 'both' Signed-off-by: Wolfgang Bumiller --- src/lxc/cgroups/cgroup.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) + src/lxc/initutils.h | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lxc/cgroups/cgroup.h b/src/lxc/cgroups/cgroup.h index b12c1f4c..6b8df1b3 100644 @@ -21,6 +25,19 @@ index b12c1f4c..6b8df1b3 100644 struct lxc_handler; struct lxc_conf; +diff --git a/src/lxc/initutils.h b/src/lxc/initutils.h +index 4d005679..653869b5 100644 +--- a/src/lxc/initutils.h ++++ b/src/lxc/initutils.h +@@ -42,7 +42,7 @@ + #define DEFAULT_THIN_POOL "lxc" + #define DEFAULT_ZFSROOT "lxc" + #define DEFAULT_RBDPOOL "lxc" +-#define DEFAULT_CGPROTECT "privileged" ++#define DEFAULT_CGPROTECT "both" + + #ifndef PR_SET_MM + #define PR_SET_MM 35 -- 2.11.0 diff --git a/debian/patches/series b/debian/patches/series index 1abfe9e..c12ebd1 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -3,7 +3,7 @@ pve/0002-PVE-Down-run-lxcnetaddbr-when-instantiating-veths.patch pve/0003-PVE-Config-deny-rw-mounting-of-sys-and-proc.patch pve/0004-PVE-Up-separate-the-limiting-from-the-namespaced-cgr.patch pve/0005-PVE-Up-start-initutils-make-cgroupns-separation-leve.patch -pve/0006-PVE-Config-rename-cgroup-namespace-directory-to-ns.patch +pve/0006-PVE-Config-namespace-separation.patch pve/0007-PVE-Up-possibility-to-run-lxc-monitord-as-a-regular-.patch pve/0008-PVE-Deprecated-Make-lxc-.service-forking.patch extra/0001-confile-add-lxc.monitor.signal.pdeath.patch -- 2.39.2