LXC should allow writting to /proc/sys/kernel/shm* as they are covered by the IPC namespace
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lxc (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
Wishlist
|
Stéphane Graber | ||
Quantal |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Filing this bug based on discussion on lxc-devel and lxc-users where multiple people reported trying to increase shmmax and getting permission denied from apparmor.
After doing some more checks with Serge, it was confirmed that /proc/sys/
[rational]
Multiple people expressed the need to change their IPC namespace settings in /proc/sys/
[test case]
1) start a container
2) try to update /proc/sys/
2) should work, in the past it'd fail with ENOPERM
[regression potential]
The apparmor syntax was confirmed to be correct and was tested on quantal and precise, I can't think of any possible regression caused by this change to the apparmor profile. The only potential problem would be if some kernels were to expose shm* entries that aren't tied to the IPC namespace, but on the kernels I tried it on (stock Ubuntu kernels), that's not the case.
Related branches
Changed in lxc (Ubuntu Quantal): | |
status: | New → Fix Released |
Changed in lxc (Ubuntu Precise): | |
status: | New → In Progress |
importance: | Undecided → Wishlist |
assignee: | nobody → Stéphane Graber (stgraber) |
Hello Stéphane, or anyone else affected,
Accepted lxc into precise-proposed. The package will build now and be available at http:// launchpad. net/ubuntu/ +source/ lxc/0.7. 5-3ubuntu60 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See https:/ /wiki.ubuntu. com/Testing/ EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.
If this package fixes the bug for you, please change the bug tag from verification-needed to verification-done. If it does not, change the tag to verification- failed. In either case, details of your testing will help us make a better decision.
Further information regarding the verification process can be found at https:/ /wiki.ubuntu. com/QATeam/ PerformingSRUVe rification . Thank you in advance!