@neil-aldur, did you forget to attach the debdiff?
By restricting the signal set you also restrict what $SIG you can put to "podman kill --signal $SIG".
I did not realize that there's a podman reference profile as well, but since podman doesn't try to kill the container by itself, I wonder if it makes sense to arbitrarily open a policy like this.
Also, whether you changes are good or not, they diverge from the policy changes we have already merged to containerd and moby upstream. Not sure if that's a problem.
Regarding your changes to the changelog entry in your MP: I based my entry on comment on a code comment from ahasenack (https://code.launchpad.net/~fun2program8/ubuntu/+source/crun/+git/crun/+merge/464233, you have to select b879 commit, it's the first code comment). I don't think we should copy the commit message into changelog entries. It's already in the patch.
@neil-aldur, did you forget to attach the debdiff?
By restricting the signal set you also restrict what $SIG you can put to "podman kill --signal $SIG".
I did not realize that there's a podman reference profile as well, but since podman doesn't try to kill the container by itself, I wonder if it makes sense to arbitrarily open a policy like this.
Also, whether you changes are good or not, they diverge from the policy changes we have already merged to containerd and moby upstream. Not sure if that's a problem.
Regarding your changes to the changelog entry in your MP: I based my entry on comment on a code comment from ahasenack (https:/ /code.launchpad .net/~fun2progr am8/ubuntu/ +source/ crun/+git/ crun/+merge/ 464233, you have to select b879 commit, it's the first code comment). I don't think we should copy the commit message into changelog entries. It's already in the patch.