| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0004-apparmor.d-Sets-container-base-accordingly-to-container-base.in.patch | [apparmor.d] Sets container-base accordingly to container-base.in | =?utf-8?q?Pierre-Elliott_B=C3=A9cue?= <peb@debian.org> | no | 2019-08-05 | ||
| 0005-lxc.service-Starts-after-remote-fs.target.patch | [lxc.service] Starts after remote-fs.target | =?utf-8?q?Pierre-Elliott_B=C3=A9cue?= <peb@debian.org> | no | 2019-08-05 | ||
| 0004-nesting-Extend-mount-permissions-in-apparmor-to-allo.patch | [nesting] Extend mount permissions in apparmor to allow systemd services' restrictions to work These options allow systemd security features to work. In particular cases, it helps with systemd-logind and program like this It's only added in nesting profile as it could pose security risks on privileged containers. mount options=(rw,rbind) -> /run/systemd/unit-root/, mount options=(rw,rbind) -> /run/systemd/unit-root/**, mount options=(rw,rshared) -> /, mount options=(rw,nosuid,nodev,noexec) proc -> /run/systemd/unit-root/proc/, |
=?utf-8?q?Pierre-Elliott_B=C3=A9cue?= <peb@debian.org> | no | 2022-08-01 | ||
| 0100-fix-nftables-ipv6.patch | [PATCH] lxc-net.in: fix nftables syntax for IPv6 NAT The nftables masquarade rule for IPv6 was using the IPv4 syntax. This resulted in the following error when starting the lxc-net.service with LXC_IPV6_NAT="true" and nftables: Feb 11 18:54:54 pc lxc-net[4936]: Error: conflicting protocols specified: ip6 vs. ip Feb 11 18:54:54 pc lxc-net[4936]: ^^^^^^^^ Feb 11 18:54:54 pc lxc-net[4917]: Failed to setup lxc-net. Feb 11 18:54:54 pc systemd[1]: lxc-net.service: Main process exited, code=exited, status=1/FAILURE Feb 11 18:54:54 pc systemd[1]: lxc-net.service: Failed with result 'exit-code'. Feb 11 18:54:54 pc systemd[1]: Failed to start LXC network bridge setup. |
Quentin Lyons <36303164+n0p90@users.noreply.github.com> | no | 2023-02-12 | ||
| 0101-cherry-pick-fix-ephemeral-copies.patch | [PATCH] conf: fix ephemeral copies Don't rely on rootfs->bdev_type because that may be NULL. Use storage->type instead which can't be NULL. |
Christian Brauner <brauner@kernel.org> | no | 2023-11-29 |