Debian Patches
Status for lxc/1:6.0.5-2
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0001-nesting-Extend-mount-permissions-in-apparmor-to-allo.patch | [nesting] Extend mount permissions in apparmor to allow systemd services' restrictions to work These options allow systemd security features to work. In particular cases, it helps with systemd-logind and program like this It's only added in nesting profile as it could pose security risks on privileged containers. mount options=(rw,rbind) -> /run/systemd/unit-root/, mount options=(rw,rbind) -> /run/systemd/unit-root/**, mount options=(rw,rshared) -> /, mount options=(rw,nosuid,nodev,noexec) proc -> /run/systemd/unit-root/proc/, |
=?utf-8?q?Pierre-Elliott_B=C3=A9cue?= <peb@debian.org> | no | 2022-08-01 | ||
| 0002-lxc.service-Starts-after-remote-fs.target.patch | [lxc.service] Starts after remote-fs.target | =?utf-8?q?Pierre-Elliott_B=C3=A9cue?= <peb@debian.org> | no | 2019-08-05 | ||
| 0003-apparmor-4x-userns.patch | update apparmor profile for userns permission and new abidiff --git a/config/apparmor/abstractions/container-base.in b/config/apparmor/abstractions/container-base.in index 87982fd..eb6b8ee 100644 |
Mathias Gibbens <gibmat@debian.org> | yes | |||
| 0004-cherry-pick-apparmor-generation.patch | [PATCH] config/apparmor/abstractions: Fix meson build generation of container-base Previously, abstractions/container-base was a hand-generated concatenation of two different files, abstractions/container-base.in and container-rules. This was confusing, since the meson configuration didn't actually create abstractions/container-base from abstractions/container-base.in. Now, the previously manual step of creating abstractions/container-base is part of the meson configure step. |
Mathias Gibbens <gibmat@debian.org> | no | 2025-10-26 | ||
| 0005-cherry-pick-fix-dbus-reboots.patch | [PATCH] cgfsng: fix reboots when using dbus When using dbus on a systemd system, we ask systemd to create a "scope" for us to run in. We send a dbus message, and wait for the reply saying it is created. When we reboot, we were re-sending the request to create the scope. However, the scope still exists, because or single lxc-monitor (originally lxc-start) thread is still under the 'lxc.pivot' sub-directory of the scope. But, on reboot, our lxc_conf already has our scope recorded! So, just check whether that is set, and skip scope creation if so. With this patch, i can reboot ad nauseum with no apparent problems. We could probably move this check to the top of the function, but for now this fixes the bug. |
Serge Hallyn <serge@hallyn.com> | no | 2025-12-23 | ||
| 0006-Add-lxc-net-as-dependency-in-sysvinit-script.patch | [PATCH] Add lxc-net as dependency in sysvinit script Otherwise containers don't start during boot, but come up fine later. |
Frost <frost@brightfur.net> | no | 2025-12-07 |
All known versions for source package 'lxc'
- 1:6.0.5-2 (forky, sid)
- 1:6.0.4-4 (trixie)
- 1:5.0.2-1+deb12u3 (bookworm)