From b64ce8e33cb0a63ede881da78580e37ea4f0d6a7 Mon Sep 17 00:00:00 2001 From: Mathieu Le Marec - Pasquet Date: Fri, 25 Oct 2013 18:41:03 +0200 Subject: [PATCH 1/2] Do not drop sys_boot This fixes #2391 --- AUTHORS | 1 + lxc_template.go | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/AUTHORS b/AUTHORS index 7b1bba49e..13872eceb 100644 --- a/AUTHORS +++ b/AUTHORS @@ -117,6 +117,7 @@ Marko Mikulicic Markus Fix Martin Redmond Matt Apperson +Mathieu Le Marec - Pasquet Matt Bachmann Matthew Mueller Maxim Treskin diff --git a/lxc_template.go b/lxc_template.go index 37232a89d..315e84744 100644 --- a/lxc_template.go +++ b/lxc_template.go @@ -113,7 +113,7 @@ lxc.mount.entry = {{$realPath}} {{$ROOTFS}}/{{$virtualPath}} none bind,{{ if ind # (Note: 'lxc.cap.keep' is coming soon and should replace this under the # security principle 'deny all unless explicitly permitted', see # http://sourceforge.net/mailarchive/message.php?msg_id=31054627 ) -lxc.cap.drop = audit_control audit_write mac_admin mac_override mknod setpcap sys_admin sys_boot sys_module sys_nice sys_pacct sys_rawio sys_resource sys_time sys_tty_config +lxc.cap.drop = audit_control audit_write mac_admin mac_override mknod setpcap sys_admin sys_module sys_nice sys_pacct sys_rawio sys_resource sys_time sys_tty_config {{end}} # limits From 8145e57cee6390bb27d7fb07fe5f572affe5d0cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Petazzoni?= Date: Wed, 13 Nov 2013 10:29:29 -0800 Subject: [PATCH 2/2] Add warning about SYS_BOOT capability with pre-3.4 kernels and pre-0.8 LXC. --- docs/sources/installation/kernel.rst | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/sources/installation/kernel.rst b/docs/sources/installation/kernel.rst index 2959fa4fc..9d995ff01 100644 --- a/docs/sources/installation/kernel.rst +++ b/docs/sources/installation/kernel.rst @@ -25,6 +25,7 @@ If you cannot or do not want to use the "official" kernels, here is some technical background about the features (both optional and mandatory) that docker needs to run successfully. + Linux version 3.8 or above -------------------------- @@ -39,6 +40,15 @@ The symptoms include: - kernel crash causing the machine to freeze for a few minutes, or even completely. +Additionally, kernels prior 3.4 did not implement ``reboot_pid_ns``, +which means that the ``reboot()`` syscall could reboot the host machine, +instead of terminating the container. To work around that problem, +LXC userland tools (since version 0.8) automatically drop the ``SYS_BOOT`` +capability when necessary. Still, if you run a pre-3.4 kernel with pre-0.8 +LXC tools, be aware that containers can reboot the whole host! This is +not something that Docker wants to address in the short term, since you +shouldn't use kernels prior 3.8 with Docker anyway. + While it is still possible to use older kernels for development, it is really not advised to do so.