Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deps/softwarecontainer-dependencies.sh: Fix lxc and python3-lxc insta… #104

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

deps/softwarecontainer-dependencies.sh: Fix lxc and python3-lxc insta… #104

wants to merge 3 commits into from

Conversation

alivenets
Copy link

…llation

Remove unneeded LXC packages

Install python3-lxc from source

Signed-off-by: Alexander Livenets [email protected]

JEderonn
JEderonn requested changes Apr 15, 2020
View reviewed changes
Copy link

@JEderonn JEderonn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please update the commit message with a better description. Thx.

deps/softwarecontainer-dependencies.sh: Fix LXC installation
78b97f3 
Remove remaining LXC packages which are installed as a part of Ubuntu
installation. Since LXC is installed manually, some remaining artifacts
may break behavior of library and tools

Signed-off-by: Alexander Livenets <[email protected]>
@alivenets alivenets force-pushed the fix-lxc-3-install-scripts branch 2 times, most recently from 8a57543 to 6871bdf Compare April 17, 2020 21:03
deps/softwarecontainer-dependencies.sh: Install python3-lxc manually
b3c965c 
python3-lxc Ubuntu package depends on LXC packages, therefore LXC of
conflicting version will be installed.

This commits fixes installation of python-lxc by installing it from
source.

Signed-off-by: Alexander Livenets <[email protected]>
@JEderonn
Copy link

Please update the commit message with a better description. Thx.

Looks better, but 7600b91 still lacks a "why" seccomp and apparmor are enabled.

@alivenets alivenets requested a review from JEderonn April 21, 2020 16:13
JEderonn
JEderonn approved these changes Apr 21, 2020
View reviewed changes
Copy link

@JEderonn JEderonn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved, looks good but have not tested the scripts

@sashko
Copy link
Collaborator

sashko commented Apr 22, 2020
edited
Loading

Fix title in 5c2b093 though, please.

softwarecontainer-dependencies.sh: lxc: Enable apparmor and seccomp
b3af3b6 
Add `--enable-apparmor` and `--enable-seccomp` flags at LXC
configuration stage

AppArmor is required to allow to apply additional MAC restrictions to
container described in AppArmor profile.

seccomp is required to apply additional restrictions on system calls
from container using seccomp syscall blacklist and whitelist.

Signed-off-by: Alexander Livenets <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JEderonn JEderonn JEderonn approved these changes

@pookimon pookimon pookimon approved these changes

@martin-ejdestig martin-ejdestig Awaiting requested review from martin-ejdestig

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@alivenets @JEderonn @sashko @pookimon