libvirt: don't mount securityfs or selinux if userns enabled - linux/meta-virtualization.git - Mirror of git.yoctoproject.org/meta-virtualization

diff options

author	Mark Asselstine <mark.asselstine@windriver.com>	2013-10-02 21:17:13 -0400
committer	Bruce Ashfield <bruce.ashfield@windriver.com>	2013-10-03 22:41:33 -0400
commit	7fd8190b23b4e7c6d0d12a006a165bba50ecc9c5 (patch)
tree	ecc47fd2bc086909bda3421031214b7bdb77a262 /recipes-extended/xen/files/flask-avoid-installing-policy-file-as-boot.patch
parent	9f2c3fcf9e514d428a6aadad5bb229fd1c541cc7 (diff)
download	meta-virtualization-7fd8190b23b4e7c6d0d12a006a165bba50ecc9c5.tar.gz

libvirt: don't mount securityfs or selinux if userns enabled

commit 6807238d87fd [Ensure securityfs is mounted readonly in container] from upstream libvirt requires securityfs to be mounted, always. Failing to use a kernel without SECURITYFS support results in the following error when you attempt to start a lxc guest: error : lxcContainerMountBasicFS:807 : Failed to mkdir securityfs: No such file or directory Input/output error Here we apply an upstream fix for this which allows you to use userns support instead of SECURITYFS, by using <idmap> in your guest config. A similar situation exists for SELINUX so here we are bringing in 2 more upstream commits, the first for context and the second, which like the securityfs patch, doesn't force selinux to be mounted if userns is used. Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> Cc: Bogdan Purcareata <bogdan.purcareata@freescale.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>

Diffstat (limited to 'recipes-extended/xen/files/flask-avoid-installing-policy-file-as-boot.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: