-
-
Notifications
You must be signed in to change notification settings - Fork 223
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
incusd/apparmor/dnsmasq: Relax rules a bit #1011
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Apparently those rules are needed when running Incus nested within an unprivileged container on some platforms. Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
hallyn
approved these changes
Jul 18, 2024
tmeijn
pushed a commit
to tmeijn/dotfiles
that referenced
this pull request
Aug 10, 2024
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [lxc/incus](https://github.com/lxc/incus) | minor | `v6.3.0` -> `v6.4.0` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>lxc/incus (lxc/incus)</summary> ### [`v6.4.0`](https://github.com/lxc/incus/releases/tag/v6.4.0): Incus 6.4 [Compare Source](lxc/incus@v6.3.0...v6.4.0) ### Announcement https://discuss.linuxcontainers.org/t/incus-6-4-has-been-released/21323 #### What's Changed - incus-simplestreams: Fix split images by [@​stgraber](https://github.com/stgraber) in lxc/incus#987 - incusd/instance/edk2: Support OVMF filenames on arm64 by [@​stgraber](https://github.com/stgraber) in lxc/incus#991 - Import LXD changes from stable-5.0 by [@​stgraber](https://github.com/stgraber) in lxc/incus#988 - incusd/instance/drivers/qemu: Limit CPU flag calculation to x86\_64 by [@​stgraber](https://github.com/stgraber) in lxc/incus#992 - doc: Add OCI mentions by [@​stgraber](https://github.com/stgraber) in lxc/incus#990 - incusd/instance/qemu: Fix architecture check being backward by [@​stgraber](https://github.com/stgraber) in lxc/incus#1000 - incus/s3: Fix mcli minio client executable name check by [@​apophys](https://github.com/apophys) in lxc/incus#998 - OCI container fixes by [@​stgraber](https://github.com/stgraber) in lxc/incus#1001 - incus-simplestreams: Handle removal of combined images by [@​melato](https://github.com/melato) in lxc/incus#995 - Change RunDir file mode to 0711 by [@​bketelsen](https://github.com/bketelsen) in lxc/incus#1004 - incusd/apparmor/qemu: Relax apparmor rules a bit by [@​stgraber](https://github.com/stgraber) in lxc/incus#1007 - incusd/instance/lxc: Handle OCI containers using real PID1 by [@​stgraber](https://github.com/stgraber) in lxc/incus#1005 - incusd/apparmor/qemu: Fix typo in rule by [@​stgraber](https://github.com/stgraber) in lxc/incus#1009 - incusd/apparmor/dnsmasq: Relax rules a bit by [@​stgraber](https://github.com/stgraber) in lxc/incus#1011 - incusd/storage: Use writeback mode for qemu-img convert by [@​stgraber](https://github.com/stgraber) in lxc/incus#1015 - Relax cluster upgrade requirements around API extensions by [@​stgraber](https://github.com/stgraber) in lxc/incus#1012 - incusd/cgroup: Handle unknown devices in io.stat by [@​stgraber](https://github.com/stgraber) in lxc/incus#1016 - incusd/instance_post: Always set the target project by [@​stgraber](https://github.com/stgraber) in lxc/incus#1019 - Fix LVM locking issues by [@​stgraber](https://github.com/stgraber) in lxc/incus#1021 - Make run-parts running compatible with different versions by [@​nanjj](https://github.com/nanjj) in lxc/incus#1018 - Properly handle request retries on OIDC by [@​stgraber](https://github.com/stgraber) in lxc/incus#1024 - Fix storage clustering handling by [@​stgraber](https://github.com/stgraber) in lxc/incus#1022 - CLI tweaks/improvements by [@​stgraber](https://github.com/stgraber) in lxc/incus#1029 - Use qemu-img convert output to update progress by [@​nanjj](https://github.com/nanjj) in lxc/incus#1025 - Tweak EDK2 paths by [@​stgraber](https://github.com/stgraber) in lxc/incus#1033 - Introduce cluster group configuration by [@​stgraber](https://github.com/stgraber) in lxc/incus#1034 - Improve resource API CPU sorting by [@​stgraber](https://github.com/stgraber) in lxc/incus#1036 - Fix some clustering issues by [@​stgraber](https://github.com/stgraber) in lxc/incus#1039 - Add support for per-instance LXCFS by [@​stgraber](https://github.com/stgraber) in lxc/incus#1041 - Fix automatic re-send of unseekable POST queries by [@​stgraber](https://github.com/stgraber) in lxc/incus#1042 - VM related improvements by [@​stgraber](https://github.com/stgraber) in lxc/incus#1043 - Translations update from Hosted Weblate by [@​weblate](https://github.com/weblate) in lxc/incus#1045 - Varied cluster fixes by [@​stgraber](https://github.com/stgraber) in lxc/incus#1044 - incus/top: Properly filter disk usage by [@​stgraber](https://github.com/stgraber) in lxc/incus#1047 - More clustering fixes by [@​stgraber](https://github.com/stgraber) in lxc/incus#1049 - OCI related fixes by [@​stgraber](https://github.com/stgraber) in lxc/incus#1052 - Various bugfixes by [@​stgraber](https://github.com/stgraber) in lxc/incus#1054 - incusd/storage/zfs: Always call tryGetVolumeDiskPathFromDataset by [@​stgraber](https://github.com/stgraber) in lxc/incus#1060 - doc: add colima instructions by [@​abiosoft](https://github.com/abiosoft) in lxc/incus#1058 - doc: Update incus_alias.md by [@​simos](https://github.com/simos) in lxc/incus#1061 - incusd/network/ovn: Require functional uplink by [@​stgraber](https://github.com/stgraber) in lxc/incus#1063 - OVN related fixes by [@​stgraber](https://github.com/stgraber) in lxc/incus#1068 - doc/instances: Cover incus agent installation by [@​simos](https://github.com/simos) in lxc/incus#1067 - Various bugfixes by [@​stgraber](https://github.com/stgraber) in lxc/incus#1071 - doc/storage_volume: Fix snapshot command by [@​stgraber](https://github.com/stgraber) in lxc/incus#1072 - Improve lifecycle events on evacuation by [@​stgraber](https://github.com/stgraber) in lxc/incus#1073 - More lifecycle fixes by [@​stgraber](https://github.com/stgraber) in lxc/incus#1074 - doc/clustering: Better document healing by [@​stgraber](https://github.com/stgraber) in lxc/incus#1075 - incus-migrate: Properly handle projects by [@​stgraber](https://github.com/stgraber) in lxc/incus#1077 - incusd/apparmor: Allow mounting zfs when delegation is supported by [@​stgraber](https://github.com/stgraber) in lxc/incus#1078 - doc/clustering: Add howto on cluster access by [@​stgraber](https://github.com/stgraber) in lxc/incus#1079 - Fix handling of long running connections by [@​stgraber](https://github.com/stgraber) in lxc/incus#1080 - Handle Ceph config in unusual location by [@​stgraber](https://github.com/stgraber) in lxc/incus#1081 - Translations update from Hosted Weblate by [@​weblate](https://github.com/weblate) in lxc/incus#1082 - incusd/instance/lxc: Respect LXCFS_OPTS by [@​stgraber](https://github.com/stgraber) in lxc/incus#1083 - Allow per cluster group CPU definitions by [@​stgraber](https://github.com/stgraber) in lxc/incus#1088 - Make connecting to OVN more reliable by [@​stgraber](https://github.com/stgraber) in lxc/incus#1089 - incus: Add support for environment file (.env) by [@​bketelsen](https://github.com/bketelsen) in lxc/incus#1085 - Translations update from Hosted Weblate by [@​weblate](https://github.com/weblate) in lxc/incus#1091 - Fix some LVM activation bugs by [@​stgraber](https://github.com/stgraber) in lxc/incus#1090 - incusd/device/disk: Allow relative paths within custom volumes by [@​stgraber](https://github.com/stgraber) in lxc/incus#1092 - Add image cache for CLI client by [@​stgraber](https://github.com/stgraber) in lxc/incus#1094 - incus/image/alias: Add column flag by [@​HassanAlsamahi](https://github.com/HassanAlsamahi) in lxc/incus#1095 - incusd/main_forknet: Make it so our DHCP client never fails by [@​stgraber](https://github.com/stgraber) in lxc/incus#1100 - Add per storage pool project limits by [@​stgraber](https://github.com/stgraber) in lxc/incus#1098 - Translations update from Hosted Weblate by [@​weblate](https://github.com/weblate) in lxc/incus#1099 - Allow creating isolated OVN networks (no uplink) by [@​SpiffyEight77](https://github.com/SpiffyEight77) in lxc/incus#1070 #### New Contributors - [@​apophys](https://github.com/apophys) made their first contribution in lxc/incus#998 - [@​abiosoft](https://github.com/abiosoft) made their first contribution in lxc/incus#1058 - [@​HassanAlsamahi](https://github.com/HassanAlsamahi) made their first contribution in lxc/incus#1095 **Full Changelog**: lxc/incus@v6.3.0...v6.4.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJSZW5vdmF0ZSBCb3QiXX0=-->
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Apparently those rules are needed when running Incus nested within an unprivileged container on some platforms.