← Back to team overview

kernel-packages team mailing list archive

[Bug 1584953] [NEW] backport fix for /proc/net issues with containers

 

Public bug reported:

Request to backport Kernel changes from Kernel 4.5 to lts kernel 4.4 for
xenial and if possible to lts kernel for 14.04

Change upstream:
netfilter: Set /proc/net entries owner to root in namespace
http://git.kernel.org/cgit/linux/kernel/git/pablo/nf-next.git/commit/?id=f13f2aeed154da8e48f90b85e720f8ba39b1e881

This is the Kernel-side part of the fix for "iptables-save does not work inside lxd containers"
https://github.com/lxc/lxd/issues/1978#issuecomment-220998013

The necessary changes in lxc landed in lxc/lxd
https://github.com/lxc/lxc/pull/1014 and is available in version 2.0.1,
currently in xenial-proposed.

It would be great if this would be backported asap. As it allows to
manage the firewall within lxd instances using Puppet and probably other
configuration management systems. And to use iptables-save manually

** Affects: linux (Ubuntu)
     Importance: Medium
     Assignee: Seth Forshee (sforshee)
         Status: Confirmed

** Affects: linux (Ubuntu Xenial)
     Importance: Medium
     Assignee: Seth Forshee (sforshee)
         Status: Confirmed

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1584953

Title:
  backport fix for /proc/net issues with containers

Status in linux package in Ubuntu:
  Confirmed
Status in linux source package in Xenial:
  Confirmed

Bug description:
  Request to backport Kernel changes from Kernel 4.5 to lts kernel 4.4
  for xenial and if possible to lts kernel for 14.04

  Change upstream:
  netfilter: Set /proc/net entries owner to root in namespace
  http://git.kernel.org/cgit/linux/kernel/git/pablo/nf-next.git/commit/?id=f13f2aeed154da8e48f90b85e720f8ba39b1e881

  This is the Kernel-side part of the fix for "iptables-save does not work inside lxd containers"
  https://github.com/lxc/lxd/issues/1978#issuecomment-220998013

  The necessary changes in lxc landed in lxc/lxd
  https://github.com/lxc/lxc/pull/1014 and is available in version
  2.0.1, currently in xenial-proposed.

  It would be great if this would be backported asap. As it allows to
  manage the firewall within lxd instances using Puppet and probably
  other configuration management systems. And to use iptables-save
  manually

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1584953/+subscriptions


Follow ups