Re: Debian vs Linux namespaces, NMU lsb-base
- Date: Sun, 24 Mar 2019 09:42:12 +0100
- From: Geert Stappers <stappers@xxxxxxxxxx>
- Subject: Re: Debian vs Linux namespaces, NMU lsb-base
On Sat, Mar 23, 2019 at 09:49:09PM +0800, Shengjing Zhu wrote:
> On Sat, Mar 23, 2019 at 8:41 PM Harald Dunkel wrote:
> > Hi folks,
> > AFAICS there are several packages that appear to be unaware of /
> > do not care about containers, e.g. opensmtpd, bind9, apt-cacher-ng,
> > probably everything using pidof or pidofproc from /lib/lsb/init-\
> > functions).
> > I noticed that containerization and Linux namespaces are not number
> > one priority for Debian, but do you think this could be addressed
> > for Buster? Its pretty annoying if you try to maintain the Debian host
> > system, and a LXC container is affected instead.
> > Thanx in advance
> > Harri
> > https://bugs.debian.org/888569
sysv startup script stumbles over smtpd running in a LXC container
> > https://bugs.debian.org/888743
pidofproc returns PIDs in foreign chroots and containers
> > https://bugs.debian.org/858837
lsb-base: pidofproc should limit itself to processes in host system if running on an LXC host
> > https://bugs.debian.org/924551
startup script affects bind running inside a container
> If I read these bugs correctly, all are the same thing and it's the bug in lsb.
> And the straightforward fix mentioned in #888743 and #858837 is to use
> `pidof -c` instead of `pidof` in pidofproc function provided by
> lsb-base package.
> I think there's no harm for this patch.
Quoting manual page `pidof`
| -c Only return process PIDs that are running with the same
| root directory. This option is ignored for non-root
| users, as they will be unable to check the current
| root directory of processes they do not own.
What would be the harm to the Buster release
if lsb-base got NMU
with https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=888743;filename=init-functions.diff;msg=37 ?
Leven en laten leven