df6a01af23
This bump also includes the fix for CVE-2018-6556 released in 3.0.2 via
commit "CVE 2018-6556: verify netns fd in lxc-user-nic": lxc-user-nic
when asked to delete a network interface will unconditionally open a
user provided path:
c1cf54ebf2
This code path may be used by an unprivileged user to check for the
existence of a path which they wouldn't otherwise be able to reach. It
may also be used to trigger side effects by causing a (read-only) open
of special kernel files (ptmx, proc, sys).
Also add a dependency on gcc >= 4.7
(https://github.com/lxc/lxc/issues/2592)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
23 lines
807 B
Plaintext
23 lines
807 B
Plaintext
config BR2_PACKAGE_LXC
|
|
bool "lxc"
|
|
depends on BR2_TOOLCHAIN_HAS_THREADS
|
|
depends on BR2_USE_MMU # fork()
|
|
# build system forcefully builds a shared library
|
|
depends on !BR2_STATIC_LIBS
|
|
depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_7 # C++11
|
|
depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_0 # setns() system call
|
|
help
|
|
Linux Containers (LXC), provides the ability to group and
|
|
isolate of a set of processes in a jail by virtualizing and
|
|
accounting the kernel resources. It is similar to
|
|
Linux-Vserver or Openvz.
|
|
|
|
https://linuxcontainers.org/
|
|
|
|
comment "lxc needs a toolchain w/ threads, headers >= 3.0, dynamic library, gcc >= 4.7"
|
|
depends on BR2_USE_MMU
|
|
depends on !BR2_TOOLCHAIN_HAS_THREADS \
|
|
|| !BR2_TOOLCHAIN_GCC_AT_LEAST_4_7 \
|
|
|| !BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_0 \
|
|
|| BR2_STATIC_LIBS
|