lxcfs 0.10-0ubuntu2.1 source package in Ubuntu
Changelog
lxcfs (0.10-0ubuntu2.1) wily-security; urgency=medium
* SECURITY UPDATE: does not properly enforce directory escapes
(LP: #1508481)
- debian/patches/0002-fix-checking-of-parent-dirs.patch: Ensure that a
task under cgroup /a/b cannot mkdir, rmdir, or modify files under,
directories not under /a/b. Add a testcase for this.
- CVE-2015-1342
* SECURITY UPDATE: lack of privilege checking in do_write_pids
(LP: #1512854)
- debian/patches/0002-Fix-movepid-cve.patch: Fix missing privilege
check when moving pids to a new cgroup.
- CVE-2015-1344
-- Marc Deslauriers <email address hidden> Wed, 11 Nov 2015 07:19:02 -0500
Upload details
- Uploaded by:
- Marc Deslauriers on 2015-11-11
- Uploaded to:
- Wily
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- admin
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Wily | security | on 2015-11-17 | main | admin |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| lxcfs_0.10.orig.tar.gz | 333.3 KiB | a42735c839ea9ac9577467ae29a11ed67c75d8d352fd4e9cd8c1d7736becf06c |
| lxcfs_0.10-0ubuntu2.1.debian.tar.xz | 64.4 KiB | 76dc9b3aa6c87a0e0da17a2ea5667ea5cf3bfb488b42895bd073d0b96663cbc2 |
| lxcfs_0.10-0ubuntu2.1.dsc | 1.9 KiB | 99a0498d34bd6d8f00337da51728f3e430ebe582fefe21024faae03c224e31e1 |
Available diffs
Binary packages built by this source
- lxcfs: FUSE based filesystem for LXC
LXCFS provides a FUSE based filesystem to improve the LXC experience
within the containers.
.
This filesystem offers both a cgroupfs-like view for use by
unprivileged containers which wouldn't otherwise be allowed to mount
cgroupfs. And a set of files that are meant to be bind-mounted over
their /proc equivalent to make them cgroup-aware.
- lxcfs-dbgsym: debug symbols for package lxcfs
LXCFS provides a FUSE based filesystem to improve the LXC experience
within the containers.
.
This filesystem offers both a cgroupfs-like view for use by
unprivileged containers which wouldn't otherwise be allowed to mount
cgroupfs. And a set of files that are meant to be bind-mounted over
their /proc equivalent to make them cgroup-aware.
