File tree Expand file tree Collapse file tree 3 files changed +12
-1
lines changed
docs/sources/installation Expand file tree Collapse file tree 3 files changed +12
-1
lines changed Original file line number Diff line number Diff line change @@ -120,6 +120,7 @@ Marko Mikulicic <mmikulicic@gmail.com>
120120Markus Fix <lispmeister@gmail.com>
121121Martin Redmond <martin@tinychat.com>
122122Matt Apperson <me@mattapperson.com>
123+ Mathieu Le Marec - Pasquet <kiorky@cryptelium.net>
123124Matt Bachmann <bachmann.matt@gmail.com>
124125Matthew Mueller <mattmuelle@gmail.com>
125126Maxim Treskin <zerthurd@gmail.com>
Original file line number Diff line number Diff line change @@ -25,6 +25,7 @@ If you cannot or do not want to use the "official" kernels,
2525here is some technical background about the features (both optional and
2626mandatory) that docker needs to run successfully.
2727
28+
2829Linux version 3.8 or above
2930--------------------------
3031
@@ -39,6 +40,15 @@ The symptoms include:
3940- kernel crash causing the machine to freeze for a few minutes, or even
4041 completely.
4142
43+ Additionally, kernels prior 3.4 did not implement ``reboot_pid_ns ``,
44+ which means that the ``reboot() `` syscall could reboot the host machine,
45+ instead of terminating the container. To work around that problem,
46+ LXC userland tools (since version 0.8) automatically drop the ``SYS_BOOT ``
47+ capability when necessary. Still, if you run a pre-3.4 kernel with pre-0.8
48+ LXC tools, be aware that containers can reboot the whole host! This is
49+ not something that Docker wants to address in the short term, since you
50+ shouldn't use kernels prior 3.8 with Docker anyway.
51+
4252While it is still possible to use older kernels for development, it is
4353really not advised to do so.
4454
Original file line number Diff line number Diff line change @@ -120,7 +120,7 @@ lxc.aa_profile = unconfined
120120# (Note: 'lxc.cap.keep' is coming soon and should replace this under the
121121# security principle 'deny all unless explicitly permitted', see
122122# http://sourceforge.net/mailarchive/message.php?msg_id=31054627 )
123- lxc.cap.drop = audit_control audit_write mac_admin mac_override mknod setpcap sys_admin sys_boot sys_module sys_nice sys_pacct sys_rawio sys_resource sys_time sys_tty_config
123+ lxc.cap.drop = audit_control audit_write mac_admin mac_override mknod setpcap sys_admin sys_module sys_nice sys_pacct sys_rawio sys_resource sys_time sys_tty_config
124124{{end}}
125125
126126# limits
You can’t perform that action at this time.
0 commit comments