error in man page for lxc.container.conf

Bug #1957934 reported by gerbier
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
lxc (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

the man page or lxc.container.conf contains in "CONTROL GROUP" section the following text :
--------------
 • A allowlist device rule

                      lxc.cgroup2.devices.deny = a

         will cause LXC to instruct the kernel to block access to all devices by default. To grant access to devices allow device rules must be added via
         the lxc.cgroup2.devices.allow key. This is referred to as a "allowlist" device program.

       • A denylist device rule

                      lxc.cgroup2.devices.allow = a

         will cause LXC to instruct the kernel to allow access to all devices by default. To deny access to devices deny device rules must be added via
         lxc.cgroup2.devices.deny key. This is referred to as a "denylist" device program.
-------------------
the titles are inverted, the first is a denylist, the second is an allowlist

ubuntu version : 21.10
package version : lxc-utils 1:4.0.10-0ubuntu5 amd64

Changed in lxc (Ubuntu):
status: New → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lxc - 1:4.0.12-0ubuntu1

---------------
lxc (1:4.0.12-0ubuntu1) jammy; urgency=medium

  * Cherry-pick upstream bugfixes (stable-4.0):
    - 0002-lxc-checkconfig-Fix-bashism.patch
    - 0003-doc-Fix-reverse-allowlist-denylist.patch (LP: #1957934)

  * New upstream bugfix release (4.0.12):
    (https://discuss.linuxcontainers.org/t/lxc-4-0-12-has-been-released/13288)
    - Fixed CRIU restoration of containers with pre-created veth interfaces
    - Fixed issue with kernels lacking SMT support
    - Extended cgroup2 config options in lxc.mount.auto (cgroup2)
    - lxc-download now relies on HTTPS for validation (avoids GPG issues)

  * New upstream bugfix release (4.0.11)
    (LP: #1943441, LP: #1938771, LP: #1891903):
    (https://discuss.linuxcontainers.org/t/lxc-4-0-11-has-been-released/12427)
    - Core scheduling support (lxc.sched.core)
    - riscv64 support in lxc.arch
    - Significantly improved bash completion profile
    - Greater use of the new VFS mount API (when supported by the kernel)
    - Fix containers with empty network namespaces
    - Handle kernels that lack TIOCGPTPEER
    - Improve CPU bitmask/id handling (handle skipped CPU numbers)
    - Reworked the tests to run offline

  * Bump to debhelper 12 (allows focal SRUs)
  * Bump standards to 4.6.0.1
  * Add lintian overrides for incorrect bashism detection
  * Remove bash completion install logic (now done upstream)

 -- Stéphane Graber <email address hidden> Wed, 02 Feb 2022 20:48:39 -0500

Changed in lxc (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.