LXC development for Precise

Status: Started

NOTE: (jdstrand) jjohansen's work items are being tracked as part ot security-p-apparmor-containers and I added a dependency of this bp to that one

Work Items:
[serge-hallyn] LXC init script to create default bridge if enabled in /etc/default/lxc: DONE
[daniel-lezcano] Get patchset accepted into kernel so kernel can send reboot signal to container : DONE
[serge-hallyn] Change userspace lxc to not need to watch utmp for reboot: DONE
[serge-hallyn] queue ubuntu package delta for upstream on github: DONE
[stgraber] Make sure we can build in a working LXC container for arm on x86 (need new apt): DONE
[stgraber] Allow mknod in the default Ubuntu template for precise: DONE
[stgraber] modprobe should not work in a container ( check libvirt ): DONE
[stgraber] make mountall not mount certain things when inside a container: DONE
[stgraber] Move lxc-is-container (as generic is-container) into upstart: DONE
[stgraber] Move lxc consoles into upstart: DONE
[serge-hallyn] Add apparmor profile: DONE
[serge-hallyn] When mount controls are in kernel, use them in apparmor profile (thanks, stgraber): DONE
[serge-hallyn] Submit merge proposal to add lxc section to the Ubuntu Server Guide: DONE
[serge-hallyn] Update simple templates to work: DONE
[serge-hallyn] Update fedora template to work: DONE
[serge-hallyn] Update lxc-create/etc manpages: DONE

[serge-hallyn] Keep pushing on the patchset for userns vfs patches: POSTPONED
[serge-hallyn] Update opensuse template to work (requires zypper packaged): POSTPONED
[smoser] open bug for libvirt to check capsys-module, capmac*: POSTPONED

Questions/Comments:
Would we be able to get some documentation of what we can expect (and not expect) from a security aspect this cycle soon? -- Daviey
See wiki.ubuntu.com/LxcSecurity. Please let me know if more is needed.

Thanks.