[pve-devel] [PATCH container v2 2/4] seccomp config: adapt to new lxc-syscalld runtime directory
Fabian Grünbichler
f.gruenbichler at proxmox.com
Wed Jul 30 15:04:56 CEST 2025
On July 30, 2025 3:00 pm, Thomas Lamprecht wrote:
> Am 30.07.25 um 14:50 schrieb Fabian Grünbichler:
>>> For already running containers, a symbolic link is put into place by
>>> the new version of pve-lxc-syscalld, but newly started ones should
>>> always use the new socket path as soon as it is available. Only use
>>> the old socket path if the old version of pve-lxc-syscalld is still
>>> used. The heuristic to check this is:
>>> 1. the new socket path doesn't exist
>>> 2. the old socket path exists
>>> 3. the old socket path is not a symbolic link
>> couldn't this be solved by adding a versioned depends, instead of
>> breaking the other direction which is not actually required because of
>> the compat symlink?
>
>
> The compat symlink only exists for the boot during which the upgrade
> to the newer pve-lxc-syscalld was made, afterwards the new syscalld
> really breaks older pve-container.
right!
so that only leaves new pve-manager combined with old pve-lxc-syscalld
as problematic combination, but that is no worse than the status quo
(restarting the syscalld service still clears out /run/pve).
LGTM!
More information about the pve-devel
mailing list