https://bugzilla.suse.com/show_bug.cgi?id=1233410 https://bugzilla.suse.com/show_bug.cgi?id=1233410#c2 Matthias Gerstner <matthias.gerstner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |matthias.gerstner@suse.com, | |security-team@suse.de --- Comment #2 from Matthias Gerstner <matthias.gerstner@suse.com> --- Thanks for creating the AUDIT bug. Back when I looked into the lxc sysctl file I already wondered whether there wouldn't be a better way to do this. As it is, as soon as incus is installed, major system settings are altered permanently. I would find it better to perform these settings only when the containers are actually used e.g. via a systemd unit or something. Just a thought. What happens when incus and lxc are installed in parallel now? Then there will be conflicting settings. We'll have "60-lxd.conf" and "60-incus.conf", so LXD will probably win, appearing later in the alphabet. But some settings on top of the LXD settings done by the incus file will remain. Security wise I guess the file is okay, though. -- You are receiving this mail because: You are on the CC list for the bug.