app-emulation/lxc: GRKERNSEC_PROC is incompatible with unprivileged containers

LXC uses newuidmap/newgidmap from the shadow package to map UIDs/GIDs
for unprivileged containers and this doesn't play well with
GRKERNSEC_PROC. You can read more details in
https://github.com/shadow-maint/shadow/commit/884895ae25f4e684b8ca75ac03e775370f43a63d

1 files changed, 2 insertions, 0 deletions

diff --git a/app-emulation/lxc/lxc-1.1.2-r1.ebuild b/app-emulation/lxc/lxc-1.1.2-r1.ebuild
index 8dd8dd28e7ff..50b4d5be5161 100644
--- a/app-emulation/lxc/lxc-1.1.2-r1.ebuild
+++ b/app-emulation/lxc/lxc-1.1.2-r1.ebuild
@@ -61,6 +61,7 @@ CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE
 	~!GRKERNSEC_CHROOT_PIVOT
 	~!GRKERNSEC_CHROOT_CHMOD
 	~!GRKERNSEC_CHROOT_CAPS
+	~!GRKERNSEC_PROC
 "
 
 ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES:  needed for pts inside container"
@@ -89,6 +90,7 @@ ERROR_GRKERNSEC_CHROOT_DOUBLE="CONFIG_GRKERNSEC_CHROOT_DOUBLE:  some GRSEC featu
 ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT:  some GRSEC features make LXC unusable see postinst notes"
 ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD:  some GRSEC features make LXC unusable see postinst notes"
 ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC:  this GRSEC feature is incompatible with unprivileged containers"
 
 DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)