KATOH Yasufumi
8ef019a6ce
doc: Fix reverse allowlist/denylist in Japanese man page
...
Update for commit 2965130c45
2022-02-21 23:05:41 -05:00
Stéphane Graber
71ba7f6561
doc: Fix reverse allowlist/denylist
...
Reported at: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1957934
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2022-02-21 23:05:30 -05:00
Christian Brauner
48728e9880
conf: add cgroup2, cgroup2:ro, cgroup2:force, cgroup2:ro:force options
...
We keep running into situations where we want to pre-mount a pure
cgroup2 layout regardless of the layout of the host.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-10-29 10:06:51 +02:00
KATOH Yasufumi
d40b0deb45
doc: fix typo in English lxc.container.conf(5)
...
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
2021-10-25 16:17:37 +02:00
KATOH Yasufumi
49fab27fc5
doc: Add lxc.sched.core to Japanese lxc.container.conf(5)
...
Update for commit 09996a4
2021-10-25 16:17:29 +02:00
KATOH Yasufumi
1ad1cab805
doc: add loglevels to ja and ko common options
...
Update for commit 44b87e8
2021-10-25 16:17:22 +02:00
Christian Brauner
23355c196c
lxc: add lxc.sched.core
...
Core scheduling defines if the container payload is marked as being
schedulable on the same core. Doing so will cause the kernel scheduler
to ensure that tasks that are not in the same group never run
simultaneously on a core. This can serve as an extra security measure to
prevent the container payload from using cross hyper thread attacks.
The only allowed values are 0 and 1. Set this to 1 to create a core
scheduling domain for the container or 0 to not create one. If not set
explicitly no core scheduling domain will be created for the container.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-10-14 17:30:31 +02:00
Thomas Parrott
aa96b8e35b
doc: Adds mention of ability to specify manual IPv4 broadcast address
...
See also https://github.com/lxc/lxd/pull/9103
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
2021-10-14 17:21:42 +02:00
Edênis Freindorfer Azevedo
ce97c9de05
Fix typo on documentation for lxc-{attach,execute}.
...
According to `[1]`, `lxc-attach` uses `-u,-g` instead of `--u,--g`.
According to `[2]`, `lxc-execute` uses `-u,-g` instead of `--u,--g`.
- [1] https://github.com/lxc/lxc/blob/stable-4.0/src/lxc/tools/lxc_attach.c#L131-L132
- [2] https://github.com/lxc/lxc/blob/stable-4.0/src/lxc/tools/lxc_execute.c#L59-L60
Signed-off-by: Edenis Freindorfer Azevedo <edenisfa@gmail.com>
2021-10-14 17:21:23 +02:00
Edênis Freindorfer Azevedo
b8c4234ef1
Fix typo on documentation for lxc-autostart.
...
According to `[1,2]`, this command has `--groups` instead of `--group`.
- [1] https://github.com/lxc/lxc/blob/stable-4.0/src/lxc/tools/lxc_autostart.c#L64
- [2] https://github.com/lxc/lxc/blob/stable-4.0/src/lxc/tools/lxc_autostart.c#L84
Signed-off-by: Edenis Freindorfer Azevedo <edenisfa@gmail.com>
2021-10-14 17:21:18 +02:00
Stéphane Graber
5cbc29d1eb
doc/api-extensions: Grammar fix
...
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2021-08-09 19:42:00 +02:00
Stéphane Graber
afc9b615f3
Fix typos
...
This fixes all typos identified by lintian.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2021-08-02 14:44:54 +02:00
Serge Hallyn
7b784065a9
doc/common_options: add trace and alert loglevels
...
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2021-07-15 18:13:32 +02:00
KATOH Yasufumi
c0152679f1
doc: Fix typo in English lxc.container.conf(5)
...
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
2021-07-12 17:17:45 +02:00
KATOH Yasufumi
0d2a619d1c
doc: Add new idmap= option to Japanese lxc.container.conf(5)
...
Update for commit 1852be9048
2021-07-12 17:17:43 +02:00
KATOH Yasufumi
d7d93fb104
doc: Append description of net type field
...
Update for commit 320061b34f
2021-07-12 17:17:41 +02:00
KATOH Yasufumi
a14a6e9092
doc: Add eBPF-based device controller semantics to Japanese man page
...
Update for commit 5025f3a690
2021-07-12 17:17:37 +02:00
Christian Brauner
111277a543
tree-wide: replace problematic terminology
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-06-29 09:38:50 +02:00
Christian Brauner
53dfebff46
tree-wide: replace problematic terminology
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-06-29 09:38:49 +02:00
Christian Brauner
b781fb3a31
api_extensions: introduce idmapped_mounts_v2 api extension
...
This indicates that LXC supports idmapping the rootfs and
idmapped lxc.mount.entry entries.
Link: https://github.com/lxc/lxd/issues/8870
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-06-14 12:02:28 +02:00
Christian Brauner
eb438f1914
doc: document new idmap= option for lxc.rootfs.options
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-05-08 12:14:16 +02:00
Christian Brauner
eece538604
api-extensions: add entry for idmapped_mounts
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-04-29 15:59:19 +02:00
Thomas Parrott
df9bfcf026
doc: Documented that net type field must come before other options on the net device
...
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
2021-04-02 16:10:56 +02:00
Christian Brauner
c65e4643d8
doc: tweak cgroup headline
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-02-26 21:28:02 +01:00
Christian Brauner
79b02f3895
doc: epxlain eBPF-based device controller semantics
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-02-26 21:28:01 +01:00
Christian Brauner
fa72f54a52
doc: add missing ".[controller file] suffix to lxc.cgroup{2}. key explanations
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-02-26 21:28:00 +01:00
KATOH Yasufumi
7d40e58be4
Update Japanese pam_cgfs(8) to reflect lack of support for pure cgroupv2
...
Update for commit b87ed83bbc
2020-12-04 17:56:45 +01:00
Arjun Ramachandrula
31ef03b52f
Updated documentation to reflect lack of support for pure cgroupv2
...
Signed-off-by: Arjun Ramachandrula <arjun.ramachandrula@gmail.com>
2020-10-19 17:56:42 +02:00
Christian Brauner
f61193f889
api-extension: add missing seccomp_proxy_send_notify_fd extension
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-10-19 17:52:24 +02:00
Christian Brauner
e300f6e990
seccomp: add seccomp_notify_fd_active api extension
...
which allows to retrieve an active seccomp notifier fd from a running
container.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-10-19 17:52:13 +02:00
Christian Brauner
01e5af75da
terminal: safely allocate pts devices from inside the container
...
This was a year long journey which seems to finally have come to an end.
Closes : #1620 .
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-10-19 17:51:09 +02:00
Christian Brauner
eed7e91793
tree-wide: s/pts/pty/g
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-07-18 13:01:32 +02:00
Christian Brauner
f19295e886
api-extensions: add seccomp_allow_deny_syntax extension
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-07-18 13:01:03 +02:00
Christian Brauner
4bc5137818
seccomp: support allowlist/denylist in profiles
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-07-18 12:59:36 +02:00
Christian Brauner
0332ef2c17
doc: update terminology
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-06-19 20:43:34 -04:00
Christian Brauner
fef909cf62
make dist: add missing files
...
deleted: CODING_STYLE.md
deleted: LICENSE.GPL2
deleted: LICENSE.LGPL2.1
deleted: README.md
deleted: coccinelle/exit.cocci
deleted: coccinelle/run-coccinelle.sh
deleted: coccinelle/while-true.cocci
deleted: doc/api-extensions.md
deleted: src/tests/lxc-test-exit-code
deleted: src/tests/travis.sh
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-03-24 20:37:00 +01:00
Stéphane Graber
1949358f9d
doc: Fix grammar
...
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2020-03-16 15:48:17 -04:00
Stéphane Graber
133d96089f
Merge pull request #3290 from brauner/2020-03-11/fixes
...
pidfds: switch infrastructure to rely on pidfds whenever possible
2020-03-11 11:34:34 -04:00
Christian Brauner
f3741b92fd
api-extensions: use correct headings
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-03-11 16:05:13 +01:00
Christian Brauner
712ff18d45
api-extensions: document "network_veth_router" api extension
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-03-11 16:03:09 +01:00
Christian Brauner
51c9ca2ceb
api-extensions: reflow "seccomp_allow_nesting" api extension
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-03-11 16:02:14 +01:00
Christian Brauner
b3883456f5
api-extensions: reflow "seccomp_notify" api extension
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-03-11 16:01:01 +01:00
Christian Brauner
cc08c0f322
api-extensions: reflow "cgroup2_devices" extensions
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-03-11 16:00:34 +01:00
Christian Brauner
15ba80d524
api-extensions: reflow "cgroup2" api extension
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-03-11 16:00:11 +01:00
Christian Brauner
77f5bdc240
api-extensions: add "pidfd" api extension
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-03-11 15:59:44 +01:00
Christian Brauner
fa3621ea82
lxccontainer: add init_pidfd() API extension
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-03-11 15:59:32 +01:00
Christian Brauner
890ecf0860
lxccontainer.h: document seccomp_notify_fd()
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-03-11 15:59:32 +01:00
KATOH Yasufumi
48e3c95a8d
doc: Fix typo
...
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
2020-03-11 15:56:35 +09:00
KATOH Yasufumi
978499c7c0
Merge branch 'master' into japanese
2020-03-11 15:25:00 +09:00
KATOH Yasufumi
d1fcb47a33
doc: Add keyring options to Japanese lxc.containers.conf(5)
...
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
2020-03-11 15:21:36 +09:00
