The configuration file parser now already detects the storage type so spare the
work and pass it down to the storage drivers.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Adrian Reber <areber@redhat.com>
Split lxc.rootfs.path = <storage type>:<container path> into <storage-type> and
<container path> to set the storage type and rootfs path value correctly.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Adrian Reber <areber@redhat.com>
Move duplicated implementatin of sethostname from conf.c and
lxc_unshare.c to utils.h
Signed-off-by: Marcos Paulo de Souza <marcos.souza.org@gmail.com>
In order to support filtering syscalls based on arguments the seccomp version 2
specification is extended to the following form:
syscall_name action [index,value,op,valueTwo] [index,value,op]...
where the arguments of the tuple [index,value,valueTwo,op] have the following
meaning:
1. index (uint32_t):
The index of the syscall argument.
2. value (uint64_t):
The value for the syscall argument specified by "index".
3. valueTwo (uint64_t, optional):
The value for the syscall argument specified by "index". This optional value
is only valid in conjunction with SCMP_CMP_MASKED_EQ.
4. op (string):
The operator for the syscall argument. Valid operators are the constants
- SCMP_CMP_NE (!=)
- SCMP_CMP_LE (<=)
- SCMP_CMP_EQ (==)
- SCMP_CMP_GE (>=)
- SCMP_CMP_GT (>)
- SCMP_CMP_MASKED_EQ (&=)
as defined by libseccomp >= v2.3.2.
For convenience liblxc also understands the standard operator notation
indicated in brackets after the libseccomp constants above as an equivalent
notation.
Note that it is legal to specify multiple entries for the same syscall.
An example for an extended seccomp version 2 profile is:
2
blacklist allow
reject_force_umount # comment this to allow umount -f; not recommended
[all]
kexec_load errno 1 [0,1,SCMP_CMP_LE][3,1,==][5,1,SCMP_CMP_MASKED_EQ,1]
open_by_handle_at errno 1
init_module errno 1
finit_module errno 1
delete_module errno 1
unshare errno 9 [0,0x10000000,SCMP_CMP_EQ]
unshare errno 2 [0,0x20000000,SCMP_CMP_EQ]
Closes#1564.
Signed-off-by: LiFeng <lifeng68@huawei.com>
Reviewed-by: Christian Brauner <christian.brauner@ubuntu.com>
Check the test user (lxcunpriv) before calling deluser command,
otherwise it will print unnecessary error message:
/usr/sbin/deluser: The user 'lxcunpriv' does not exist.
Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com>
In the case of "lxc.net.0.type", the pointers passed to strncpy were
only 2 elements apart, resulting in undefined behavior.
Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>
Add new hooks leveraging dhclient from the host to automatically
configure the container interfaces. This is especially useful for
application containers which rely on an IPAM driver for network
configuration (e.g. Docker).
Signed-off-by: Jonathan Calmels <jcalmels@nvidia.com>
