proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-12 11:54:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
6,489 Commits 6 Branches 17 Tags 29 MiB
0cb10e11f1
Commit Graph

6489 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Christian Brauner
c2229b24f9
utils: check suffix length 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-01-17 12:21:09 +01:00
Christian Brauner
99eafdd4f7
test: log error on failure 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-01-17 11:50:54 +01:00
Christian Brauner
a13560af7e
utils: do not rely on unitialized variable 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-01-17 11:19:05 +01:00
Christian Brauner
e7d7dd73d2
Merge pull request #2086 from kunkku/alpine-ptrace 
lxc-alpine: allow retaining sys_ptrace per container
 2018-01-16 15:25:43 +01:00
Kaarle Ritvanen
ecef04af71 lxc-alpine: allow retaining sys_ptrace per container 
Signed-off-by: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
 2018-01-16 16:02:49 +02:00
Christian Brauner
fbf4cc9548
Merge pull request #2085 from duguhaotian/master 
[console] return wrong console logsize
 2018-01-16 10:50:11 +01:00
duguhaotian
dcea90a033 [console] return wrong console logsize 
get_config_console_logsize want console.buffer_size not c->autodev

Signed-off-by: duguhaotian <duguhaotian@gmail.com>
 2018-01-16 15:34:42 +08:00
Christian Brauner
060adc6137
tests: do not call close() on invalid fd 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-01-12 18:43:01 +01:00
Christian Brauner
dc5f6125d6
console: set SFD_CLOEXEC on signal fd 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-01-09 13:20:27 +01:00
Christian Brauner
df0795b1bd
start: non-functional changes 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-01-09 13:20:25 +01:00
Christian Brauner
766a3b2ee9
tools: honor --console and --console-log 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-01-09 13:20:24 +01:00
Christian Brauner
ba2be1a8a6
attach: move pty allocation into api 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-01-09 13:20:23 +01:00
Christian Brauner
79bd76625d
attach_options: add log_fd argument 
This will be used to log the output of attach to.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-01-09 13:20:22 +01:00
Christian Brauner
08ea927039
attach: minor tweaks 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-01-09 13:20:20 +01:00
Christian Brauner
7cfeddd715
console: add lxc_pty_map_ids() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-01-09 13:20:18 +01:00
Christian Brauner
30a33fbd27
console: adapt lxc_console_mainloop_add() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-01-09 13:20:17 +01:00
Christian Brauner
b75c344c24
attach: cleanup attach_child_main() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-01-09 13:20:16 +01:00
Christian Brauner
e98affdaa8
console: add some pty helpers 
- int lxc_make_controlling_pty()
- int lxc_login_pty()
- void lxc_pty_conf_free()
- void lxc_pty_info_init()
- void lxc_pty_init()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-01-09 13:20:14 +01:00
Christian Brauner
4d1ffb0abb
start: non-functional changes 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-01-09 13:20:13 +01:00
Christian Brauner
24945df77b
conf: move ringbuffer members to anonymous struct 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-01-09 13:20:12 +01:00
Christian Brauner
5777fe9030
console: move pty creation to separate function 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-01-09 13:20:10 +01:00
Christian Brauner
f37d1c220e
confile: improve log messages 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-01-09 11:20:44 +01:00
Christian Brauner
fb9efed8af
Merge pull request #2080 from tych0/add-idmap-parse-error-message 
add some idmap parsing error messages
 2018-01-09 11:16:29 +01:00
Tycho Andersen
a8b1ac7813 add some idmap parsing error messages 
otherwise, we just get a return value of false from setting config failure,
with no indication as to what actually failed in the log.

Signed-off-by: Tycho Andersen <tycho@tycho.ws>
 2018-01-09 00:07:50 +00:00
Christian Brauner
6ddb17ff99
Merge pull request #2078 from tych0/usernsexec-exit-status 
fix up lxc-usernsexec's exit status
 2018-01-08 17:36:32 +01:00
Tycho Andersen
d8208db477 fix up lxc-usernsexec's exit status 
* exit(1) when there is an option parsing error
* exit(0) when the user explicitly asks for help
* exit(1) when the user specifies an invalid option

Signed-off-by: Tycho Andersen <tycho@tycho.ws>
 2018-01-08 16:20:24 +00:00
Christian Brauner
9531b90aa2
Merge pull request #2077 from lifeng68/Fix_segment_fault 
Add return check for 'lxc_cmd_get_name'
 2018-01-08 09:13:51 +01:00
LiFeng
ee2d7093f0 Add return check for 'lxc_cmd_get_name' 
If 'lxc_cmd_get_name' failed and return with NULL, this would cause a segment fault.

Signed-off-by: LiFeng <lifeng68@huawei.com>
 2018-01-08 14:26:00 -05:00
Christian Brauner
e749acdf31
Merge pull request #2075 from stgraber/master 
lxc_get_version() should show the "-devel" suffix
 2018-01-06 10:25:18 +01:00
Stéphane Graber
5f98011c3e
Include -devel suffix in version string 
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
 2018-01-05 16:25:28 -05:00
Stéphane Graber
78c164840c
Fix broken indentation 
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
 2018-01-05 15:19:30 -05:00
Serge Hallyn
a3f5fbb39a
Merge pull request #2067 from brauner/2018-01-03/allow_fully_unprivileged_containers 
conf: write "deny" to /proc/[pid]/setgroups
 2018-01-04 10:26:01 -06:00
Serge Hallyn
4f5e5b78c8
Merge pull request #2068 from brauner/2018-01-03/cleanup_command_after_revert 
commands: fully revert set_running_config_item()
 2018-01-04 10:21:17 -06:00
Christian Brauner
bd8ef4e4da
cgfsng: only establish mapping once 
When we deleted cgroups for unprivileged containers we used to allocate a new
mapping and clone a new user namespace each time we delete a cgroup. This of
course meant - on a cgroup v1 system - doing this >= 10 times when all
controllers were used. Let's not to do this and only allocate and establish a
mapping once.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-01-04 15:28:12 +01:00
Christian Brauner
dcf0ffdf41
conf: rework userns_exec_1() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-01-04 15:01:06 +01:00
Christian Brauner
c7e345ae1f
conf: non-functional changes 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-01-04 15:00:39 +01:00
Christian Brauner
a19b974f42
conf: write "deny" to /proc/[pid]/setgroups 
When fully unprivileged users run a container that only maps their own {g,u}id
and they do not have access to setuid new{g,u}idmap binaries we will write the
idmapping directly. This however requires us to write "deny" to
/proc/[pid]/setgroups otherwise any write to /proc/[pid]/gid_map will be
denied.

On a sidenote, this patch enables fully unprivileged containers. If you now set
lxc.net.[i].type = empty no privilege whatsoever is required to run a container.

Enhances #2033.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Cc: Felix Abecassis <fabecassis@nvidia.com>
Cc: Jonathan Calmels <jcalmels@nvidia.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-01-04 11:57:09 +01:00
Christian Brauner
a8ca11c215
Merge pull request #2069 from stgraber/master 
gentoo: Add support for .xz tarballs
 2018-01-04 10:29:43 +01:00
Christian Brauner
773f442e3f
Merge pull request #2070 from hallyn/2018-01-03/staticlibcap 
configure.ac: fix the check for static libcap
 2018-01-04 10:29:18 +01:00
Serge Hallyn
c06ed219c4 configure.ac: fix the check for static libcap 
The existing check doesn't work, because when you statically
link a program against libc, any functions not called are not
included.  So cap_init() which we check for is not there in
the built binary.

So instead just check whether a "gcc -lcap -static" works.
If libcap.a is not available it will fail, if it is it will
succeed.

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
 2018-01-03 21:09:10 -06:00
Stéphane Graber
71ac47aba1
gentoo: Add support for .xz tarballs 
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
 2018-01-03 18:06:33 -05:00
Christian Brauner
a3edf26779
commands: fully revert set_running_config_item() 
The noop implementation is pointless.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-01-03 18:28:58 +01:00
Stéphane Graber
acd546adad
Merge pull request #2065 from brauner/2017-01-01/revert_set_running_config_item 
lxccontainer: revert set_running_config_item()
 2018-01-03 12:12:39 -05:00
Serge Hallyn
fd7374db34
Merge pull request #2066 from brauner/2017-01-02/support_no_root_mappings 
Support configurations without root mapping
 2018-01-02 21:42:06 -06:00
Christian Brauner
f49007111e
conf: detect if devpts can be mounted with gid=5 
Closes #2033.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-01-03 00:12:53 +01:00
Christian Brauner
4160c3a088
cgfsng: use init {g,u}id 
If no id mapping for the container's root id is defined try to us the id
mappings specified via lxc.init.{g,u}id.

Closes #2033.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-01-03 00:12:50 +01:00
Christian Brauner
46ad64ab26
conf{ile}: detect ns{g,u}id mapping for root 
Closes #2033.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-01-03 00:12:45 +01:00
Christian Brauner
db7cfe23ab
conf: adapt userns_exec_1() 
Closes #2033.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-01-03 00:12:38 +01:00
Christian Brauner
c433319551
conf: adapt idmap helpers 
- mapped_hostid_entry()
- idmap_add()

Closes #2033.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-01-03 00:12:24 +01:00
Christian Brauner
d393e64525
lxccontainer: revert set_running_config_item() 
- As discussed we will have a proper API extension that will allow updating
  various parts of a running container. The prior approach wasn't a good idea.

- Revert this is not a problem since we haven't released any version with the
  set_running_config_item() API extension.

- I'm not simply reverting so that master users can still call into new
  liblxc's without crashing the container. This is achieved by keeping the
  commands callback struct member number identical.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-01-01 21:58:09 +01:00