mirror_lxc

mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-07-27 05:03:17 +00:00

Author	SHA1	Message	Date
Stéphane Graber	113ca42933	Merge pull request #3075 from brauner/2019-07-03/cgroups cgroups: hande cpuset initialization race	2019-07-03 12:23:50 -04:00
Christian Brauner	b28c281086	cgroups: hande cpuset initialization race Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2019-07-03 17:57:48 +02:00
Stéphane Graber	0f03b15592	Merge pull request #3074 from brauner/2019-07-03/fix_phys_network_creation network: remove faulty restriction	2019-07-03 11:44:25 -04:00
Christian Brauner	e318f2c1a3	network: remove faulty restriction Reported-by: Thomas Parrott <thomas.parrott@canonical.com> Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2019-07-03 15:48:09 +02:00
Stéphane Graber	4f71ecb85e	Merge pull request #3069 from brauner/2019-07-01/network_creation start: unify network creation	2019-07-02 11:46:55 -04:00
Christian Brauner	1871e6465b	start: expose LXC_PID to network hooks too Closes #3066. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2019-07-02 13:49:33 +02:00
Christian Brauner	e389f2afd8	start: unify and simplify network creation Make sure that network creation happens at the same time for containers started by privileged and unprivileged users. The only reason we didn't do this so far was to avoid sending network device ifindices around in the privileged case. Link: https://github.com/lxc/lxc/issues/3066 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2019-07-02 13:49:27 +02:00
Stéphane Graber	c83ad424ab	Merge pull request #3064 from brauner/2019-06-27/cleanup_macros bugfixes	2019-07-01 22:06:23 -04:00
Stéphane Graber	dfce2c76be	Merge pull request #3059 from brauner/2019-06-21/seccomp_notify lxccontainer: rework seccomp notify api function	2019-07-01 22:04:20 -04:00
Christian Brauner	33d7d28f45	Merge pull request #3067 from Rachid-Koucha/patch-1 Move code/variable in smaller scope	2019-06-30 18:13:30 +02:00
Rachid Koucha	2806a87dcc	Move code/variable in smaller scope In start.c, do not fill path[] table if not necessary Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>	2019-06-29 23:21:14 +02:00
Christian Brauner	9752e3a9e7	Merge pull request #3065 from lifeng68/fix_memory_leak fix memory leak in do_storage_create	2019-06-28 11:53:52 +02:00
LiFeng	8ea91347b8	fix memory leak in do_storage_create Signed-off-by: LiFeng <lifeng68@huawei.com>	2019-06-27 23:49:08 -04:00
Christian Brauner	6a720d7480	cgroups: move variable into tighter scope Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2019-06-27 16:08:21 +02:00
Christian Brauner	f6b54668ef	cgroups: correctly order variables Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2019-06-27 16:08:21 +02:00
Christian Brauner	dfa835ac21	cgroups: move variable into tighter scope Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2019-06-27 16:08:21 +02:00
Christian Brauner	3312a94ff4	cgroups: simplify cgfsng_nrtasks() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2019-06-27 16:08:21 +02:00
Christian Brauner	779b3d82e6	cgroups: move variable into tighter scope Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2019-06-27 16:08:18 +02:00
Christian Brauner	81b5d48a34	cgroups: move variable into tighter scope Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2019-06-27 14:27:58 +02:00
Christian Brauner	c05b17bd66	cgroups: use __do_free in cgfsng_attach() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2019-06-27 14:27:39 +02:00
Christian Brauner	6280d4c97d	cgroups: simplify cgfsng_setup_limits() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2019-06-27 14:26:38 +02:00
Christian Brauner	431e2c547f	cgroups: move variables into tighter scope Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2019-06-27 14:26:14 +02:00
Christian Brauner	a64edc1c8d	cgroups: use __do_free Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2019-06-27 14:25:53 +02:00
Christian Brauner	c121b3000f	Merge pull request #3063 from lifeng68/fix_memory_leak cgfsng: fix memory leak in lxc_cpumask_to_cpulist	2019-06-27 09:40:55 +02:00
LiFeng	24cac6aff1	cgfsng: fix memory leak in lxc_cpumask_to_cpulist Signed-off-by: LiFeng <lifeng68@huawei.com>	2019-06-27 00:00:09 -04:00
Rachid Koucha	eff0e7bbd8	Container's specific file/directory names To be used when making file/directory names for containers (e.g. in lxccontainer.c) Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>	2019-06-21 14:20:04 +02:00
Christian Brauner	679289bf5f	lxccontainer: rework seccomp notify api function Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2019-06-21 12:59:36 +02:00
Stéphane Graber	daf6a727aa	Merge pull request #3056 from brauner/2019-06-20/cpuset cgfsng: write cpuset.mems of correct ancestor	2019-06-20 13:54:12 -04:00
Christian Brauner	f68ea354f4	cgfsng: write cpuset.mems of correct ancestor Reported-by: Free Ekanayaka <free.ekanayaka@canonical.com> Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2019-06-20 19:37:09 +02:00
Rachid Koucha	1b5d4bd864	Use file/directory names from macro.h To make the file/directory names, use the defines from macro.h Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>	2019-06-20 18:24:21 +02:00
Christian Brauner	23852ec4d0	Merge pull request #3052 from tanyifeng/fd_leak parse.c: fix fd leak from memfd_create	2019-06-20 11:33:41 +02:00
t00416110	22c8ac96f6	parse.c: fix fd leak from memfd_create Signed-off-by: t00416110 <tanyifeng1@huawei.com>	2019-06-20 16:26:59 -04:00
Christian Brauner	2fea2116c9	Merge pull request #3050 from hallyn/pkgconfig lxc.pc.in: add libs.private for static linking	2019-06-18 21:09:28 +02:00
Serge Hallyn	a65cce2f9d	lxc.pc.in: add libs.private for static linking None of them seem to support pkg-config themselves, else we could add them to Requires.private. Signed-off-by: Serge Hallyn <shallyn@cisco.com>	2019-06-18 13:13:34 -05:00
Christian Brauner	52ac245b52	Merge pull request #3047 from Rachid-Koucha/patch-11 Fixed file descriptor leak for network namespace	2019-06-16 04:11:35 +02:00
Rachid Koucha	aa0c0e7b8a	Fixed file descriptor leak for network namespace In privileged mode, the container startup looses a file descriptor for "handler->nsfd[LX_NS_NET]". At line 1782, we preserve the namespaces file descriptor (in privileged mode, the network namespace is also preserved) : for (i = 0; i < LXC_NS_MAX; i++) if (handler->ns_on_clone_flags & ns_info[i].clone_flag) INFO("Cloned %s", ns_info[i].flag_name); if (!lxc_try_preserve_namespaces(handler, handler->ns_on_clone_flags, handler->pid)) { ERROR("Failed to preserve cloned namespaces for lxc.hook.stop"); goto out_delete_net; } Then at line 1830, we preserve one more time the network namespace : ret = lxc_try_preserve_ns(handler->pid, "net"); if (ret < 0) { if (ret != -EOPNOTSUPP) { SYSERROR("Failed to preserve net namespace"); goto out_delete_net; } The latter overwrites the file descriptor already stored in handler->nsfd[LXC_NS_NET] at line 1786. So, this fix checks that the entry is not already filled. Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>	2019-06-15 15:17:50 +02:00
Serge Hallyn	3d43f6113b	Merge pull request #3045 from hallyn/2019-06-13/openssl [RFC\ Switch from gnutls to openssl for sha1	2019-06-14 23:00:48 -05:00
Stéphane Graber	bd6c1ff60b	Merge pull request #3046 from brauner/lxc/master network: fix lxc_netdev_rename_by_index()	2019-06-14 07:48:31 -04:00
Christian Brauner	90d79629cb	network: fix lxc_netdev_rename_by_index() Return an error code when the name is invalid instead of pretending that things are fine. Closes #3044. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2019-06-14 12:39:20 +02:00
Serge Hallyn	fa2bb6ba53	Switch from gnutls to openssl for sha1 The reason for this is because openssl can be statically linked against, gnutls cannot. Signed-off-by: Serge Hallyn <shallyn@cisco.com>	2019-06-13 22:19:27 -05:00
Christian Brauner	f00010ff82	Merge pull request #3042 from tenforward/japanese doc: add a note about shared ns + LSMs to Japanese doc	2019-06-13 14:10:00 +02:00
KATOH Yasufumi	3c452dec31	doc: add a note about shared ns + LSMs to Japanese doc Update for commit `8de9038436` Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>	2019-06-13 21:05:24 +09:00
Stéphane Graber	23b50e75af	Merge pull request #3041 from brauner/2019-06-12/seccomp_notify_fixes seccomp: do not set SECCOMP_FILTER_FLAG_NEW_LISTENER	2019-06-12 08:18:24 -04:00
Christian Brauner	2959742385	Merge pull request #3040 from Rachid-Koucha/patch-11 Centralize hook names	2019-06-12 14:15:39 +02:00
Christian Brauner	f73adb35fb	seccomp: do not set SECCOMP_FILTER_FLAG_NEW_LISTENER Do not set SECCOMP_FILTER_FLAG_NEW_LISTENER as seccomp attribute. Prior to libseccomp merging support for SECCOMP_RET_USER_NOTIF there was a libseccomp specific attribute that needed to be set before SECCOMP_RET_USER_NOTIF could be used. This has been removed. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2019-06-12 13:42:25 +02:00
Rachid Koucha	3ea957c616	Centralize hook names The hook string names must not be repeated in the source code to facilitate future changes Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>	2019-06-12 08:36:40 +02:00
Stéphane Graber	16512e0c36	Merge pull request #3039 from brauner/master seccomp: add ifdefine for SECCOMP_FILTER_FLAG_NEW_LISTENER	2019-06-11 18:11:32 -04:00
Christian Brauner	fe02f63c08	seccomp: add ifdefine for SECCOMP_FILTER_FLAG_NEW_LISTENER So that we can deal with older kernels. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2019-06-12 00:02:49 +02:00
Stéphane Graber	b322965e7e	Merge pull request #3038 from brauner/master seccomp: s/SCMP_FLTATR_NEW_LISTENER/SECCOMP_FILTER_FLAG_NEW_LISTENER/g	2019-06-11 17:53:05 -04:00
Christian Brauner	2e5bcac329	seccomp: s/SCMP_FLTATR_NEW_LISTENER/SECCOMP_FILTER_FLAG_NEW_LISTENER/g Align with upstream libseccomp. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2019-06-11 23:51:34 +02:00

1 2 3 4 5 ...

8686 Commits