proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-16 16:35:05 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
9,454 Commits 6 Branches 17 Tags 29 MiB
0dd2e321c2
Commit Graph

9454 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rachid Koucha
e76e315c11
Adaptation to latest busybox 
In busybox 1.30, the help of udhcpc for "-s" option changed:
--> busybox v1.27.2: -s,--script PROG	Run PROG at DHCP events (default /usr/share/udhcpc/default.script)
--> busybox v1.30.1: -s PROG		Run PROG at DHCP events (default /etc/udhcpc/default.script)
So, I changed the command line which extracts the script name to make it work for both versions

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>
 2019-12-27 08:49:00 +01:00
Christian Brauner
b94283e19f
start: remove procfs pidfd support 
We'll only rely on proper anon-inode based pidfd support in the future.
There's no good reason to use the procfs fallback. All the fancy features we
might want to use are only available with anon-inode pidfds.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-26 13:01:03 +01:00
Rachid Koucha
f073d46045
Word repetition in comment 
create_run_template(): Double "will mount" in a comment

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>
 2019-12-26 11:51:54 +01:00
Stéphane Graber
33db34ef94
Merge pull request #3238 from brauner/2019-12-23/travis 
travis: enable -fsanitize=undefined
 2019-12-25 17:12:34 -05:00
Christian Brauner
2d50f34074
Merge pull request #3239 from vikaig/fix-shebang 
cmd: fix shebang
 2019-12-23 22:42:33 +01:00
vikaig
aac4e12abd cmd: fix shebang 
Signed-off-by: vikaig <vikaig99@gmail.com>
 2019-12-23 23:31:53 +02:00
Christian Brauner
384db5d761
travis: enable -fsanitize=undefined 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-23 22:12:09 +01:00
Christian Brauner
b4fde4ec4c
Merge pull request #3235 from xinhua9569/master 
fd: only add valid fd to mainloop
 2019-12-23 11:35:53 +01:00
dongxinhua
4879faffbf fd: only add valid fd to mainloop 
Signed-off-by: dongxinhua <dongxinhua@huawei.com>
 2019-12-23 16:45:36 +08:00
Christian Brauner
c7ba882842
Merge pull request #3233 from xinhua9569/master 
seccomp: support s390 seccomp
 2019-12-17 03:03:38 +01:00
Stéphane Graber
cbeb79dd08
Merge pull request #3232 from brauner/2019-12-17/cgroup2_api_extension 
api_extensions: advertise cgroup2 support
 2019-12-16 20:33:58 -05:00
dongxinhua
3c3fab0004 seccomp: support s390 seccomp 
Signed-off-by: dongxinhua <dongxinhua@huawei.com>
 2019-12-17 09:11:24 +08:00
Christian Brauner
ad92bbcd81
api_extensions: advertise cgroup2 support 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-17 00:52:04 +01:00
Stéphane Graber
56cf2a5705
Merge pull request #3229 from brauner/2019-12-12/cgroup_legacy_layout_regression 
cgroups/cgfsng: do not prematurely close file descriptors
 2019-12-12 16:52:01 -05:00
Christian Brauner
78eb6aa6fa
cgroups/cgfsng: do not prematurely close file descriptors 
When adding the new improved cgroup setup logic I didn't account for the fact
that we need the hierarchy fds up until chown. Add a dedicated cleanup method
to fix this:

lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )

Closes #3228.
Fixes: 1973b62aab ("cgroups/cgfsng: improve cgroup creation and removal")
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-12 22:09:18 +01:00
Stéphane Graber
28a41fc269
Merge pull request #3226 from brauner/cgroup_removal 
cgroupfs: improve cgroup removal
 2019-12-11 08:59:36 -05:00
Christian Brauner
1973b62aab
cgroups/cgfsng: improve cgroup creation and removal 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-11 11:51:09 +01:00
Stéphane Graber
d09863400e
Merge pull request #3225 from brauner/cgroup_improvements 
cgroups/cgfsng: rework legacy cpuset handling
 2019-12-10 21:46:06 -05:00
Christian Brauner
8e64b6736f
cgroups/cgfsng: rework cgroup removal 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-10 22:55:44 +01:00
Christian Brauner
c5b8049ef4
cgroups/cgfsng: rework legacy cpuset handling 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-10 19:25:20 +01:00
Christian Brauner
f990d3bfde
cgroupfs/cgfsng: pass cgroup to cg_legacy_handle_cpuset_hierarchy() as const char * 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-10 18:07:47 +01:00
Stéphane Graber
dc3cdf282e
Merge pull request #3223 from brauner/flatten_cgroup_hierarchy 
cgroups: flatten hierarchy
 2019-12-10 09:51:02 -05:00
Christian Brauner
aaa1ec28b0
cgroups: use explicit unsigned type for bitfield 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-10 14:07:08 +01:00
Christian Brauner
fe70edeee5
cgroups: flatten hierarchy 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-10 14:07:08 +01:00
Stéphane Graber
e340fefe18
Merge pull request #3222 from brauner/security 
file_utils: use O_NOCTTY | O_NOFOLLOW
 2019-12-09 10:37:53 -05:00
Christian Brauner
ef6d231f8b
file_utils: use O_NOCTTY | O_NOFOLLOW 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-09 11:20:29 +01:00
Stéphane Graber
2962359456
Merge pull request #3218 from brauner/bpf_devices_devpath 
cgroups/devices: enable devpath semantics for cgroup2 device controller
 2019-12-07 22:31:39 -05:00
Christian Brauner
cb3fc90ced
cgroups/devices: enable devpath semantics for cgroup2 device controller 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 02:23:35 +01:00
Stéphane Graber
7453799ad7
Merge pull request #3217 from brauner/rework_cgroups 
cgroups, logging: fixes and improvements
 2019-12-07 19:39:55 -05:00
Christian Brauner
c04a6d4e7f
cgroups/cgfsng: replace lxc_write_file() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 01:17:33 +01:00
Christian Brauner
e552bd1a34
cgroups/cgfsng: cgfsng_devices_activate() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:43:40 +01:00
Christian Brauner
1aae36a98f
cgroups/cgfsng: rework cgfsng_nrtasks() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:41:36 +01:00
Christian Brauner
9585ccb3f0
cgroups/cgfsng: rework cgfsng_mount() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:40:29 +01:00
Christian Brauner
c98bbf7106
cgroups/cgfsng: rework cgfsng_chown() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:38:16 +01:00
Christian Brauner
ab9a452ddb
cgroups/cgfsng: rework cgfsng_attach() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:35:19 +01:00
Christian Brauner
7e31931f10
cgroups/cgfsng: rework cgfsng_setup_limits() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:33:24 +01:00
Christian Brauner
92ca7eb54f
cgroups/cgfsng: rework cgfsng_setup_limits_legacy() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:29:45 +01:00
Christian Brauner
a358028a7c
cgroups/cgfsng: rework cgfsng_{get,set}() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:28:48 +01:00
Christian Brauner
6bdf969152
cgroups/cgfsng: rework cgfsng_unfreeze() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:28:48 +01:00
Christian Brauner
aa48a34fac
cgroups/cgfsng: rework cgfsng_get_hierarchies() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:28:48 +01:00
Christian Brauner
e3ffb28bd0
cgroups/cgfsng: rework cgfsng_num_hierarchies() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:17:58 +01:00
Christian Brauner
52d08ab033
cgroups/cgfsng: rework cgfsng_escape() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:16:59 +01:00
Christian Brauner
4490328e59
cgroups/cgfsng: rework cgfsng_payload_enter() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:13:37 +01:00
Christian Brauner
f3839f1225
cgroups/cgfsng: rework cgfsng_payload_create() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:13:37 +01:00
Christian Brauner
53675a8d1f
tree-wide: s/__unused/__lxc_unused/g 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:13:37 +01:00
Christian Brauner
ad275c1605
cgroups/cgfsng: rework cgroup attach 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:13:37 +01:00
Christian Brauner
6e8703a411
cgroups/cgfsng: don't dereference NULL-pointer 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:13:37 +01:00
Christian Brauner
803e41235f
cgroups/cgfsng: log chown_cgroup_wrapper() 
It's becoming more important on cgroup2 to properly delegate cgroups.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:13:37 +01:00
Christian Brauner
d606c4e9d2
cgroups/cgfsng: rework cgroup2 unprivileged delegation 
We accidently checked files to delegate for privileged container and not for
unprivileged containers in the pure unified case. Fix that and clean up the
delegation file parsing.

Closes #3206.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:13:37 +01:00
Christian Brauner
61fbc369f9
cgroups/cgfsng: rework cgfsng_{monitor,payload}_delegate_controllers() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:13:37 +01:00