mirror_lxc

mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-26 16:07:14 +00:00

Author	SHA1	Message	Date
Christian Brauner	362ad2f2e8	tree-wide: make use of new_mount_api() where it makes sense Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 21:07:03 +01:00
Christian Brauner	c4199d115f	mount_utils: detect new mount api support Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 21:07:02 +01:00
Christian Brauner	296e0b1120	mount_utils: kill mount_from_at() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 21:07:01 +01:00
Christian Brauner	d469fee9b4	conf: use fd_bind_mount() in lxc_fill_autodev() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 21:07:00 +01:00
Christian Brauner	8e7c46e80d	mount_utils: add support for bind-mounts through the new mount api fd_bind_mount() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 21:07:00 +01:00
Christian Brauner	a4df98203b	mount_utils: kill mount_at() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 21:06:59 +01:00
Christian Brauner	7bd7619b83	cgroups: switch __cg_mount_direct() to use the new mount api Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 21:06:57 +01:00
Christian Brauner	9b0712c024	cgroups: switch tmpfs mounting to new mount api Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 21:06:57 +01:00
Christian Brauner	ee28c8ce4b	conf: switch mount_autodev() to new mount api Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 21:06:55 +01:00
Christian Brauner	b6546e30ba	mount_utils: add extended helpers for new mount api fs_prepare() fs_set_property() fs_attach() fs_mount() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 21:06:54 +01:00
Christian Brauner	c59b7ab9c3	mount_utils: move mount_at() and mount_from_at() over from utils.{c,h} Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 21:06:42 +01:00
Christian Brauner	36fbe85146	confile: handle appending init groups Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 21:03:53 +01:00
Christian Brauner	506ec83846	conf: use lxc_groups_t directly Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 21:02:55 +01:00
Christian Brauner	6c289559e2	attach_options: use size_t for lxc_groups_t Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 21:02:54 +01:00
Christian Brauner	8e5fb3de47	attach: use brackets around flag check Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 21:02:53 +01:00
Christian Brauner	7cec31a9af	attach_options: use standard C pointer syntax Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 21:02:52 +01:00
Christian Brauner	2ab3ea3eed	attach_options: initialize .groups Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 21:02:50 +01:00
Ruben Jenster	8066b01fe2	attach: Add groups option to keep additional group IDs. Signed-off-by: Ruben Jenster <r.jenster@drachenfels.de>	2021-02-26 21:02:47 +01:00
Ruben Jenster	e778f9739a	confile: add lxc.init.groups to keep additional groups Signed-off-by: Ruben Jenster <r.jenster@drachenfels.de>	2021-02-26 21:02:22 +01:00
Christian Brauner	7e9d3f208c	utils: rework lxc_setgroups() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 20:59:15 +01:00
Christian Brauner	1529fd39b7	tree-wide: use lxc_drop_groups() instead of lxc_setgroups(0, NULL) Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 20:59:14 +01:00
Christian Brauner	35c45e1789	utils: add lxc_drop_groups() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 20:59:13 +01:00
Christian Brauner	fde1420c90	utils: check for snprintf() error Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 20:59:13 +01:00
Christian Brauner	883a6f8f76	attach: improve logging and terminology The term "intermediate process" is not very nice imho, "transient process" fits better. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 20:59:11 +01:00
Christian Brauner	f6666d3b04	cgroups: check for correct error in __cg_unified_attach() from cgroup_attach() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 20:59:11 +01:00
Christian Brauner	cb17f83f0b	tree-wide: s/dfd_root_host/dfd_host/g Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 20:59:10 +01:00
Christian Brauner	856fb71959	tree-wide: s/mntpt_fd/dfd_mnt/g Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 20:59:08 +01:00
Christian Brauner	acf2aed869	tree-wide: s/dev_mntpt_fd/dfd_dev/g Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 20:59:07 +01:00
Christian Brauner	3bc37321dd	syscall_wrappers: fix PROTECT_OPEN_W macro Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 20:59:06 +01:00
Christian Brauner	4eaba6a473	conf: restricted fd-only lxc_fill_autodev() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 20:59:05 +01:00
Christian Brauner	d6c618aad3	conf: start stashing dfd to host's / during container setup Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 20:59:04 +01:00
Christian Brauner	f4c4328748	conf: fix lxc_setup_dev_console() We were printing garbage on accident. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 20:59:02 +01:00
Christian Brauner	7ce4f69a03	utils: add mount_from_at() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 20:58:50 +01:00
Christian Brauner	37b56e9750	cgroups: restrict open calls in cgroup_attach_create_leaf() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 20:57:29 +01:00
Christian Brauner	1041c03b81	cgroups: improve error handling and logging in cgroup_attach_leaf() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 20:57:28 +01:00
Christian Brauner	85aaa781e2	cgroups: fix argument vetting in cgroup_attach() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 20:57:27 +01:00
Christian Brauner	9f880a8a5f	attach: fix fallback logic when attaching to cgroups Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 20:57:26 +01:00
Christian Brauner	f10d69e3c1	cgroups: switch to fd-based cgroup mounting Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 20:57:25 +01:00
Christian Brauner	0c58dd31a9	cgroups: restricted fd-only controller mountpoint creation Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 20:57:23 +01:00
Christian Brauner	c8c6a0a725	utils: harden __safe_mount_beneath_at() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 20:56:17 +01:00
Christian Brauner	8e262f5e03	conf: refactor transient procfs mounting Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 20:56:15 +01:00
Christian Brauner	7413dcc033	conf: restrict open call in lxc_mount_rootfs() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 20:56:10 +01:00
Christian Brauner	8c979bf274	conf: make lxc_create_tmp_proc_mount() static Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 20:54:15 +01:00
Christian Brauner	f146497f22	conf: coding style Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 20:53:23 +01:00
Christian Brauner	908a017469	attach: attach to namespaces via pidfds This is a feature we've enabled in kernel v5.8 and v5.9. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 20:53:23 +01:00
Christian Brauner	8fc6f4178b	conf: fd-only devtps setup Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 20:53:22 +01:00
Christian Brauner	65d42af074	conf: fd-only pivot root Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 20:53:21 +01:00
Christian Brauner	8a1a6dd6d7	conf: restrict open for lxc_mount_rootfs() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 20:53:20 +01:00
Christian Brauner	ec09da6fe1	conf: fd-only operations in lxc_setup_dev_symlinks() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 20:53:19 +01:00
Christian Brauner	c18a6ad150	conf: harden open in lxc_fill_autodev() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-26 20:53:18 +01:00

... 17 18 19 20 21 ...

10680 Commits