mirror_lxc

mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-16 09:01:09 +00:00

Author	SHA1	Message	Date
Edênis Freindorfer Azevedo	ce97c9de05	Fix typo on documentation for `lxc-{attach,execute}`. According to `[1]`, `lxc-attach` uses `-u,-g` instead of `--u,--g`. According to `[2]`, `lxc-execute` uses `-u,-g` instead of `--u,--g`. - [1] https://github.com/lxc/lxc/blob/stable-4.0/src/lxc/tools/lxc_attach.c#L131-L132 - [2] https://github.com/lxc/lxc/blob/stable-4.0/src/lxc/tools/lxc_execute.c#L59-L60 Signed-off-by: Edenis Freindorfer Azevedo <edenisfa@gmail.com>	2021-10-14 17:21:23 +02:00
Edênis Freindorfer Azevedo	b8c4234ef1	Fix typo on documentation for `lxc-autostart`. According to `[1,2]`, this command has `--groups` instead of `--group`. - [1] https://github.com/lxc/lxc/blob/stable-4.0/src/lxc/tools/lxc_autostart.c#L64 - [2] https://github.com/lxc/lxc/blob/stable-4.0/src/lxc/tools/lxc_autostart.c#L84 Signed-off-by: Edenis Freindorfer Azevedo <edenisfa@gmail.com>	2021-10-14 17:21:18 +02:00
Stéphane Graber	cec7cb14b2	Merge pull request #3969 from brauner/2021-09-03.fixes.stable tests: fix config file tests	2021-09-13 08:41:51 -04:00
Christian Brauner	671a65391f	tests: fix config file tests Link: https://bugs.launchpad.net/bugs/1943441 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-09-13 14:11:05 +02:00
Stéphane Graber	5cbc29d1eb	doc/api-extensions: Grammar fix Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>	2021-08-09 19:42:00 +02:00
Christian Brauner	c9d9085b3f	lsm/apparmor: use cleanup macro Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-09 17:38:41 +02:00
Christian Brauner	fcf3e60765	lsm/apparmor: log failure to write AppArmor profile Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-09 17:38:39 +02:00
Christian Brauner	a80856010c	network: fix container with empty network namespaces Fixes: #3922 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-09 17:38:36 +02:00
Christian Brauner	60f6207ac2	tests: add test for rootfs mount options Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-03 16:18:11 +02:00
Christian Brauner	7997d7fb1c	conf: allow mount options for rootfs when using new mount api Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-03 16:18:10 +02:00
Christian Brauner	c2c8a897a8	mount_utils: make some mount helpers static inline Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-03 16:18:09 +02:00
Christian Brauner	72acfa2795	conf: let parse_vfs_attr() handle legacy mount flags as well Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-03 16:18:09 +02:00
Christian Brauner	88c348f376	conf: log failure to create tty mountpoint Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-03 16:18:08 +02:00
Christian Brauner	2d7001d9d8	conf: refactor lxc_recv_ttys_from_child() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-03 16:18:07 +02:00
Christian Brauner	bca3805913	conf: fix logging in lxc_idmapped_mounts_child() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-03 16:18:06 +02:00
Christian Brauner	124f9b8b9e	mount_utils: introduce mount_at() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-03 16:18:02 +02:00
Christian Brauner	02998e6c4d	terminal: fail on unknown error during TIOCGPTPEER Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-02 14:45:21 +02:00
Christian Brauner	4c75aa656c	terminal: move native terminal allocation from error logging to info Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-02 14:45:20 +02:00
Christian Brauner	e33da9473f	conf: handle kernels without TIOCGPTPEER Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-02 14:45:19 +02:00
Christian Brauner	617195aa62	start: allow containers to use a native console After all of the previous rework we can make it possible for a container to use a console allocated from the container's devpts instance. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-02 14:45:18 +02:00
Christian Brauner	28321bd615	terminal: remove unused argument from lxc_devpts_terminal() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-02 14:45:17 +02:00
Christian Brauner	292a6d4852	conf: rework console setup Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-02 14:45:16 +02:00
Christian Brauner	7de17c5d7d	file_utils: add open_at_same() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-02 14:45:15 +02:00
Christian Brauner	914c8117e6	conf: use mount_fd() during console mounting Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-02 14:45:14 +02:00
Christian Brauner	c1e81360dc	conf: use mount_fd() in lxc_setup_dev_console() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-02 14:45:13 +02:00
Christian Brauner	2ca395e000	conf: use mount_fd() helper when mounting ttys Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-02 14:45:11 +02:00
Christian Brauner	97cb264385	mount_utils: add mount_fd() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-02 14:45:10 +02:00
Christian Brauner	d9fd5a83df	conf: stash pty_nr in struct lxc_terminal Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-02 14:45:09 +02:00
Christian Brauner	425875136b	conf: move lxc_create_ttys() before pivot root This is the last setup step that occured after pivot root. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-02 14:45:08 +02:00
Christian Brauner	b83fc7ff53	terminal: split out lxc_devpts_terminal() helper Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-02 14:45:07 +02:00
Christian Brauner	0f427a9f98	string_utils: cast __s64 to long long signed int Link: https://launchpadlibrarian.net/550723147/buildlog_snap_ubuntu_focal_ppc64el_lxd-latest-edge_BUILDING.txt.gz Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-02 14:45:06 +02:00
Christian Brauner	e428dfdfc4	conf: merge devpts setup and move before pivot root Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-02 14:45:05 +02:00
Christian Brauner	d413c48628	terminal: don't use ttyname_r() for native terminal allocation Since we can call that function from another mount namespace we need to do this manually. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-02 14:45:04 +02:00
Christian Brauner	011d6eaaaa	conf: add and use mount_beneath_fd() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-02 14:45:03 +02:00
Christian Brauner	03fd5d968f	conf: update comment Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-02 14:45:02 +02:00
Christian Brauner	e5cc3716b4	conf: use a relative path in symlinkat() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-02 14:45:01 +02:00
Christian Brauner	b36c1c3936	conf: s/lxc_setup_devpts_parent/lxc_recv_devpts_from_child/g Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-02 14:44:59 +02:00
Christian Brauner	43e9379dc1	conf: attach devpts mount directly when new mount api can be used Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-02 14:44:58 +02:00
Christian Brauner	2d4cc531a4	conf: set source property for devpts Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-02 14:44:57 +02:00
Christian Brauner	ae8d0df554	conf: surface failures to setup console Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-02 14:44:56 +02:00
Stéphane Graber	afc9b615f3	Fix typos This fixes all typos identified by lintian. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>	2021-08-02 14:44:54 +02:00
Christian Brauner	06520b0915	conf: ensure devpts_fd is set to -EBADF Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-02 14:44:52 +02:00
Christian Brauner	1ff9846c1c	terminal: ttyname_r() returns an error number on failure In other words, how inconsistent can an API be? Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-02 14:44:51 +02:00
Christian Brauner	be606e16fd	conf: use new mount api for devpts setup Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-02 14:44:45 +02:00
Petr Malat	72ddf4aa86	bpf: bpf_devices_cgroup_supported() should check if bpf() is available bpf_devices_cgroup_supported() tries to load a simple BPF program to test if BPF works. This is problematic because the function used to load the program - bpf_program_load_kernel() - emits an error to the log if BPF is not enabled in the kernel although device controller is not requested in the configuration. Users could interpret that as a problem. Make bpf_devices_cgroup_supported() check if the BPF syscall is available before calling bpf_program_load_kernel(). We can do it by passing a NULL pointer instead of the syscall argument as the kernel returns either ENOSYS, when the syscall is not implemented or EFAULT, when it is implemented. Signed-off-by: Petr Malat <oss@malat.biz>	2021-07-22 09:25:33 +02:00
Petr Malat	206128fc76	lxc_setup_ttys: Handle existing ttyN file without underlying device If a device file is opened and there isn't the underlying device, the open call fails with ENXIO, but the path can be opened with O_PATH, which is enough for mounting over the device file. Generalize this idea and use O_PATH for all cases when the file is there. One still must check for both ENXIO and EEXIST as it's unspecified what error is reported if multiple error conditions occur at the same time. Signed-off-by: Petr Malat <oss@malat.biz>	2021-07-22 09:25:30 +02:00
Stoiko Ivanov	5189fc4820	cgroups: remove unneeded variables from cgroup_tree_create Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>	2021-07-22 09:25:27 +02:00
Stoiko Ivanov	c62b32b0f2	cgroups: populate hierarchy for device cgroup With the changes introduced in: `b7b1e3a34c` the hierarchy-struct did not have the path_lim set anymore, which is needed by setup_limits_legacy (->cg_legacy_set_data->lxc_write_openat) to actually access the cgroup directory. The issue can be reproduced with a container config having ``` lxc.cgroup.devices.deny = a ``` (or any lxc.cgroup.devices entry) set on a system booted with systemd.unified_cgroup_hierarchy=0. This affects all privileged containers on PVE (due to the default devices.deny entry). Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>	2021-07-22 09:25:19 +02:00
Stéphane Graber	d867b94c22	Release LXC 4.0.10 Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>	2021-07-16 16:30:14 -04:00
Christian Brauner	cb6fd3e26d	terminal: fix error handling Fixes: `f382bcc6d8` ("terminal: log TIOCGPTPEER failure less alarmingly") Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-07-15 22:14:39 +02:00

... 3 4 5 6 7 ...

10680 Commits