mirror_lxc

mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-16 19:55:31 +00:00

Author	SHA1	Message	Date
Christian Brauner	87dcc8d414	conf: use explicit signage in bit field Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-05-28 12:48:34 +02:00
Christian Brauner	2765b5c442	conf: move file descriptor synchronization with parent into single function Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-05-28 12:48:33 +02:00
Christian Brauner	e8e538a54d	conf: move file descriptor synchronization with child into single function Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-05-28 12:48:32 +02:00
Christian Brauner	1c662b823f	cgroups: rework check whether legacy hierarchy is writable Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-05-28 12:48:31 +02:00
Christian Brauner	d4034c931f	conf: fix mount option parsing Fixes: Coverity 1484906 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-05-28 12:48:30 +02:00
Christian Brauner	08eab8c005	confile: free mount data Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-05-28 12:48:28 +02:00
Christian Brauner	ceb0675657	conf: add sequence when setting up idmapped mounts Make sure we catch any weird behavior. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-05-28 12:48:27 +02:00
Christian Brauner	bf310548a0	conf: support idmapped lxc.mount.entry entries Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-05-28 12:48:25 +02:00
Wei Mingzhi	80cb4de65e	Skip rootfs pinning for read-only file system. Signed-off-by: Wei Mingzhi <weimingzhi@baidu.com>	2021-05-28 12:48:22 +02:00
Christian Brauner	835721f9e5	conf: rename struct mount_opt flag member s/flag/legacy_flag/ Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-05-28 12:48:20 +02:00
Christian Brauner	407dcc8a15	tree-wide: s/parse_mntopts/parse_mntopts_legacy/ Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-05-28 12:48:16 +02:00
Christian Brauner	d64c225f26	start: move idmapped mount setup later At the prior location we we're placed between sending and receiving networking information over the data socket causing the startup to fail. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-05-17 11:05:40 +02:00
Christian Brauner	e9aab3d42d	conf: tweak rootfs handling Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-05-12 16:17:17 +02:00
Christian Brauner	a96aa89b08	conf: don't unmount procfs and sysfs Fixes: #3838 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-05-12 16:17:16 +02:00
Christian Brauner	3628ccc5f2	conf: allow xdev when setting up /dev Fixes: #3838 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-05-12 16:17:15 +02:00
Christian Brauner	f002379124	cgroups: clean up cgroup_ops on initialization error Fixes: #3836 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-05-12 16:17:12 +02:00
Christian Brauner	96c3018762	oss-fuzz: add basic cgroup_init()/cgroup_exit() fuzzing Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-05-11 09:07:10 +02:00
Stéphane Graber	f8764e8a67	Merge pull request #3835 from brauner/2021-05-10.fixes.apparmor.stable-4.0 confile: convert AppArmor and SELinux confile parsing from errors to …	2021-05-10 12:12:33 -04:00
Christian Brauner	05cd29daad	confile: convert AppArmor and SELinux confile parsing from errors to warnings Fixes: https://github.com/lxc/lxc/issues/3765#issuecomment-836792820 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-05-10 17:40:39 +02:00
Christian Brauner	aedfce1fc1	tests: fix lxc-test-arch-parse for make dist Fixes: https://jenkins.linuxcontainers.org/job/lxc-build-tarballs/2762/console Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-05-10 17:28:29 +02:00
Christian Brauner	7d24ac5a58	tests: add tests for supported architectures Ensure that we detect all supported architectures and don't regress recognizing them. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-05-10 13:02:43 +02:00
Christian Brauner	2acc916dd8	confile: re-add aarch64 architecture Apparenty we dropped this when we cleaned up architecture handling. Fixes: #3832 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-05-10 13:02:42 +02:00
Jeff Cook	4ab0047c8e	Reflow ZFS check to follow the style of the overlayfs return. Per https://github.com/lxc/lxc/pull/3831#discussion_r628865713 Signed-off-by: Jeff Cook <jeff@jeffcook.io>	2021-05-10 13:02:41 +02:00
Jeff Cook	4502dfce02	Skip rootfs pinning for ZFS roots. Signed-off-by: Jeff Cook <jeff@jeffcook.io>	2021-05-10 13:02:38 +02:00
Christian Brauner	eb438f1914	doc: document new idmap= option for lxc.rootfs.options Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-05-08 12:14:16 +02:00
Christian Brauner	91ad9b94bc	conf: handle kernels with CAP_SETFCAP LXC is being very clever and sometimes maps the caller's uid into the child userns. This means that the caller can technically write fscaps that are valid in the ancestor userns (which can be a security issue in some scenarios) so newer kernels require CAP_SETFCAP to do this. Until newuidmap/newgidmap are updated to account for this simply write the mapping directly in this case. Cc: stable-4.0 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-05-06 18:50:04 +02:00
Stéphane Graber	37485abd46	Release LXC 4.0.9 Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>	2021-05-04 12:56:15 -04:00
Christian Brauner	97d46fd372	attach: introduce explicit personality macro Introduce LXC_ATTACH_DETECT_PERSONALITY to make it explicit what is happening instead of using -1. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-05-04 17:43:52 +02:00
Christian Brauner	84fc7c27b7	conf: add personality_t Catch errors in personality handling better. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-05-04 17:43:50 +02:00
Christian Brauner	70cf146177	attach_options: unbreak header In a moment of idioticity I switch -1 with 0xffffffff in the header definition but we use -1 to autodetect. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-05-04 17:43:49 +02:00
Christian Brauner	2ce89d7ff1	conf: rework lxc_config_parse_arch() Fix architecture parsing. So far we couldn't really differ between "want default architecture" and "failed to parse requested architecture" because the -1 return value means both. Fix this by using the return value only to indicate success or failure and return the parsed personality in a return argument. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-05-04 17:43:48 +02:00
Christian Brauner	77f626c571	conf: tweak setup_personality() Use the dedicated LXC_ARCH_UNCHANGED macro everywhere instead of relying on -1 being correct. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-05-04 17:43:47 +02:00
Christian Brauner	5ae15884c9	tree-wide: make personality codepaths unconditional Now that we have the infra to make personality handling unconitional remove the ifndefs everywhere. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-05-04 17:43:46 +02:00
Christian Brauner	7389642a70	syscalls: wrap personality syscall if undefined There's no need to making personality handling conditional as it has been around for such a long time that only weird systems wouldn't have support for it. And especially if the user requested a specific personality to be set but the system doesn't support the personality syscall we should loudly fail instead of moving on. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-05-04 17:43:45 +02:00
Christian Brauner	9cc5d48b3f	commands: log at debug not info level when receiving file descriptors Don't spam the logs because we do receive a lot of file descriptors. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-05-04 17:43:43 +02:00
Christian Brauner	2c1754e3e3	confile: make per_name struct static Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-05-04 17:43:41 +02:00
Evgeny Vereshchagin	4056542b51	string_utils: get around GCC-11 false positives by getting rid of stpncpy Tested with gcc (GCC) 11.1.1 20210428 (Red Hat 11.1.1-1) Closes https://github.com/lxc/lxc/issues/3752 Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>	2021-05-04 17:43:40 +02:00
Evgeny Vereshchagin	15e2d139c7	github: also pass the j option to make Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>	2021-05-04 17:43:38 +02:00
Evgeny Vereshchagin	f0292a36f2	github: remove the dh-* packages We don't build any packages there so it seems we don't need those packages any more. Apart from that, it should make the script work on Ubuntu Hirsute where dh-systemd was merged into debhelper and is no longer available. Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>	2021-05-04 17:43:36 +02:00
Stéphane Graber	fb83151777	github: Run apt-get update in sanitizer test Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>	2021-05-04 17:43:35 +02:00
Aaron Thompson	bdd90796f8	conf: fix console chmod error log messages Signed-off-by: Aaron Thompson <dev@aaront.org>	2021-05-04 17:43:34 +02:00
Evgeny Vereshchagin	d3162efaa1	oss-fuzz: always turn off logging on OSS-Fuzz Apparently /proc/self/cmd can't be used (reliably) on OSS-Fuzz to figure out whether the code is run inside the fuzz targets, which causes the fuzz targets to fill the filesystem with log files. Related: https://github.com/google/oss-fuzz/issues/5509 Should address https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33835 Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>	2021-05-04 17:43:32 +02:00
Stéphane Graber	c53580ec51	Release LXC 4.0.8 Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>	2021-04-30 14:11:01 -04:00
Christian Brauner	9b30530b32	cgroups: fix fallback attach codepath When we attach to an old server the server can return ENOSYS instead of ENOCGROUP2 which causes LXC to abort the attach unnecessary. Fix this! Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-04-30 16:19:18 +02:00
Christian Brauner	88bc42b414	storage: fix dup_cloexec() call Fixes: Coverity 1477399 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-04-30 16:19:15 +02:00
Stéphane Graber	a751b90b17	Release LXC 4.0.7 Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>	2021-04-29 16:55:34 -04:00
Christian Brauner	eece538604	api-extensions: add entry for idmapped_mounts Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-04-29 15:59:19 +02:00
Christian Brauner	28602de3a8	storage/dir: cleanup mount code Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-04-29 15:59:18 +02:00
Christian Brauner	510026de9c	storage/dir: remove error handling down Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-04-29 15:59:17 +02:00
Christian Brauner	4a398f8c60	storage/dir: source can't be empty Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-04-29 15:59:16 +02:00

... 5 6 7 8 9 ...

10680 Commits