mirror_lxc

mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-12 08:01:33 +00:00

Author	SHA1	Message	Date
Christian Brauner	0069cc619e	cgroups: cgfsng_get: handle unified hierarchy Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-01-31 16:41:53 +01:00
Christian Brauner	c2aed66d0f	cgroups: cgfsng_attach: handle unified hierarchy Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-01-31 16:39:57 +01:00
Christian Brauner	0c3deb94f4	cgroups: cgfsng_create: handle unified hierarchy Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-01-31 16:35:31 +01:00
Christian Brauner	d6337a5f9d	cgroups: get controllers on the unified hierarchy Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-01-31 16:30:53 +01:00
Stéphane Graber	2ddc66536b	Merge pull request #2116 from brauner/2018-01-29/legacy_network_fixes confile_legacy: fix legacy network parser	2018-01-29 20:06:50 -05:00
Christian Brauner	70a82405f4	confile_legacy: fix legacy network parser Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-01-30 01:00:21 +01:00
Serge Hallyn	26f0e9151a	Merge pull request #2102 from brauner/2018-01-22/lsm_simplifications lsm: simplifcations	2018-01-29 17:08:38 -06:00
Christian Brauner	817a0e46b6	tools: make "-n" optional This lets users use the tools with "lxc-* -n <container-name>" or "lxc-* <container-name>". Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-01-27 16:09:46 +01:00
Christian Brauner	cf73b78c0c	Merge pull request #2113 from marcosps/seccomp_return seccomp.c: Use return instead of attribution and return	2018-01-27 15:50:13 +01:00
Marcos Paulo de Souza	29cb26174d	seccomp.c: Use return instead of attribution and return Signed-off-by: Marcos Paulo de Souza <marcos.souza.org@gmail.com>	2018-01-27 11:13:20 -02:00
Christian Brauner	8f57ca64fb	Merge pull request #2112 from stgraber/master debian: Use iproute2 instead of iproute	2018-01-27 12:31:50 +01:00
Stéphane Graber	8926686153	debian: Use iproute2 instead of iproute The package has pretty much always been iproute2 with iproute being an alias for it, the alias is now gone so we need to use iproute2. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>	2018-01-27 00:33:12 -05:00
Christian Brauner	0cea297717	Merge pull request #2111 from tych0/unpriv-fixups Unpriv fixups	2018-01-26 23:39:29 +01:00
Tycho Andersen	5384e99dee	rename am_unpriv to am_host_unpriv Signed-off-by: Tycho Andersen <tycho@tycho.ws>	2018-01-26 22:11:50 +00:00
Tycho Andersen	4692c01af2	better unprivileged detection In particular, if we are already in a user namespace we are unprivileged, and doing things like moving the physical nics back to the host netns won't work. Let's do the same thing LXD does if euid == 0: inspect /proc/self/uid_map and see what that says. Signed-off-by: Tycho Andersen <tycho@tycho.ws>	2018-01-26 22:11:50 +00:00
Tycho Andersen	9650c735c7	better check for lock dir Consider the case where we're running in a user namespace but in the host's mount ns with the host's filesystem (something like lxc-usernsexec ... lxc-execute ...), in this case, we'll be euid 0, but we can't actually write to /run. Let's improve this locking check to make sure we can actually write to /run before we decide to actually use it as our locking dir. Signed-off-by: Tycho Andersen <tycho@tycho.ws>	2018-01-26 21:28:28 +00:00
Christian Brauner	3fdb1cf431	Merge pull request #2109 from duguhaotian/new [cgfsng] show wrong errno	2018-01-26 14:54:35 +01:00
duguhaotian	d1953b26c8	[cgfsng] show wrong errno lxc_cgroup_set_data: h = get_hierarchy(controller); if h is NULL, now errno is old, it donot set new one. And then, cgfsng_setup_limits: if (lxc_cgroup_set_data(cg->subsystem, cg->value, d)) { if (do_devices && (errno == EACCES \|\| errno == EPERM)) { WARN("Error setting %s to %s for %s", cg->subsystem, cg->value, d->name); continue; } SYSERROR("Error setting %s to %s for %s", cg->subsystem, cg->value, d->name); goto out; } SYSERROR will show old errno, make me confused. Signed-off-by: duguhaotian <duguhaotian@gmail.com>	2018-01-26 21:07:58 +08:00
Stéphane Graber	f1289f48d6	Merge pull request #2099 from brauner/2018-01-20/attach_init_pty bugfixes	2018-01-24 22:24:46 +02:00
Christian Brauner	b28e282611	Merge pull request #2103 from marcosps/forward_not_used network.c: Remove ip_forward_set and callers	2018-01-23 11:31:53 +01:00
Marcos Paulo de Souza	c0a6d713b2	network.c: Remove ip_forward_set and callers The last user of ip_forward_set, lxc_ip_forward_on and lxc_ip_forward_off was in 2009: commit `92d385229b` Author: Daniel Lezcano <dlezcano@fr.ibm.com> Date: Thu Oct 22 15:33:40 2009 +0200 remove test directory These functions are not called anymore. Signed-off-by: Marcos Paulo de Souza <marcos.souza.org@gmail.com>	2018-01-22 22:04:03 -02:00
Christian Brauner	05f0f93a93	autotools: do not link against libapparmor Since we write the label directly without going through the AppArmor API it doesn't make sense to link against it. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-01-22 12:14:21 +01:00
Christian Brauner	5288a74faa	apparmor: do not call aa_change_profile() We can simply write the label ourselves. There's no magic happening. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-01-22 12:14:14 +01:00
Christian Brauner	d3ba7c9872	lsm: add lsm_process_label_set_at() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-01-22 11:54:21 +01:00
Christian Brauner	47ce2cb727	lsm: add lsm_process_label_fd_get() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-01-22 10:54:38 +01:00
Christian Brauner	e6e899749a	lsm: non-functional changes Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-01-22 10:54:01 +01:00
Christian Brauner	f947066a5a	Merge pull request #2092 from lifeng68/modify_console_create Create console when the rootfs is NULL	2018-01-22 10:40:15 +01:00
LiFeng	86530b0ae1	Fix comments and add check in lxc_poll. Add check whether handler->conf->console.path is 'none' Signed-off-by: LiFeng <lifeng68@huawei.com>	2018-01-22 06:29:34 -05:00
Christian Brauner	a346335eb9	Merge pull request #2100 from lifeng68/Modify_git_ignore Modify .gitignore	2018-01-22 10:14:13 +01:00
LiFeng	adf077a360	Modify .gitignore Add: src/tests/lxc-test-api-reboot src/tests/lxc-test-criu-check-feature src/tests/lxc-test-raw-clone src/tests/lxc-test-share-ns src/tests/lxc-test-state-server Signed-off-by: LiFeng <lifeng68@huawei.com>	2018-01-22 07:50:45 -05:00
Christian Brauner	13f9b45f6c	Merge pull request #2101 from tenforward/japanese doc: Update Japanese lxc-attach(1) and lxc.container.conf(5)	2018-01-22 10:13:55 +01:00
KATOH Yasufumi	fb736bbe28	doc: Update Japanese lxc-attach(1) and lxc.container.conf(5) * Update for commit `ba2be1a` (attach: move pty allocation into api) * Update for commit `5757588` (manpage: correct lxc.log.file conf option) Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>	2018-01-22 14:47:48 +09:00
Christian Brauner	1cce35e649	attach: non-functional changes Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-01-21 15:23:20 +01:00
Christian Brauner	bb2ada6f4d	attach: setup /proc limits Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-01-21 15:20:19 +01:00
Christian Brauner	42b09f9429	start: fix mainloop cleanup goto statements Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-01-21 13:55:42 +01:00
Christian Brauner	d7af33e24e	coverity: #1426694 remove logically dead code Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-01-21 01:54:29 +01:00
Christian Brauner	c8dcf77824	coverity: #1426734 do not call close on bad fd Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-01-21 01:54:29 +01:00
Christian Brauner	a49cad59f8	coverity: #1427190 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-01-20 21:41:18 +01:00
Christian Brauner	2388737b2a	coverity: #1427191 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-01-20 21:41:06 +01:00
Christian Brauner	b21da190ec	coverity: #1427638 avoid (however unlikely) double free Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-01-20 21:35:35 +01:00
Christian Brauner	358b8c818b	coverity: #1427639 remove logically dead code Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-01-20 21:30:17 +01:00
Christian Brauner	4d078b3c25	coverity: #1427668 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-01-20 21:26:33 +01:00
Christian Brauner	0072887d77	tools: fix android Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-01-20 21:21:41 +01:00
Christian Brauner	ce4a1a11c9	tools: non-functional changes Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-01-20 21:21:40 +01:00
Christian Brauner	c948657b04	attach: init struct Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-01-20 21:21:38 +01:00
Christian Brauner	95220ee6e0	Merge pull request #2097 from mikemccracken/2018-01-19/report-storage-destroy storage: treat return value from ops->destroy as int	2018-01-20 06:27:36 +01:00
Christian Brauner	e6dba51290	Merge pull request #2096 from mikemccracken/patch-1 manpage: correct lxc.log.file conf option	2018-01-20 00:42:16 +01:00
Christian Brauner	7c76f49546	Merge pull request #2095 from tych0/remove-lxc-init unlink lxc-init	2018-01-19 18:49:21 +01:00
Michael McCracken	ed05aac829	storage: treat return value from ops->destroy as int r->ops->destroy() returns an int, -1 on error. When assigned to a bool, this becomes true and hides errors. Signed-off-by: Michael McCracken <mikmccra@cisco.com>	2018-01-19 08:44:04 -08:00
Tycho Andersen	58fb9c8efe	unlink lxc-init It's sort of an implementation detail that this exists at all, and we should probably not pollute the container's mount tables or FS with this. Signed-off-by: Tycho Andersen <tycho@tycho.ws>	2018-01-19 16:43:38 +00:00

1 2 3 4 5 ...

6355 Commits