proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-13 22:12:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
10,959 Commits 6 Branches 17 Tags 29 MiB
2ec31bbde7
Commit Graph

10959 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Christian Brauner
8de0119d48
tree-wide: replace problematic terminology 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-06-14 17:25:39 +02:00
Christian Brauner
f48e807159
tree-wide: replace problematic terminology 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-06-14 17:21:44 +02:00
Christian Brauner
4f6c7312ef
tree-wide: remove problematic terminology 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-06-14 17:15:43 +02:00
Christian Brauner
1c01dc2c5e
seccomp: replace problematic terminology 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-06-14 17:14:26 +02:00
Christian Brauner
af6a5f3add
common.conf: replace problematic terminology 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-06-14 17:13:00 +02:00
Christian Brauner
a065524e28
Merge pull request #3865 from brauner/2021-06-14.listen_fds 
Add support for LISTEN_FDS environment variable.
 2021-06-14 13:29:20 +02:00
Ruben Jenster
46abf21981
Add support for LISTEN_FDS environment variable. 
The LISTEN_FDS environment variable defines the number of
file descriptors that should be inherited by the container,
in addition to stdio.
The LISTEN_FDS environment variable is defined in the OCI spec
and used to support socket activation.

Refs #3845

Signed-off-by: Ruben Jenster <r.jenster@drachenfels.de>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-06-14 11:58:24 +02:00
Christian Brauner
51bbca901b
Merge pull request #3864 from lifeng68/master 
string utils: Make sure don't return uninitialized memory.
 2021-06-14 11:34:14 +02:00
LiFeng
47f5be06a4 string utils: Make sure don't return uninitialized memory. 
The function lxc_string_split_quoted and lxc_string_split_and_trim use
realloc to reduce the memory. But the result may be NULL, the the
returned memory will be uninitialized

Signed-off-by: LiFeng <lifeng68@huawei.com>
 2021-06-12 14:56:04 +08:00
Stéphane Graber
a197d2fb5b
Merge pull request #3861 from brauner/2021-06-08.fixes.2 
api_extensions: introduce idmapped_mounts_v2 api extension
 2021-06-08 10:46:00 -04:00
Christian Brauner
3df13023b0
api_extensions: introduce idmapped_mounts_v2 api extension 
This indicates that LXC supports idmapping the rootfs and
idmapped lxc.mount.entry entries.

Link: https://github.com/lxc/lxd/issues/8870
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-06-08 15:59:13 +02:00
Stéphane Graber
2384faa223
Merge pull request #3860 from brauner/2021-06-08.fixes 
tools/lxc_autostart: fix failed count
 2021-06-08 09:21:35 -04:00
Christian Brauner
2f7828f699
tools/lxc_autostart: fix failed count 
Don't include skipped containers in the failed count.

Fixes: #3857
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-06-08 15:01:02 +02:00
Stéphane Graber
81ec0d7ebf
Merge pull request #3856 from brauner/2021-06-07.fixes 
lsm/apparmor: actually report an error when we fail to wire AppArmor …
 2021-06-07 10:31:32 -04:00
Christian Brauner
fd697cc0e9
lsm/apparmor: actually report an error when we fail to wire AppArmor profile 
Link: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1931064
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-06-07 15:38:10 +02:00
Stéphane Graber
4e92ee3b5d
Merge pull request #3854 from brauner/2021-06-03.fixes 
lxc: add lpthread to lxc.pc
 2021-06-03 11:21:35 -04:00
Christian Brauner
c2a7a6977b
lxc: add lpthread to lxc.pc 
Fixes: #3853
Suggested-by: Tycho Andersen <tycho@tycho.pizza>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-06-03 15:50:20 +02:00
Stéphane Graber
ca5843e1bc
Merge pull request #3852 from pablofsf/lxc-net-nftables 
Update lxc-net to support nftables
 2021-05-28 16:28:57 -04:00
Pablo Correa Gómez
7f4386f096
Update lxc-net to support nftables 
Closes #3093
Closes #3602

Add support for nftables firewall rules if `nft` command line
interface is available in the system

Signed-off-by: Pablo Correa Gómez <ablocorrea@hotmail.com>
 2021-05-28 14:33:23 +02:00
Stéphane Graber
6805cc3666
Merge pull request #3851 from brauner/2021-05-25.fixes 
fixes
 2021-05-25 09:56:43 -04:00
Christian Brauner
4db0514d56
network: please broken compilers 
Some users report that compilation fails because of reports that this
variable can be used uninitialized. Initialize it to silence the
compiler.

Fixes: https://github.com/lxc/lxc/issues/3850
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-25 14:24:01 +02:00
Christian Brauner
f07ba4f991
Merge pull request #3849 from stgraber/master 
README: Update IRC
 2021-05-25 09:01:34 +02:00
Stéphane Graber
c49b9f61b2
README: Update IRC 
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
 2021-05-24 12:13:20 -04:00
Stéphane Graber
90bb9fb2ab
Merge pull request #3848 from brauner/2021-05-21.fixes 
start: rework fd synchronization
 2021-05-21 12:25:56 -04:00
Christian Brauner
6bc4165d3c
start: simplify startup synchronization 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-21 17:58:01 +02:00
Christian Brauner
8945dad0dd
start: reorder START_SYNC_POST_CONFIGURE 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-21 17:27:58 +02:00
Christian Brauner
46a3bf0778
start: use barrier instead of wake/wait pair 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-21 17:27:58 +02:00
Christian Brauner
2df612d422
conf: use explicit signage in bit field 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-21 17:27:58 +02:00
Christian Brauner
111ed96e9c
conf: move file descriptor synchronization with parent into single function 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-21 17:27:58 +02:00
Christian Brauner
493ae3fe7e
conf: move file descriptor synchronization with child into single function 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-21 17:27:58 +02:00
Christian Brauner
98db769c83
cgroups: rework check whether legacy hierarchy is writable 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-21 17:27:58 +02:00
Stéphane Graber
ddd51bd187
Merge pull request #3846 from brauner/2021-05-19.fixes 
conf: fix mount option parsing
 2021-05-19 14:09:14 -04:00
Christian Brauner
380fcc0863
conf: fix mount option parsing 
Fixes: Coverity 1484906
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-19 17:38:20 +02:00
Stéphane Graber
e2e70bd5a2
Merge pull request #3843 from brauner/2021-05-17.idmapped.lxc.mount.entry 
conf: support idmapped lxc.mount.entry entries
 2021-05-19 09:55:26 -04:00
Christian Brauner
df5e747dc9
confile: free mount data 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-19 14:21:52 +02:00
Christian Brauner
5a782dca99
conf: add sequence when setting up idmapped mounts 
Make sure we catch any weird behavior.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-19 14:21:52 +02:00
Christian Brauner
1b82d72144
conf: support idmapped lxc.mount.entry entries 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-19 14:21:51 +02:00
Christian Brauner
966dad2494
Merge pull request #3844 from CecilHarvey/master 
Skip rootfs pinning for read-only file system.
 2021-05-18 21:37:14 +02:00
Wei Mingzhi
e859a5ee2c Skip rootfs pinning for read-only file system. 
Signed-off-by: Wei Mingzhi <weimingzhi@baidu.com>
 2021-05-18 20:37:52 +08:00
Christian Brauner
1e4bce2c14
conf: rename struct mount_opt flag member s/flag/legacy_flag/ 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-17 12:44:20 +02:00
Christian Brauner
d94eb39059
tree-wide: s/parse_mntopts/parse_mntopts_legacy/ 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-17 12:40:08 +02:00
Stéphane Graber
73936a0d5c
Merge pull request #3842 from brauner/2021-05-14.fixes 
start: move idmapped mount setup later
 2021-05-14 13:49:18 -04:00
Christian Brauner
e4564b7ef9
start: move idmapped mount setup later 
At the prior location we we're placed between sending and receiving
networking information over the data socket causing the startup to fail.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-14 19:00:14 +02:00
Stéphane Graber
5b70f02efc
Merge pull request #3840 from brauner/2021-05-12.fixes.rootfs 
conf: fix containers without rootfs
 2021-05-12 09:03:33 -04:00
Christian Brauner
c119f0185b
conf: tweak rootfs handling 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-12 10:23:55 +02:00
Christian Brauner
f6c5aab0c0
conf: don't unmount procfs and sysfs 
Fixes: #3838
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-12 10:23:51 +02:00
Christian Brauner
89606dfb31
conf: allow xdev when setting up /dev 
Fixes: #3838
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-12 10:23:14 +02:00
Stéphane Graber
3bd21f4e39
Merge pull request #3837 from brauner/2021-05-10.fixes.cgroup 
cgroups: clean up cgroup_ops on initialization error
 2021-05-11 08:51:27 -04:00
Christian Brauner
e3d78fdc8c
cgroups: clean up cgroup_ops on initialization error 
Fixes: #3836
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-11 09:05:03 +02:00
Stéphane Graber
fb6991e5e7
Merge pull request #3826 from brauner/2021-05-04.fuzz.cgroup 
oss-fuzz: add basic cgroup_init()/cgroup_exit() fuzzing
 2021-05-10 12:12:56 -04:00