proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-14 01:12:16 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
8,554 Commits 6 Branches 17 Tags 29 MiB
2fea2116c9
Commit Graph

8554 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Christian Brauner
2fea2116c9
Merge pull request #3050 from hallyn/pkgconfig 
lxc.pc.in: add libs.private for static linking
 2019-06-18 21:09:28 +02:00
Serge Hallyn
a65cce2f9d lxc.pc.in: add libs.private for static linking 
None of them seem to support pkg-config themselves, else we could add
them to Requires.private.

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
 2019-06-18 13:13:34 -05:00
Christian Brauner
52ac245b52
Merge pull request #3047 from Rachid-Koucha/patch-11 
Fixed file descriptor leak for network namespace
 2019-06-16 04:11:35 +02:00
Rachid Koucha
aa0c0e7b8a
Fixed file descriptor leak for network namespace 
In privileged mode, the container startup looses a file descriptor for "handler->nsfd[LX_NS_NET]". At line 1782, we preserve the namespaces file descriptor (in privileged mode, the network namespace is also preserved) :
	for (i = 0; i < LXC_NS_MAX; i++)
		if (handler->ns_on_clone_flags & ns_info[i].clone_flag)
			INFO("Cloned %s", ns_info[i].flag_name);

	if (!lxc_try_preserve_namespaces(handler, handler->ns_on_clone_flags, handler->pid)) {
		ERROR("Failed to preserve cloned namespaces for lxc.hook.stop");
		goto out_delete_net;
	}

Then at line 1830, we preserve one more time the network namespace :
		ret = lxc_try_preserve_ns(handler->pid, "net");
		if (ret < 0) {
			if (ret != -EOPNOTSUPP) {
				SYSERROR("Failed to preserve net namespace");
				goto out_delete_net;
			}
The latter overwrites the file descriptor already stored in handler->nsfd[LXC_NS_NET] at line 1786.

So, this fix checks that the entry is not already filled.

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>
 2019-06-15 15:17:50 +02:00
Serge Hallyn
3d43f6113b
Merge pull request #3045 from hallyn/2019-06-13/openssl 
[RFC\ Switch from gnutls to openssl for sha1
 2019-06-14 23:00:48 -05:00
Stéphane Graber
bd6c1ff60b
Merge pull request #3046 from brauner/lxc/master 
network: fix lxc_netdev_rename_by_index()
 2019-06-14 07:48:31 -04:00
Christian Brauner
90d79629cb
network: fix lxc_netdev_rename_by_index() 
Return an error code when the name is invalid instead of pretending that things
are fine.

Closes #3044.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-06-14 12:39:20 +02:00
Serge Hallyn
fa2bb6ba53 Switch from gnutls to openssl for sha1 
The reason for this is because openssl can be statically linked
against, gnutls cannot.

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
 2019-06-13 22:19:27 -05:00
Christian Brauner
f00010ff82
Merge pull request #3042 from tenforward/japanese 
doc: add a note about shared ns + LSMs to Japanese doc
 2019-06-13 14:10:00 +02:00
KATOH Yasufumi
3c452dec31 doc: add a note about shared ns + LSMs to Japanese doc 
Update for commit 8de9038436

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
 2019-06-13 21:05:24 +09:00
Stéphane Graber
23b50e75af
Merge pull request #3041 from brauner/2019-06-12/seccomp_notify_fixes 
seccomp: do not set SECCOMP_FILTER_FLAG_NEW_LISTENER
 2019-06-12 08:18:24 -04:00
Christian Brauner
2959742385
Merge pull request #3040 from Rachid-Koucha/patch-11 
Centralize hook names
 2019-06-12 14:15:39 +02:00
Christian Brauner
f73adb35fb
seccomp: do not set SECCOMP_FILTER_FLAG_NEW_LISTENER 
Do not set SECCOMP_FILTER_FLAG_NEW_LISTENER as seccomp attribute.
Prior to libseccomp merging support for SECCOMP_RET_USER_NOTIF there was a
libseccomp specific attribute that needed to be set before
SECCOMP_RET_USER_NOTIF could be used. This has been removed.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-06-12 13:42:25 +02:00
Rachid Koucha
3ea957c616
Centralize hook names 
The hook string names must not be repeated in the source code to facilitate future changes

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>
 2019-06-12 08:36:40 +02:00
Stéphane Graber
16512e0c36
Merge pull request #3039 from brauner/master 
seccomp: add ifdefine for SECCOMP_FILTER_FLAG_NEW_LISTENER
 2019-06-11 18:11:32 -04:00
Christian Brauner
fe02f63c08
seccomp: add ifdefine for SECCOMP_FILTER_FLAG_NEW_LISTENER 
So that we can deal with older kernels.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-06-12 00:02:49 +02:00
Stéphane Graber
b322965e7e
Merge pull request #3038 from brauner/master 
seccomp: s/SCMP_FLTATR_NEW_LISTENER/SECCOMP_FILTER_FLAG_NEW_LISTENER/g
 2019-06-11 17:53:05 -04:00
Christian Brauner
2e5bcac329
seccomp: s/SCMP_FLTATR_NEW_LISTENER/SECCOMP_FILTER_FLAG_NEW_LISTENER/g 
Align with upstream libseccomp.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-06-11 23:51:34 +02:00
Stéphane Graber
76b65b40c2
Merge pull request #3037 from brauner/master 
seccomp: align with upstream libseccomp
 2019-06-11 17:43:10 -04:00
Christian Brauner
d7d2d2d9a5
seccomp: s/HAVE_DECL_SECCOMP_NOTIF_GET_FD/HAVE_DECL_SECCOMP_NOTIFY_FD/g 
Align with upstream libseccomp.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-06-11 23:36:56 +02:00
Christian Brauner
9965620643
seccomp: /sseccomp_notif_free/seccomp_notify_free/g 
Align with upstream libseccomp.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-06-11 23:34:33 +02:00
Christian Brauner
1f51fc702b
seccomp: s/seccomp_notif_alloc/seccomp_notify_alloc/g 
Align with upstream libseccomp.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-06-11 23:33:22 +02:00
Christian Brauner
72b101aedf
seccomp: s/seccomp_notif_id_valid/seccomp_notify_id_valid/g 
Align with upstream libseccomp.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-06-11 23:32:19 +02:00
Christian Brauner
3c216fe27b
seccomp: s/seccomp_notif_send_resp/seccomp_notify_respond/g 
Align with upstream libseccomp.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-06-11 23:31:12 +02:00
Christian Brauner
e3998402d6
seccomp: s/seccomp_notif_receive/seccomp_notify_receive/g 
Align with upstream libseccomp.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-06-11 23:29:39 +02:00
Christian Brauner
da9c8317e8
seccomp: s/seccomp_notif_get_fd/seccomp_notify_fd/g 
Align with upstream libseccomp.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-06-11 23:27:33 +02:00
Christian Brauner
02ca9d758e
seccomp: s/SCMP_ACT_USER_NOTIF/SCMP_ACT_NOTIFY/g 
Align with upstream libseccomp.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-06-11 23:25:44 +02:00
Christian Brauner
e9ab177d3f
Merge pull request #3032 from promlow/lxcbasename_fix 
proposed fix for #2892 - fix lxcbasename in lxc/lxccontainer.c
 2019-06-07 02:35:39 +02:00
Stéphane Graber
20a64b0b0d
Merge pull request #3034 from brauner/2019-06-05/boot_id 
start: generate new boot id on container start
 2019-06-06 12:57:11 +02:00
Christian Brauner
2050265234
start: generate new boot id on container start 
Closes #3027.

BugLink: https://bugs.launchpad.net/bugs/1831258
Cc: Dimitri John Ledkov <xnox@ubuntu.com>
Cc: Scott Moser <smoser@ubuntu.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-06-06 01:20:37 +02:00
Paul Romlow
85e02f5600 proposed fix for #2892 - fix lxcbasename in lxc/lxccontainer.c 
Signed-off-by: Paul Romlow <paul@romlow.com>
 2019-06-05 13:28:21 -05:00
Stéphane Graber
1d51e3de49
Merge pull request #3029 from brauner/2019-06-05/fix_offline_cpus 
cgroups: prevent segfault
 2019-06-05 13:09:42 +02:00
Christian Brauner
8e75ed57cc
Merge pull request #3031 from Rachid-Koucha/patch-11 
Make /tmp accessible to any user
 2019-06-05 13:08:39 +02:00
Rachid Koucha
a725bbc4b7
Make /tmp accessible to any user 
/tmp created with "rwxrwxrwt" mode

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>
 2019-06-05 13:04:11 +02:00
Christian Brauner
dcd14a3db6
cgroups: prevent segfault 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-06-05 09:31:17 +02:00
Christian Brauner
fa0330c9c0
Merge pull request #3028 from lifeng68/fix_memory_leak 
start: fix handler memory leak at lxc_init failed
 2019-06-05 06:56:17 +02:00
LiFeng
39cb2d9ee8 start: fix handler memory leak at lxc_init failed 
Signed-off-by: LiFeng <lifeng68@huawei.com>
 2019-06-05 00:44:17 -04:00
Christian Brauner
c86d12141a
Merge pull request #3026 from xmcqueen/master 
lxc_usernsexec: continuing after unshare fails leads to confusing and…
 2019-06-04 16:11:42 +02:00
Brian McQueen
dfe4a687a2 lxc_usernsexec: continuing after unshare fails leads to confusing and misleading error messages 
Signed-off-by: Brian McQueen <bmcqueen@linkedin.com>
 2019-06-04 06:46:37 -07:00
Stéphane Graber
94d3c14dd7
Merge pull request #3014 from brauner/2019-05-24/cgroups_handle_offline_cpus 
cgroups: handle offline cpus in v1 hierarchy
 2019-06-04 13:52:07 +02:00
Christian Brauner
1eaa8c428a
Merge pull request #3024 from avkvl/fix_groups_with_a_lot_of_members 
lxc-user-net: Failed to convert string " Failed to get group name" to integer
 2019-06-04 10:49:57 +02:00
Alexander Kriventsov
b9f80409d7 getgrgid_r fails with ERANGE if buffer is too small. Retry with a larger buffer. 
Signed-off-by: Alexander Kriventsov <akriventsov@nic.ru>
 2019-06-03 18:11:56 +03:00
Christian Brauner
3e8a11cb1c
Merge pull request #3018 from tych0/comment-stack-size 
lxc_clone: add a comment about stack size
 2019-05-29 17:38:23 +02:00
Tycho Andersen
edb808d130 lxc_clone: add a comment about stack size 
Signed-off-by: Tycho Andersen <tycho@tycho.ws>
 2019-05-29 09:36:51 -06:00
Christian Brauner
18a405ee88
Merge pull request #2987 from tych0/pass-zero-to-clone 
Pass zero to clone
 2019-05-29 17:14:00 +02:00
Tycho Andersen
3df90604ec lxc_clone: bump stack size to 8MB 
This is the default thread size for glibc, so it is reasonable to match
that when we clone().

Mostly this is a science experiment suggested by brauner, and who doesn't
love science?

Signed-off-by: Tycho Andersen <tycho@tycho.ws>
 2019-05-29 08:47:35 -06:00
Christian Brauner
0cfec4f757
Merge pull request #3015 from avkvl/issue-2765 
fix issue 2765
 2019-05-28 16:45:36 +02:00
Alexander Kriventsov
d871a9f1e5 fix issue 2765 
Signed-off-by: Alexander Kriventsov <akriventsov@nic.ru>
 2019-05-28 16:21:22 +03:00
Christian Brauner
36f7018103
cgroups: handle offline cpus in v1 hierarchy 
Handle offline cpus in v1 hierarchy.

In addition to isolated cpus we also need to account for offline cpus when our
ancestor cgroup is the root cgroup and we have not been initialized yet.

Closes #2953.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-05-24 15:59:57 +02:00
Stéphane Graber
c54cf53fad
Merge pull request #3011 from brauner/2019-05-21/android_the_bane_of_my_existence 
configure: remove additional comma
 2019-05-21 10:15:08 -04:00