mirror_lxc

mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-18 07:39:00 +00:00

Author	SHA1	Message	Date
Stéphane Graber	46fd283b50	Merge pull request #3530 from brauner/2020-08-25/fixes cgroups: fix armhf builds	2020-08-25 08:45:14 -04:00
Christian Brauner	00f848f31a	Merge pull request #3529 from pranaysrivastava/fixup_rootfs_detection Check only rootfs as filesystem type	2020-08-25 12:30:37 +02:00
Christian Brauner	9fd047d158	cgroups: fix armhf builds Link: https://launchpadlibrarian.net/494473462/buildlog_ubuntu-groovy-armhf.lxc_1%3A4.0.4-0ubuntu2_BUILDING.txt.gz Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2020-08-25 12:27:10 +02:00
Pranay Kr. Srivastava	97edebfacd	Check only rootfs as filesystem type When detecting if rootfs is on ramfs instead of checking "- rootfs rootfs" which is the " - <file_system> <device>" information only check the file system type. This is due to a change introduced in kernel where ramfs file system doesn't set the device to "rootfs" but instead mark it as "none". By making sure we only check for "rootfs" as the file system name we also offer backward compatibility with earlier kernels as well. The kernel commit that introduced this change was commit f32356261d44d580649a7abce1156d15d49cf20f Author: David Howells <dhowells@redhat.com> Date: Mon Mar 25 16:38:31 2019 +0000 vfs: Convert ramfs, shmem, tmpfs, devtmpfs, rootfs to use the new mount API Signed-off-by: Pranay Kr. Srivastava <pranay.srivastava@pantacor.com>	2020-08-24 13:40:15 +05:30
Stéphane Graber	c22a1a4a52	Merge pull request #3528 from graysky2/master remove deprecated options in lxc.service fixes #3527	2020-08-21 12:10:50 -04:00
Stéphane Graber	256928ac60	Merge pull request #3526 from brauner/2020-08-21/fixes cgfsng: fix cgroup attach cgroup creation	2020-08-21 12:10:29 -04:00
graysky	0c4cd88d4a	remove deprecated options in lxc.service fixes #3527 Signed-off-by: graysky <graysky@archlinux.us>	2020-08-21 06:33:49 -04:00
Christian Brauner	c80c9a70bc	cgfsng: fix cgroup attach cgroup creation [01m[Kcgroups/cgfsng.c:[m[K In function ‘[01m[Kcgroup_attach_leaf.constprop[m[K’: [01m[Kcgroups/cgfsng.c:2221:10:[m[K [01;31m[Kerror: [m[Kwriting 1 byte into a region of size 0 [[01;31m[K-Werror=stringop-overflow=[m[K] 2221 \| [01;31m[Kslash = '\0'[m[K; \| [01;31m[K~~~~~~~^~~~~~[m[K [01m[Kcgroups/cgfsng.c:2213:8:[m[K [01;36m[Knote: [m[Kat offset -13 to object ‘[01m[Kattach_cgroup[m[K’ with size 23 declared here 2213 \| char [01;36m[Kattach_cgroup[m[K[STRLITERALLEN(".lxc-1000/cgroup.procs") + 1]; \| [01;36m[K^~~~~~~~~~~~~[m[K [01m[Kcgroups/cgfsng.c:2229:10:[m[K [01;31m[Kerror: [m[Kwriting 1 byte into a region of size 0 [[01;31m[K-Werror=stringop-overflow=[m[K] 2229 \| [01;31m[Kslash = '/'[m[K; \| [01;31m[K~~~~~~~^~~~~[m[K [01m[Kcgroups/cgfsng.c:2213:8:[m[K [01;36m[Knote: [m[Kat offset -13 to object ‘[01m[Kattach_cgroup[m[K’ with size 23 declared here 2213 \| char [01;36m[Kattach_cgroup[m[K[STRLITERALLEN(".lxc-1000/cgroup.procs") + 1]; \| [01;36m[K^~~~~~~~~~~~~[m[K [01m[Kcgroups/cgfsng.c:2229:10:[m[K [01;31m[Kerror: [m[Kwriting 1 byte into a region of size 0 [[01;31m[K-Werror=stringop-overflow=[m[K] 2229 \| [01;31m[K*slash = '/'[m[K; \| [01;31m[K~~~~~~~^~~~~[m[K [01m[Kcgroups/cgfsng.c:2213:8:[m[K [01;36m[Knote: [m[Kat offset -13 to object ‘[01m[Kattach_cgroup[m[K’ with size 23 declared here 2213 \| char [01;36m[Kattach_cgroup[m[K[STRLITERALLEN(".lxc-1000/cgroup.procs") + 1]; \| [01;36m[K^~~~~~~~~~~~~[m[K Link: https://launchpadlibrarian.net/494354168/buildlog_ubuntu-groovy-armhf.lxc_1%3A4.0.4-0ubuntu1_BUILDING.txt.gz Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2020-08-21 10:32:03 +02:00
Stéphane Graber	9d3b7c97f0	Merge pull request #3522 from avr1254/master Updated documentation to reflect lack of support for pure cgroupv2	2020-08-17 00:04:30 -04:00
Arjun Ramachandrula	b87ed83bbc	Updated documentation to reflect lack of support for pure cgroupv2 Signed-off-by: Arjun Ramachandrula <arjun.ramachandrula@gmail.com>	2020-08-15 16:16:03 -04:00
Stéphane Graber	76a59906e8	Merge pull request #3518 from brauner/2020-08-12/fixes lsm: remove the need for atomic operations	2020-08-12 17:31:08 -04:00
Christian Brauner	af04d84752	lsm: remove the need for atomic operations Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2020-08-12 22:42:40 +02:00
Stéphane Graber	b799325655	Merge pull request #3517 from brauner/2020-08-10/fixes_2 lsm: rewrite	2020-08-11 08:28:19 -04:00
Christian Brauner	3bb6ff017b	lsm: use atomic in ase we're used multi-threaded Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2020-08-11 10:32:01 +02:00
Christian Brauner	d701d729f6	lsm: rework lsm handling Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2020-08-11 09:41:27 +02:00
Stéphane Graber	d333aeb4fe	Merge pull request #3514 from brauner/2020-08-10/fixes conf: terminal and /dev hardening	2020-08-10 14:41:00 -04:00
Christian Brauner	8ea93a0fa7	terminal: harden terminal allocation Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2020-08-10 16:05:14 +02:00
Christian Brauner	953db219da	conf: move /dev setup to be file descriptor based Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2020-08-10 11:01:42 +02:00
Stéphane Graber	567104e59e	Merge pull request #3513 from brauner/2020-08-09/openat2 openat2() and safe mounting	2020-08-09 22:39:45 -04:00
Christian Brauner	d43d5191b5	conf: harden lxc_fill_autodev() via save_mount_beneath_at() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2020-08-09 19:52:33 +02:00
Christian Brauner	6f61472bea	file_utils: add exists_dir_at() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2020-08-09 19:52:32 +02:00
Christian Brauner	ae9215cfc0	conf: make use of stashed container mountpoint fd in mount_autodev() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2020-08-09 19:52:32 +02:00
Christian Brauner	31f8b2fd47	conf: stash file descriptor to root mountpoint in struct lxc_rootfs This way we only need to open it _once_ per container startup. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2020-08-09 19:52:31 +02:00
Christian Brauner	43535b6d26	utils: introduce safe_mount_beneath_at() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2020-08-09 19:52:31 +02:00
Christian Brauner	8b1f4dd9b3	cgfsng: use safe_mount_beneath() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2020-08-09 19:52:31 +02:00
Christian Brauner	ee8eeba881	conf: switch mount_autodev() to new safe_mount_beneath() helper Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2020-08-09 19:52:30 +02:00
Christian Brauner	65f0afdee2	utils: add safe_mount_beneath() based on openat2() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2020-08-09 19:52:30 +02:00
Christian Brauner	2b0c810617	syscalls: add openat2() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2020-08-09 19:52:30 +02:00
Christian Brauner	da0fdceb6d	Merge pull request #3512 from stgraber/master lxc-download fixes	2020-08-07 21:40:56 +02:00
Stéphane Graber	e14546e377	lxc-download: Fix retry loop Closes #3511 Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>	2020-08-07 15:10:25 -04:00
Stéphane Graber	459fef2680	Revert "templates/lxc-download.in: use GPG option --receive-keys instead of --recv-keys" This reverts commit `409040e702`. Testing of both options show identical behavior but receive-keys does not exist on older releases, so let's revert this. Closes #3510 Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>	2020-08-07 15:09:01 -04:00
Stéphane Graber	dc9074bb79	Merge pull request #3509 from brauner/2020-08-06/fixes api-extension: add missing seccomp_proxy_send_notify_fd extension	2020-08-06 11:51:32 -04:00
Christian Brauner	0dd2e321c2	api-extension: add missing seccomp_proxy_send_notify_fd extension Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2020-08-06 17:33:09 +02:00
Stéphane Graber	2a35d949b8	Merge pull request #3508 from brauner/2020-08-06/fixes seccomp: add seccomp_notify_fd_active api extension	2020-08-06 09:27:31 -04:00
Christian Brauner	ec49d30f57	seccomp: send notify fd as part of the message Since we haven't made this official api yet: YOLO Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2020-08-06 15:09:12 +02:00
Christian Brauner	2140576960	seccomp: add seccomp_notify_fd_active api extension which allows to retrieve an active seccomp notifier fd from a running container. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2020-08-06 14:40:13 +02:00
Stéphane Graber	05af17d749	Merge pull request #3507 from brauner/2020-08-06/fixes seccomp: don't close the mainloop, simply remove the handler	2020-08-06 08:38:06 -04:00
Christian Brauner	eb551cefed	seccomp: don't close the mainloop, simply remove the handler Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2020-08-06 14:14:10 +02:00
Stéphane Graber	c601840017	Merge pull request #3506 from brauner/2020-08-05/safe_native_terminal_allocation macro: define TIOCGPTPEER if missing	2020-08-05 15:14:28 -04:00
Christian Brauner	cfca9ccddc	conf: use openat() instead of open_tree() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2020-08-05 20:50:27 +02:00
Christian Brauner	07002a08c1	macro: define TIOCGPTPEER if missing Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2020-08-05 16:44:53 +02:00
Stéphane Graber	1f15c1c3a2	Merge pull request #3505 from brauner/2020-08-05/safe_native_terminal_allocation terminal: safely allocate pts devices from inside the container	2020-08-05 10:10:52 -04:00
Christian Brauner	f797f05e6e	terminal: safely allocate pts devices from inside the container This was a year long journey which seems to finally have come to an end. Closes: #1620. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2020-08-05 15:16:51 +02:00
Stéphane Graber	2d19c5e172	Merge pull request #3504 from brauner/2020-08-04/fixes conf: ensure that the idmap pointer itself is freed	2020-08-03 20:53:01 -04:00
Christian Brauner	7e62126388	conf: ensure that the idmap pointer itself is freed Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2020-08-04 00:05:05 +02:00
Christian Brauner	f3bbb01f8a	Merge pull request #3501 from ffontaine/master syscall: don't fail if __NR_signalfd is not defined	2020-07-28 13:25:48 +02:00
Fabrice Fontaine	3341e204dc	syscall: don't fail if __NR_signalfd is not defined lxc fails to build if __NR_signalfd is not defined since version 4.0.0 and `bed09c9cc0` However, some architectures don't define __NR_signalfd but only __NR_signalfd4. This is the case for example for nios2 or csky: `f9ac84f92f/sysdeps/unix/sysv/linux/nios2/arch-syscall.h` `f9ac84f92f/sysdeps/unix/sysv/linux/csky/arch-syscall.h` Fixes: - http://autobuild.buildroot.org/results/75096a48d2dbda57459523db3ed0952e63f93535 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>	2020-07-28 12:44:43 +02:00
Stéphane Graber	79c66a2af3	Merge pull request #3500 from brauner/2020-07-27/seccomp_notify_cleanup seccomp: add missing header	2020-07-27 12:02:48 -04:00
Christian Brauner	e4353a7fc4	seccomp: add missing header Fixes: https://launchpadlibrarian.net/490341075/buildlog_snap_ubuntu_bionic_amd64_lxd-latest-edge_BUILDING.txt.gz Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2020-07-27 17:26:42 +02:00
Stéphane Graber	64cbd48aa3	Merge pull request #3499 from brauner/2020-07-27/seccomp_notify_cleanup seccomp: remove seccomp fd from event loop after task exited	2020-07-27 08:16:30 -04:00

... 29 30 31 32 33 ...

10986 Commits