mirror_lxc

mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-07-31 07:12:45 +00:00

Author	SHA1	Message	Date
Felix Abecassis	f42183e68c	seccomp: use a default value of 0 for the mask The mask was unconditionally parsed, it failed if no mask was provided. Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>	2018-06-01 16:36:26 -07:00
Felix Abecassis	73e3cb9a16	seccomp: drop misleading argument name inherited from the OCI spec The last (optional) argument was named "valueTwo", which seems to originate from the OCI runtime spec: https://github.com/opencontainers/runtime-spec/blob/master/config-linux.md#seccomp In proper seccomp terminology, "value" is "datum_a" and "valueTwo" is "datum_b". However, LXC's "valueTwo" was used as the mask for SCMP_CMP_MASKED_EQ, while the mask is supposed to be "datum_a". Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>	2018-06-01 16:02:17 -07:00
Stéphane Graber	ef52e679dc	Merge pull request #2371 from brauner/2018-06-01/use_read_nointr tree-wide: handle EINTR in some read()/write()	2018-06-01 14:55:58 -04:00
Christian Brauner	489f39bef7	tree-wide: handle EINTR in some read()/write() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-06-01 19:55:17 +02:00
Christian Brauner	e932b5c0bf	Merge pull request #2370 from jsurloppe/fix-lxc-update-config Patch lxc-update-config	2018-06-01 15:50:30 +02:00
Julien Surloppe	49b8273ffc	Patch lxc-update-config The current script doesn't generate a valid configuration for lxc.network.ipv4 key, it lacking an .address part which lead to: parse.c: lxc_file_for_each_line: 58 Failed to parse config: lxc.net.0.ipv4 = 192.168.10.101/24 Signed-off-by: Julien Surloppe <julien@surloppe.fr>	2018-06-01 15:41:56 +02:00
Christian Brauner	30c8676e15	templates: fix download template This patch fixes commit `6e62213e02` ("templates: actually create DOWNLOAD_TEMP directory". To use mktemp -p correctly the directories need to exist. So call mkdir -p. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-06-01 11:25:14 +02:00
Christian Brauner	4d6301a04a	Merge pull request #2369 from masselstine/master templates: actually create DOWNLOAD_TEMP directory	2018-05-31 22:41:23 +02:00
Mark Asselstine	6e62213e02	templates: actually create DOWNLOAD_TEMP directory The way 'mktemp' is currently used you will get a temp directory in $TMPDIR or '/tmp' and DOWNLOAD_TEMP will not be pointing to an actual directory. This will result in the wget operations failing and the container will fail to create: ERROR: Failed to download http://.... Instead we want to use the '-p' option for mktemp to set the base path and this will ensure that the temp directory is created in the correct location and DOWNLOAD_TEMP will be consistent with this location. Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>	2018-05-31 16:27:05 -04:00
Christian Brauner	ae8d875f89	Merge pull request #2367 from 2xsec/bugfix confile_utils: apply strprint()	2018-05-31 13:57:58 +02:00
Donghwa Jeong	1396b61091	confile_utils: apply strprint() Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>	2018-05-31 20:39:46 +09:00
Christian Brauner	7af82fa828	tree-wide: fix mode of some files commit `321db0260f` ("start: fix waitpid() blocking issue") and commit `b2a4850853` ("change defines for return value of handlers) changed the mode of files. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-05-31 12:24:08 +02:00
Christian Brauner	989ccdf1b7	Merge pull request #2366 from 2xsec/bugfix change defines for return value of handlers	2018-05-31 12:22:21 +02:00
Christian Brauner	20993a9739	start: log unknown info.si_code Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-05-31 12:18:02 +02:00
Donghwa Jeong	321db0260f	start: fix waitpid() blocking issue Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>	2018-05-31 17:58:08 +09:00
Donghwa Jeong	b2a4850853	change defines for return value of handlers Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>	2018-05-31 14:54:43 +09:00
Stéphane Graber	ed40d791c4	Merge pull request #2365 from brauner/2018-05-30/improve_strprint confile: improve strprint()	2018-05-30 11:35:32 -04:00
Christian Brauner	9496659c6b	confile: improve strprint() POSIX specifies [1]: "If the value of n is zero on a call to snprintf(), nothing shall be written, the number of bytes that would have been written had n been sufficiently large excluding the terminating null shall be returned, and s may be a null pointer." But in case there are any non-sane libcs out there that do actually dereference the buffer when when 0 is passed as length to snprintf() let's give them a dummy buffer. [1]: The Open Group Base Specifications Issue 7, 2018 edition IEEE Std 1003.1-2017 (Revision of IEEE Std 1003.1-2008) Copyright © 2001-2018 IEEE and The Open Group Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> Reported-by: Donghwa Jeong <dh48.jeong@samsung.com>	2018-05-30 15:46:06 +02:00
Christian Brauner	9715e65c41	Merge pull request #2363 from 2xsec/master conf: va_end was not called.	2018-05-30 05:37:13 +02:00
Stéphane Graber	81d7061549	Merge pull request #2360 from brauner/2018-05-29/conf_cleanup conf: small cleanups	2018-05-29 15:15:46 -04:00
Donghwa Jeong	7b5a2435a2	conf: va_end was not called. Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>	2018-05-29 22:01:27 +09:00
Christian Brauner	32fd6cf390	conf: non-functional changes Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-05-29 00:57:13 +02:00
Christian Brauner	7a0bcca310	conf: make tmp_umount_proc bool Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-05-29 00:54:16 +02:00
Christian Brauner	5173b71073	conf: make root idmap structs const Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-05-29 00:52:37 +02:00
Christian Brauner	80308d07b3	start: add reboot macros Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-05-29 00:48:15 +02:00
Stéphane Graber	5c478fb543	Merge pull request #2358 from brauner/2018-05-28/do_not_init_ns_clone_flags start: do not init ns_clone_flags to -1	2018-05-28 10:29:15 -04:00
Christian Brauner	386e676854	conf: ensure lxc_delete_tty() does not crash We need to make sure that the ttys are actually initialized otherwise deleting them is not safe. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-05-28 15:33:28 +02:00
Christian Brauner	f3815517f2	start: do not init ns_clone_flags to -1 ns_clone_flags is used as a bitmask so initializing it to -1 is a bad idea. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-05-28 13:27:43 +02:00
Christian Brauner	b71841358e	Merge pull request #2355 from 2xsec/master network: fix socket handle leak	2018-05-28 08:27:59 +02:00
Donghwa Jeong	87c6e5db2a	network: fix socket handle leak Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>	2018-05-28 13:42:45 +09:00
Stéphane Graber	f1a571d669	Merge pull request #2354 from brauner/2018-05-26/config_cleanups conf: cleanups, and bugfixes	2018-05-26 18:04:33 -04:00
Christian Brauner	573ad77fc2	utils: fix task_blocking_signal() Closes #2342. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-05-26 21:47:46 +02:00
Christian Brauner	a2db71c041	conf: non-functional changes Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-05-26 13:12:32 +02:00
Christian Brauner	e528c7356b	conf: pts -> pty_max Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-05-26 13:09:50 +02:00
Christian Brauner	885766f5d2	conf: simplify tty handling Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-05-26 13:05:24 +02:00
Christian Brauner	448d7b0c0f	conf: reshuffle mount members Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-05-26 12:53:12 +02:00
Christian Brauner	b3187a814a	conf: make close_all_fds a boolean Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-05-26 12:52:09 +02:00
Christian Brauner	edd64e17dc	conf: non-functional changes Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-05-26 12:50:53 +02:00
Christian Brauner	07c4ea310d	conf: make is_execute a boolean Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-05-26 12:50:03 +02:00
Christian Brauner	3a0e314db5	conf: non-functional changes Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-05-26 12:48:09 +02:00
Stéphane Graber	85f839ccb1	Merge pull request #2353 from brauner/2018-05-25/fix_lxc_create tools: fix lxc-create with global config value II	2018-05-25 23:48:10 -04:00
Christian Brauner	3ec12d39cd	coverity: #1435747 Dereference before null check Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-05-26 03:29:32 +02:00
Christian Brauner	4c496daa33	coverity: #1435803 Unchecked return value Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-05-26 03:22:58 +02:00
Christian Brauner	923929f612	coverity: #1435805 Logically dead code Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-05-26 03:21:05 +02:00
Christian Brauner	a579fa51bf	coverity: #1435806 Logically dead code Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-05-26 03:20:36 +02:00
Christian Brauner	49938fbcd9	tools: fix lxc-create with global config value II Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-05-25 19:35:00 +02:00
Stéphane Graber	9acc50c1fe	Merge pull request #2352 from brauner/2018-05-25/further_seccomp_fixes seccomp: more fixes	2018-05-25 10:12:04 -04:00
Christian Brauner	78633423cd	tools: fix lxc-create with global config value Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-05-25 15:43:59 +02:00
Christian Brauner	dfddc8aa7e	seccomp: make do_resolve_add_rule() more strict Let's error out on syscalls that cannot be resolved or fail to resolve instead of just warning users. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-05-25 13:27:50 +02:00
Christian Brauner	54a051c166	seccomp: parse_v2_rules() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-05-25 13:26:25 +02:00

1 2 3 4 5 ...

7055 Commits