Toni Ylenius
bbd84ff1a7
Fix lxc-oci template with loop backingstore
...
Move the content of rootfs inside OCI package to rootfs instead of
replacing it, as the directory is used as the mountpoint.
Tested with directory and loop backingstore.
Signed-off-by: Toni Ylenius <toni.ylenius@iki.fi>
2020-04-12 22:31:30 +03:00
Stéphane Graber
0443ed925d
Merge pull request #3375 from brauner/2020-04-12/fixes
...
cgroups: ignore legacy limits on pure cgroup2 systems
2020-04-12 13:16:02 -04:00
Christian Brauner
e9071702e6
Merge pull request #3374 from stgraber/master
...
tests/no-new-privs: Don't mess with /etc/lxc
2020-04-12 16:51:20 +02:00
Christian Brauner
b96aa96fe2
cgroups: ignore legacy limits on pure cgroup2 systems
...
Link: https://github.com/lxc/lxc/issues/3183#issuecomment-612462322
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-04-12 10:20:39 +02:00
Stéphane Graber
ecf1f1207b
tests/no-new-privs: Don't mess with /etc/lxc
...
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2020-04-11 23:05:04 -04:00
Christian Brauner
3d8949788b
Merge pull request #3370 from stgraber/master
...
lxc-update-config: Fix bad handling of lxc.logfile
2020-04-10 21:09:51 +02:00
Stéphane Graber
71310ccc85
lxc-update-config: Fix bad handling of lxc.logfile
...
Closes #3369
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2020-04-10 14:43:37 -04:00
Stéphane Graber
b7b0264251
Merge pull request #3368 from brauner/2020-04-09/fixes
...
fixes
2020-04-09 09:20:52 -04:00
Christian Brauner
1758c19505
conf: move_ptr() in all cases in mapped_hostid_add()
...
Closes #3366 .
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-04-09 14:30:31 +02:00
Christian Brauner
1c13783ee8
Merge pull request #3367 from tomponline/tp-nic-ipvlan
...
src/lxc/network: ipvlan comment and code style tweak
2020-04-09 14:13:06 +02:00
Christian Brauner
c6ba8981f5
conf: use macros all around in lxc_map_ids()
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-04-09 12:49:16 +02:00
Christian Brauner
46bc6f2a55
conf: tweak get_minimal_idmap()
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-04-09 12:44:25 +02:00
Thomas Parrott
cf88a8279b
src/lxc/network: ipvlan comment and code style tweak
...
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
2020-04-09 11:35:48 +01:00
Christian Brauner
43e35480c5
Merge pull request #3365 from albatross0/ipvlan_l2
...
network: Make it possible to set the mode of IPVLAN to L2
2020-04-09 12:25:33 +02:00
KUWAZAWA Takuya
5755765e77
network: Make it possible to set the mode of IPVLAN to L2
...
Signed-off-by: KUWAZAWA Takuya <albatross0@gmail.com>
2020-04-09 15:40:15 +09:00
Stéphane Graber
8b5f911176
Merge pull request #3362 from brauner/2020-04-07/fixes
...
lxc_user_nic: fixes
2020-04-08 08:56:41 -04:00
Christian Brauner
060c4d4504
seccomp: newer kernels require the buffer to be zeroed
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-04-08 14:42:05 +02:00
Christian Brauner
257f04ec37
cgroups: whitespace fixes
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-04-08 10:01:01 +02:00
Christian Brauner
83ddca524f
lxc_user_nic: continue when we failed to find a group
...
Closes #3361 .
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-04-08 09:18:45 +02:00
Christian Brauner
6cffe2b29d
lxc_user_nic: simplify group retrieval
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-04-08 09:18:45 +02:00
Stéphane Graber
7672d4083f
Merge pull request #3360 from brauner/2020-04-07/fixes
...
start: ensure all file descriptors are closed during exec
2020-04-07 08:56:26 -04:00
Christian Brauner
1b21a48cde
syscall_numbers: handle riscv
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-04-07 12:59:59 +02:00
Christian Brauner
d31031628f
start: ensure all file descriptors are closed during exec
...
Closes https://github.com/checkpoint-restore/criu/issues/1011 .
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-04-07 10:36:23 +02:00
Christian Brauner
51c8368a37
Merge pull request #3359 from Blub/legacy-devices-isolation-change
...
cgroup isolation: handle devices cgroup early
2020-04-07 10:35:39 +02:00
Wolfgang Bumiller
432faf202e
cgroup isolation: handle devices cgroup early
...
Otherwise we cannot use an 'a' entry in devices.deny/allow
as these are not permitted once a subdirectory was created.
Without isolation we initialize the devices cgroup
particularly late, so there are probably cases which cannot
work with isolation.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2020-04-07 10:00:52 +02:00
Christian Brauner
d8ccf90603
Merge pull request #3357 from Blub/cgroup-isolation-fixes
...
Cgroup isolation fixes
2020-04-05 17:08:49 +02:00
Wolfgang Bumiller
29d652a9b9
get the right path in get_cgroup command
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2020-04-05 16:19:29 +02:00
Wolfgang Bumiller
20e9ea0425
confile: fix jump table order
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2020-04-05 15:56:41 +02:00
Christian Brauner
ea4aeddcbe
Merge pull request #3356 from tenforward/japanese
...
doc: Add lxc.cgroup.dir.{monitor,container,container.inner} to Japanese man
2020-04-05 14:46:22 +02:00
KATOH Yasufumi
27f451e283
doc: Add lxc.cgroup.dir.{monitor,container,container.inner} to Japanese man
...
Update for commit a900cba
2020-04-05 21:18:59 +09:00
Stéphane Graber
8b10fddec4
Merge pull request #3355 from brauner/2020-04-04/fixes
...
api-extensions: add and document cgroup_advanced_isolation
2020-04-04 10:38:01 -04:00
Christian Brauner
e9619d75b1
api-extensions: add and document cgroup_advanced_isolation
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-04-04 12:09:21 +02:00
Christian Brauner
a6e5687378
Merge pull request #3353 from Blub/lxc.cgroup.dir-components
...
introduce lxc.cgroup.dir.{monitor,container,container.inner}
2020-04-03 20:26:02 +02:00
Christian Brauner
e93197e7ec
confile: coding style fixes for set_config_cgroup_container_inner_dir()
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-04-03 20:10:58 +02:00
Christian Brauner
51b07b7036
doc: s/lxc.cgroup.container.namespace/lxc.cgroup.container.inner/g
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-04-03 20:08:41 +02:00
Christian Brauner
31691d1bd4
cgroups: remove unused variable
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-04-03 20:07:41 +02:00
Wolfgang Bumiller
a900cbaf25
introduce lxc.cgroup.dir.{monitor,container,container.inner}
...
This is a new approach to #1302 with a container-side
configuration instead of a global boolean flag.
Contrary to the previous PR using an optional additional
parameter for the get-cgroup command, this introduces two
new additional commands to get the limiting cgroup path and
cgroup2 file descriptor. If the limiting option is not in
use, these behave identical to their full-path counterparts.
If these variables are used the payload will end up in the
concatenation of lxc.cgroup.dir.container and
lxc.cgroup.dir.container.inner (which may be empty), and the
monitor will end up in lxc.cgruop.dir.monitor. The
directories are fixed, no retry count logic is applied,
failing to create these directories will simply be a hard
error.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2020-04-03 17:22:04 +02:00
Christian Brauner
514b0270ce
Merge pull request #3352 from Blub/readd-cgroup-ops-check
...
Revert "start: remove unnecessary check for valid cgroup_ops"
2020-04-03 10:28:37 +02:00
Wolfgang Bumiller
e2aed383de
Revert "start: remove unnecessary check for valid cgroup_ops"
...
This reverts commit 52520e4f79
2020-04-03 10:22:27 +02:00
Stéphane Graber
2235ad66df
Merge pull request #3350 from brauner/2020-04-02/fixes
...
lxccontainer: poll takes millisecond not seconds
2020-04-02 12:21:34 -04:00
Christian Brauner
908c75d24f
lxccontainer: poll takes millisecond not seconds
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-04-02 18:19:31 +02:00
Christian Brauner
2862e55ea3
Merge pull request #3349 from cyphar/cgfsng-uninitialised-2
...
cgroups: fix build warning on GCC 7
2020-04-02 17:37:17 +02:00
Aleksa Sarai
fdb0b8ab2d
cgroups: fix build warning on GCC 7
...
GCC 7 appears to be clever enough to detect that transient_len is
uninitialised but not that it won't be used despite [1]. Just initialise
it to zero to stop the complaining, and allow LXC to build on openSUSE
Leap.
[1]: 346830421a
2020-04-03 02:13:11 +11:00
Stéphane Graber
9f6302e388
Merge pull request #3348 from brauner/2020-04-02/fixes
...
fixes
2020-04-02 10:35:43 -04:00
Christian Brauner
2ed0ea489a
utils: use setres{u,g}id() in lxc_switch_uid_gid()
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-04-02 11:51:13 +02:00
Christian Brauner
c353b0b950
utils: rework fix_stdio_permissions()
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-04-02 11:50:27 +02:00
Christian Brauner
85ec52bd9f
Merge pull request #3344 from gaohuatao-1/master
...
fix non-root user cannot write /dev/stdout
2020-04-02 11:38:48 +02:00
Christian Brauner
370a2284be
Merge pull request #3347 from cyphar/cgfsng-uninitialised
...
cgroups: fix "uninitialized transient_len" warning
2020-04-02 10:46:45 +02:00
Aleksa Sarai
346830421a
cgroups: fix "uninitialized transient_len" warning
...
Without this change, a build error is triggered if you compile with
-Werror=maybe-uninitialized.
cgroups/cgfsng.c: In function 'cgfsng_monitor_enter':
groups/cgfsng.c:1387:9: error: 'transient_len' may be used uninitialized in this function
ret = lxc_writeat(h->cgfd_mon, "cgroup.procs", transient, transient_len);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The issue is that if handler->transient_pid is 0, then transient_len is
uninitialised but lxc_writeat(..., transient_len) still gets called.
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2020-04-02 19:18:41 +11:00
Christian Brauner
5f2ed0c09f
Merge pull request #3346 from stgraber/master
...
systemd: Add Documentation key
2020-04-01 23:03:09 +02:00
