mirror_lxc

mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-14 18:50:40 +00:00

Author	SHA1	Message	Date
Stéphane Graber	f5351e2437	Merge pull request #1533 from brauner/2017-05-02/mount_opts conf: pedantry	2017-05-03 18:35:46 -04:00
Stéphane Graber	2a902a63c5	Merge pull request #1535 from brauner/2017-05-03/api_extension_lxc_is_supported_config_item api extension: lxc_config_item_is_supported()	2017-05-03 18:35:27 -04:00
Christian Brauner	add40e6270	test: add lxc_config_item_is_supported() tests Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2017-05-03 12:24:39 +02:00
Christian Brauner	1246142888	lxccontainer: add lxc_config_item_is_supported() This adds lxc_config_item_is_supported() as API extension. It allows to check whether a given config item (e.g. lxc.autodev) is supported by this LXC instance. The function is useful in the following scenarios: 1. Users have compiled liblxc from source and have removed a config items from the corresponding struct in confile.c. (For example, embedded users might decide to gut a bunch of options that they cannot use.) 2. Callers that want to check for a specific configuration item independent of the version numbers exposed in our version.h header. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2017-05-03 12:12:22 +02:00
Christian Brauner	8912711cac	conf: add MS_LAZYTIME to mount options Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2017-05-03 11:15:00 +02:00
Christian Brauner	470b359b9d	conf: order mount options Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2017-05-02 23:37:16 +02:00
Stéphane Graber	2c0807c7c4	Merge pull request #1531 from mar-kolya/master Change sshd template to work with Ubuntu 17.04	2017-05-02 00:07:37 -04:00
Nikolay Martynov	a0430b2f97	Change sshd template to work with Ubuntu 17.04 A few things have changed and this patch makes container generated for sshd work in Ubuntu Signed-off-by: Nikolay Martynov <mar.kolya@gmail.com>	2017-05-01 21:45:10 -04:00
Serge Hallyn	c0614b0c23	Merge pull request #1529 from brauner/2017-04-28/create_proc_if_missing utils: tweak lxc_mount_proc_if_needed()	2017-04-28 20:06:07 -05:00
Christian Brauner	fc2ad9dcdd	utils: tweak lxc_mount_proc_if_needed() Create /proc directory if it doesn't exist. Closes #1475. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2017-04-29 00:05:42 +02:00
Christian Brauner	943144d931	conf: non-functional changes Closes #1475. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2017-04-29 00:05:29 +02:00
Serge Hallyn	1545a1f163	Merge pull request #1528 from brauner/2017-04-28/close_fd_in_lxc_setup_devpts conf: close fd in lxc_setup_devpts()	2017-04-28 09:44:08 -05:00
Christian Brauner	e87bd19ceb	conf: close fd in lxc_setup_devpts() This left the file descriptor to the underlying /dev/ptmx file open which confused the hell out of criu. Let's close it. Closes https://github.com/lxc/lxd/issues/3243. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2017-04-28 15:19:17 +02:00
Christian Brauner	da1ef68cae	Merge pull request #1527 from tenforward/japanese doc: add lxc.limit to lxc.container.conf(5)	2017-04-25 11:09:03 +02:00
KATOH Yasufumi	e7267b539e	doc: add lxc.limit to lxc.container.conf(5) Update for commit `93f9e90` Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>	2017-04-25 17:33:36 +09:00
Stéphane Graber	50fce81cd9	Merge pull request #1526 from brauner/2017-04-24/build_lxc_with_musl confile: fix musl build	2017-04-23 21:55:44 -04:00
Christian Brauner	2e6e3febb1	confile: fix musl build Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2017-04-24 00:34:48 +02:00
Stéphane Graber	e85e742c9c	Merge pull request #1523 from brauner/2017-04-23/improve_cgfsng_debug cgroups: improve cgfsng debugging	2017-04-23 16:50:56 -04:00
Christian Brauner	0bc4a8473d	issue template: fix typo Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2017-04-23 22:04:54 +02:00
Christian Brauner	e4aeecf54b	cgroups: improve cgfsng debugging In a lot of cases we need a list of the writeable cgroup controllers detected by the cgfsng driver. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2017-04-23 15:06:10 +02:00
Stéphane Graber	2e2cbfd21b	Merge pull request #1520 from brauner/2017-04-22/improve_loop utils: use loop device helpers from LXD	2017-04-22 21:10:10 -04:00
Stéphane Graber	170a37711e	Merge pull request #1522 from brauner/2017-04-22/lxc_issue_template create ISSUE_TEMPLATE.md	2017-04-22 21:09:44 -04:00
Christian Brauner	8b62db216e	create ISSUE_TEMPLATE.md Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2017-04-22 18:40:36 +02:00
Christian Brauner	c6868a1f81	utils: use loop device helpers from LXD Use the loop device helpers I wrote for LXD in LXC as well. They should be more efficient. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2017-04-22 14:04:34 +02:00
Christian Brauner	d435aae15b	conf: non-functional changes Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2017-04-22 14:01:53 +02:00
Stéphane Graber	dc46df1e42	Merge pull request #1519 from brauner/2017-04-21/setup_pts conf: use bind-mount for /dev/ptmx	2017-04-21 21:12:43 -04:00
Christian Brauner	d5cb35d636	conf: use bind-mount for /dev/ptmx AppArmor will refuse on /dev/ptmx being a symlink. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2017-04-22 00:14:15 +02:00
Christian Brauner	70761e5ee2	conf: non-functional changes to setup_pts() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2017-04-21 23:40:38 +02:00
Serge Hallyn	68a1e26c4f	Merge pull request #1514 from brauner/2017-04-18/autoconf_cap_get_file autotools: check for cap_get_file	2017-04-18 19:36:38 -05:00
Christian Brauner	c61079a4d0	caps: return false if caps are not supported Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2017-04-19 01:02:10 +02:00
Christian Brauner	69924fff1b	autotools: check for cap_get_file Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2017-04-19 01:02:10 +02:00
Stéphane Graber	c69ab769ef	Merge pull request #1513 from brauner/2017-04-17/skip_cap_get_file_on_android caps: skip file capability checks on android	2017-04-18 16:00:19 -04:00
Christian Brauner	d6018f88cb	caps: skip file capability checks on android Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2017-04-17 23:23:26 +02:00
Christian Brauner	b399477467	Merge pull request #1512 from 0x0916/fix-comment attach\|unshare: fix the wrong comment	2017-04-17 17:09:06 +02:00
0x0916	281f36af6d	attach\|unshare: fix the wrong comment Signed-off-by: 0x0916 <w@laoqinren.net>	2017-04-17 23:02:33 +08:00
Christian Brauner	e6ceab4571	Merge pull request #1511 from evgeni/typo fix typo introduced in #1509	2017-04-17 10:21:12 +02:00
Evgeni Golov	d26582c15a	fix typo introduced in #1509 Signed-off-by: Evgeni Golov <evgeni@debian.org>	2017-04-17 10:04:57 +02:00
Serge Hallyn	93caf97185	Merge pull request #1509 from brauner/2017-04-15/improve_lxc_id_map idmap improvements	2017-04-16 10:20:50 -05:00
Christian Brauner	1a35a74623	Merge pull request #1510 from 0x0916/fix-ls ls: simplify the judgment condition when list active containers	2017-04-16 14:51:28 +02:00
0x0916	045e2de34a	ls: simplify the judgment condition when list active containers Signed-off-by: 0x0916 <w@laoqinren.net>	2017-04-16 18:36:57 +08:00
Christian Brauner	91c3e2814c	conf: improve log when mounting rootfs Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2017-04-16 00:59:46 +02:00
Christian Brauner	df6a294548	conf: check for {filecaps,setuid} on new{g,u}idmap The new{g,u}idmap binaries where a source of trouble for users when they lacked sufficient privileges. This commit adds code to check for sufficient privilege. It checks whether new{g,u}idmap is root owned and has the setuid bit set and if it doesn't it checks whether new{g,u}idmap is root owned and has CAP_SETUID in its CAP_PERMITTED and CAP_EFFECTIVE set. Closes #296. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2017-04-16 00:59:46 +02:00
Christian Brauner	207c4c71ee	caps: add lxc_{proc,file}_cap_is_set() Add two new helpers that allow to determine whether a given proc or file has a capability in the given set and move lxc_cap_is_set() to static function that both call internally. Closes #296. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2017-04-15 22:50:50 +02:00
Christian Brauner	4bc3b75957	conf: lxc_map_ids() non-functional changes Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2017-04-15 13:30:00 +02:00
Stéphane Graber	b4f185c70d	Merge pull request #1508 from brauner/2017-04-14/add_prlimit_implementation_for_bionic android: add prlimit implementation for 32bit	2017-04-14 18:47:15 -04:00
Christian Brauner	a04f540725	android: add prlimit implementation for 32bit Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2017-04-15 00:18:31 +02:00
Christian Brauner	421a42bfe3	Merge pull request #1504 from Blub/limits-fixup start: fix error handling when limits fail to apply	2017-04-11 17:10:57 +02:00
Wolfgang Bumiller	84ff3af745	start: fix error handling when limits fail to apply (The code was moved here from the child side of the startup without adapting the error case.) Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>	2017-04-11 16:43:41 +02:00
Christian Brauner	64f26a8902	Merge pull request #1276 from Blub/limits Resource Limits	2017-04-11 16:35:06 +02:00
Wolfgang Bumiller	a6390f01cc	conf: less error prone pointer access These functions define pointer to their key shifted by a number and guard access to it later via another variable. Let's make this more explicit (and additionally have the pointer be NULL in the case where it is not supposed to be used). Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>	2017-04-11 14:01:11 +02:00

... 2 3 4 5 6 ...

5070 Commits