proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-14 17:12:14 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
6,799 Commits 6 Branches 17 Tags 29 MiB
96ec54acf8
Commit Graph

6799 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Christian Brauner
8d81a3c87f
console: they are really not necessary 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-10 12:54:31 +01:00
Christian Brauner
ab1a6cacaf
conf: fix clearing cgroup settings 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-10 12:16:41 +01:00
Stéphane Graber
ba2861ff76
Merge pull request #2144 from brauner/2018-02-08/coverity_bug_smash 
coverity: bug smash
 2018-02-09 10:36:34 -05:00
Christian Brauner
056fec39f7
Merge pull request #2149 from tych0/fix-userns-error-handling 
fix userns helper error handling
 2018-02-09 14:49:11 +01:00
Christian Brauner
7995662124
pam: create writable cgroups for unpriv users 
This moves pam_cgfs from the LXCFS repo into the LXC repo. This will allow us
to share a bunch of code between the cgroup backends and the pam module. The
next step obviously is to share code.

Closes #1307.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-09 14:39:43 +01:00
Tycho Andersen
ee1b16bcbd fix userns helper error handling 
In both of these cases if there is actually an error, we won't close the
pipe and the api call will hang. Instead, let's be sure to close the pipe
before waiting, so that it doesn't hang.

Signed-off-by: Tycho Andersen <tycho@tycho.ws>
 2018-02-09 13:26:31 +00:00
Christian Brauner
2df70fba94
Merge branch 'duguhaotian-new' into lxc/master 2018-02-09 12:12:10 +01:00
duguhaotian
90f2046676
conf: fix log message 
Signed-off-by: duguhaotian <duguhaotian@gmail.com>
 2018-02-09 12:11:53 +01:00
Christian Brauner
287df277ff
coverity: #1425971 
Dereference after null check

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-09 10:37:53 +01:00
Christian Brauner
f38cf5b8f4
coverity: #1426083 
Dereference after null check

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-09 10:37:53 +01:00
Christian Brauner
cb8ff4d033
lxccontainer: satisfy coverity 
The container name can't be NULL so don't give coverity the impression that it
could be.

Silences coverity #1426123.
Silences coverity #1426124.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-09 10:37:53 +01:00
Christian Brauner
341ed84c47
start: use goto instead of simple return 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-09 10:37:52 +01:00
Christian Brauner
5b7f756a67
coverity: #1426126 
Unchecked return value

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-09 10:37:49 +01:00
Christian Brauner
fa456191d0
coverity: #1426734 
Argument cannot be negative

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-09 00:25:53 +01:00
Christian Brauner
bd01b7d552
coverity: #1429139 
Resource leak

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-09 00:25:50 +01:00
Stéphane Graber
17eba7a26f
Merge pull request #2143 from brauner/2018-02-08/fix_cgroup_ns 
start: check for cgroup namespace support
 2018-02-08 18:07:51 -05:00
Christian Brauner
7bd05339e1
start: check for cgroup namespace support 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-08 23:47:10 +01:00
Christian Brauner
e3fe3512c3
Merge pull request #2142 from hallyn/2018-02-08/priv 
2018 02 08/priv
 2018-02-08 23:40:50 +01:00
Serge Hallyn
e0010464c7 Restore most cases of am_guest_unpriv 
The only cases where we really need to be privileged with respect
to the host is when we are trying to mknod, and in some cases
to do with a physical network device.  This patch leaves the
detection of the network device cases as a TODO.

This should fix the currently broken case of starting a privileged
container with at least one veth nic, nested inside an unprivileged
container.

Cc: Tycho Andersen <tycho@tycho.ws>
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
 2018-02-08 13:06:52 -06:00
Serge Hallyn
477aa378e9 define am_guest_unpriv 
Sometimes we want to know whether we are privileged wrt our
namespaces, and sometimes we want to know whether we are priv
wrt init_user_ns.

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
 2018-02-08 12:06:39 -06:00
Stéphane Graber
5596585d3b
Merge pull request #2125 from brauner/2018-02-02/add_namespace_configs 
confile: add lxc.namespace.share.[namespace], lxc.namespace.keep, lxc.namespace.clone
 2018-02-08 10:26:57 -05:00
Stéphane Graber
dfb7073f20
Merge pull request #2137 from brauner/2018-02-07/fix_unprivileged_flag 
tools/lxc-ls: fix logic for unpriv containers
 2018-02-08 10:26:09 -05:00
Stéphane Graber
d99e66cd14
Merge pull request #2140 from brauner/2018-02-08/cgfsng_fix_ro_remount 
cgfsng: add required remount flags
 2018-02-08 10:25:50 -05:00
Christian Brauner
1323838283
tools/lxc_unshare: satisfy Android 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-08 16:14:09 +01:00
Christian Brauner
5285689c58
cgfsng: add required remount flags 
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9566d6742852c527bf5af38af5cbb878dad75705

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-08 11:37:16 +01:00
Christian Brauner
ca20a3b350
Merge branch 'marcosps-selinux_simplification' into lxc/master 2018-02-08 10:50:10 +01:00
Marcos Paulo de Souza
08fccae2bb
lsm: fix missing @ in function documentation 
Signed-off-by: Marcos Paulo de Souza <marcos.souza.org@gmail.com>
 2018-02-08 10:49:51 +01:00
Marcos Paulo de Souza
1be8cb0450
selinux: simplify check for default label 
Signed-off-by: Marcos Paulo de Souza <marcos.souza.org@gmail.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-08 10:49:48 +01:00
Christian Brauner
5c80e9fcb4
Merge branch 'marcosps-issue_870' into lxc/master 2018-02-08 10:34:54 +01:00
Marcos Paulo de Souza
9ea09fb48b
cgroups: add check for lxc.cgroup.use 
Closes #870.

Signed-off-by: Marcos Paulo de Souza <marcos.souza.org@gmail.com>
 2018-02-08 10:34:28 +01:00
Christian Brauner
c66687101f
include: remove getsubopt.* 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-07 21:13:06 +01:00
Christian Brauner
f71634fcc9
tools/lxc-ls: fix logic for unpriv containers 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-07 21:06:01 +01:00
Christian Brauner
ff5976cd54
templates: CentOS fixes 
Issues fixed:
- lxc-centos died about a missing /run directory
- lxc-centos complained about some config files it couldn't modify
- the new container got stuck at startup time for a minute
  (literally), waiting for systemd-remount-fs startup script

Of course it still works for RHEL 6, CentOS 6 and 7 as well. I did not
verify earlier CentOS or RHEL releases.

Signed-off-by: Harald Dunkel <harald.dunkel@aixigo.de>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-07 11:39:19 +01:00
Christian Brauner
08fbe494cc
Merge branch 'lifeng68-remount_cgroup' into lxc/master 2018-02-07 11:30:40 +01:00
Christian Brauner
886cac862b
cgfsng: non-functional changes 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-07 11:27:57 +01:00
LiFeng
f8c40ffa39
cgfsng: do MS_REMOUNT 
Perform MS_REMOUNT on mounts with MS_RDONLY.

Signed-off-by: LiFeng <lifeng68@huawei.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-07 11:21:57 +01:00
Christian Brauner
c112f06d29
Merge branch 'lifeng68-use_env_vars_in_container' into lxc/master 2018-02-07 11:18:42 +01:00
Christian Brauner
3d55242aa5
attach: non-functional changes 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-07 11:15:37 +01:00
l00415420
7385273fc4
attach: set the container's environment variables 
Set the same environment variables that were used when starting the container
when attaching to the container.

Signed-off-by: LiFeng <lifeng68@huawei.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-07 11:04:42 +01:00
Christian Brauner
6ecad2c49b
tools: move lxc-monitor to API symbols only 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-06 21:10:50 +01:00
Christian Brauner
1a80fcdfc7
tools: non-functional changes 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-06 21:10:50 +01:00
Christian Brauner
1194822f0b
cmd: non-functional changes 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-06 21:10:49 +01:00
Christian Brauner
d567a9a7e9
tools: move lxc-unshare to API symbols only 
Closes #2073.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-06 21:10:49 +01:00
Christian Brauner
b678c6d8a7
tools: move lxc-wait to API symbols only 
Closes #2073.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-06 21:10:49 +01:00
Christian Brauner
81bba32eda
tools: move lxc-unfreeze to API symbols only 
Closes #2073.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-06 21:10:49 +01:00
Christian Brauner
adc0914195
tools: move lxc-top to API symbols only 
Closes #2073.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-06 21:10:48 +01:00
Christian Brauner
52d27da510
tools: move lxc-stop to API symbols only 
Closes #2073.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-06 21:10:48 +01:00
Christian Brauner
9810df0785
tools: move lxc-start to API symbols only 
Closes #2073.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-06 21:10:48 +01:00
Christian Brauner
6a3ec2c51e
tools: move lxc-snapshot to API symbols only 
Closes #2073.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-06 21:10:48 +01:00
Christian Brauner
4b7c0ef8b2
tools: move lxc-ls to API symbols only 
Closes #2073.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-06 21:10:48 +01:00