mirror_lxc

mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-15 17:30:47 +00:00

Author	SHA1	Message	Date
Rachid Koucha	9eb9ce3e47	Update freezer.c Suppressed hard coded values for state and array's maximum index. Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>	2019-01-26 23:27:07 +01:00
Wolfgang Bumiller	5283a1182e	Merge pull request #2794 from brauner/2019-01-21/revert_seccomp_fuckup Revert "seccomp: add rules for specified architecture only"	2019-01-21 15:33:05 +01:00
Christian Brauner	3e9671a15d	Revert "seccomp: add rules for specified architecture only" This reverts commit `f1bcfc796e`. The reverted branch breaks starting all seccomp confined containers. Not even a containers with our standard seccomp profile starts correctly. This is strong evidence that these changes have never been tested even with a standard workload. That is unacceptable! We are still happy to merge that feature but going forward we want tests that verify that standard workloads and new features work correctly. seccomp is a crucial part of our security story and I will not let the be compromised by missing tests! Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2019-01-21 14:58:43 +01:00
Christian Brauner	b6825c4b7b	Merge pull request #2786 from lifeng68/fix_seccomp seccomp: add rules for specified architecture only	2019-01-21 13:18:25 +02:00
LiFeng	f1bcfc796e	seccomp: add rules for specified architecture only If the architecture is specified in the seccomp configuration, like: ``` 2 whitelist errno 1 [x86_64] accept allow accept4 allow ``` We shoud add rules only for amd64 instead of add rules for x32/i386/amd64. 1. If the [arch] was not specified in seccomp config, add seccomp rules for all all compat architectures. 2. If the [arch] specified in seccomp config irrelevant to native host arch, the rules will be ignored. 3. If specified [all] in seccomp config, add seccomp rules for all compat architectures. 4. If specified [arch] as same as native host arch, add seccomp rules for the native host arch. 5. If specified [arch] was not native host arch, but compat to host arch, add seccomp rules for the specified arch only, NOT add seccomp rules for native arch. Signed-off-by: LiFeng <lifeng68@huawei.com>	2019-01-21 07:23:23 -05:00
Christian Brauner	0a0e05aacf	Merge pull request #2792 from kubiko/fix-android-hooks Fixing hooks functionality Android where 'sh' is placed under /system	2019-01-18 11:04:48 +02:00
Christian Brauner	6f16ac1fbd	Merge pull request #2791 from kubiko/handle-android-loop Handle alternative loop device location on Android	2019-01-18 11:04:27 +02:00
ondra	b11738d799	Handle alternative loop device location on Android Signed-off-by: ondra <ondrak@localhost.localdomain>	2019-01-18 10:38:40 +02:00
ondra	ecfa5693e9	Fixing hooks functionality Android where 'sh' is placed under /system/bin Signed-off-by: ondra <ondrak@localhost.localdomain>	2019-01-18 10:34:02 +02:00
Christian Brauner	8d832e7b95	Merge pull request #2788 from tanyifeng/fix_mem_leak conf.c: fix memory leak and mount error	2019-01-17 11:50:11 +02:00
Christian Brauner	86439b238b	Merge pull request #2789 from lifeng68/fix_memory_leak Fix memory leak in cgroup_exit	2019-01-17 11:49:41 +02:00
LiFeng	96a03c1f37	Fix memory leak in cgroup_exit Add free memory pointed by struct cgroup_ops *ops Signed-off-by: LiFeng <lifeng68@huawei.com>	2019-01-17 05:49:06 -05:00
t00416110	a3ed9b8118	conf.c: fix memory leak and mount error 1. cleanup namespace memory 2. fix bug when ro mount not setted, mount propagation will be skipped. Signed-off-by: t00416110 <tanyifeng1@huawei.com>	2019-01-17 17:33:34 +08:00
Christian Brauner	20b4a59291	Merge pull request #2785 from lifeng68/fix_return start: __lxc_start return -1 when start fails	2019-01-16 11:12:48 +02:00
LiFeng	575ea46728	start: __lxc_start return -1 when start fails Signed-off-by: LiFeng <lifeng68@huawei.com>	2019-01-15 07:25:00 -05:00
Wolfgang Bumiller	bd72001f1a	Merge pull request #2781 from brauner/hn-veth-uid network: prefix veth interface name with uid info	2019-01-11 10:31:25 +01:00
hn	aa2fdfd362	network: prefix veth interface name with uid info Signed-off-by: Hajo Noerenberg <hajo-github@noerenberg.de> Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2019-01-10 23:22:52 +01:00
Stéphane Graber	421a68d65c	Merge pull request #2780 from brauner/2019-01-10/cgroupns_skip_on_einval start: handle missing CLONE_NEWCGROUP	2019-01-10 11:09:27 -05:00
Christian Brauner	bca7c59cad	start: handle missing CLONE_NEWCGROUP If cgroup namespaces are not supported we should just record it in the log and move on. Cc: Ondrej Kubik <ondrej.kubik@canonical.com> Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2019-01-10 13:55:55 +01:00
Wolfgang Bumiller	888aad3750	Merge pull request #2777 from brauner/2019-01-09/cgfsng_with_no_controllers cgroups: try to handle layouts with no cgroups	2019-01-10 13:39:23 +01:00
Christian Brauner	69b4a4bbfd	cgroups: try to handle layouts with no cgroups Cc: Ondrej Kubik <ondrej.kubik@canonical.com> Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2019-01-08 23:56:50 +01:00
Christian Brauner	2fa5dff988	Merge pull request #2775 from kubiko/android-fix-compile Fixing compile error when compiling for android	2019-01-08 18:14:20 +01:00
Ondrej Kubik	60018868a3	Fixing compile error when compiling for android Signed-off-by: Ondrej Kubik <ondrej.kubik@canonical.com>	2019-01-08 17:00:36 +00:00
Christian Brauner	da7226fbd6	Merge pull request #2774 from hn/master trivial fix: unprivileged veth devices (e.g. vethFWABHX) never contain 'Z' char	2019-01-08 15:57:29 +01:00
hn	8523344a39	fix: unprivileged veth devices (e.g. vethFWABHX) never contain 'Z' character in the randomly generated device name part because for modulo one does not need to substract 1 from strlen(). Signed-off-by: Hajo Noerenberg <hajo-github@noerenberg.de>	2019-01-08 09:04:55 +01:00
Stéphane Graber	b3db9f63bd	Merge pull request #2753 from brauner/2018-12-13/remove_sigwinch_cmd terminal: remove sigwinch command	2019-01-08 00:34:37 +01:00
Stéphane Graber	62aad75f9a	Merge pull request #2755 from brauner/2018-12-16/rootfs_managed storage: do not destroy pre-existing rootfs	2019-01-08 00:34:16 +01:00
Stéphane Graber	9aed875796	Merge pull request #2773 from brauner/2018-01-09/fix_cgroup_deletion cgfsng: do not free container_full_path on error	2019-01-08 00:33:57 +01:00
Stéphane Graber	0c7114c5ce	Merge pull request #2770 from brauner/2018-01-07/container_copy lxccontainer: fix container copy	2019-01-08 00:33:47 +01:00
Stéphane Graber	b5cab13962	Merge pull request #2771 from brauner/2018-01-07/seccomp_nesting_support confile: add lxc.seccomp.allow_nesting	2019-01-08 00:33:04 +01:00
Christian Brauner	85e66fe856	cgfsng: do not free container_full_path on error Closes #2741. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2019-01-07 16:08:26 +01:00
Christian Brauner	50d86993a7	confile: add lxc.seccomp.allow_nesting This adds the lxc.seccomp.allow_nesting api extension. If lxc.seccomp.allow_nesting is set to 1 then seccomp profiles will be stacked. This way nested containers can load their own seccomp policy on top of the policy that the outer container might have applied. Cc: Simon Fels <simon.fels@canonical.com> Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2019-01-07 15:34:08 +01:00
Christian Brauner	3d7e738a6b	lxccontainer: fix container copy We need to strip the prefix from the container's source path before trying to update the file. Closes #2380. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2019-01-07 13:37:06 +01:00
Christian Brauner	de60a7fe1c	Merge pull request #2768 from caglar10ur/revert-2763-dangling Revert "Set c to NULL after freeing it"	2019-01-06 12:39:17 +01:00
S.Çağlar Onur	4bcf92a32e	Revert "Set c to NULL after freeing it" Signed-off-by: S.Çağlar Onur <caglar@10ur.org>	2019-01-05 16:28:54 -08:00
Christian Brauner	5f666a8f7c	Merge pull request #2767 from Blub/2019-01-04/use-syserror-on-write-error conf: use SYSERROR on lxc_write_to_file errors	2019-01-04 12:52:38 +01:00
Wolfgang Bumiller	688e8982bc	conf: use SYSERROR on lxc_write_to_file errors Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>	2019-01-04 12:06:31 +01:00
Christian Brauner	dfaaf1cf5a	Merge pull request #2763 from caglar10ur/dangling Set c to NULL after freeing it	2018-12-26 20:53:59 +01:00
S.Çağlar Onur	370c786023	Set c to NULL after freeing it Signed-off-by: S.Çağlar Onur <caglar@10ur.org>	2018-12-26 11:19:13 -08:00
Stéphane Graber	46bccf604b	Merge pull request #2757 from brauner/2018-12-17/mount_injection_file lxccontainer: fix mount api (mount_injection_file)	2018-12-17 10:14:31 -05:00
Christian Brauner	4e5a9657ca	lxccontainer: fix mount api (mount_injection_file) Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-12-17 11:45:58 +01:00
Christian Brauner	92fa4347d7	storage: do not destroy pre-existing rootfs Closes #2752. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-12-16 18:40:22 +01:00
Stéphane Graber	8465a7f49e	Re-enable lxc_devel Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>	2018-12-13 18:20:10 -05:00
Stéphane Graber	4dcd858b92	Release LXC 3.1.0 Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>	2018-12-13 18:12:56 -05:00
Christian Brauner	2bd158cc0c	terminal: remove sigwinch command SIGWINCH is handled in lxc_terminal_signalfd_cb(). I cannot for the life of me figure out what this is supposed to do. Afaict, it scans a global list that is totally unnecessary and also let's say you have 100 ttys and for a single one SIGWINCH is sent. In that case the whole list is walked and two ioctl()s are performed: one to get window size one to set window size. For 99 of them the window size hasn't changed. If we see issues we can revert! Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-12-13 15:46:46 +01:00
Christian Brauner	40b2dcbc17	Merge pull request #2751 from xorond/cgroup fix #2742: lxc-cgroup not giving output	2018-12-12 11:49:46 +01:00
Christian Brauner	6a5cc5609c	tools: add newline to lxc-cgroup output Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-12-12 11:47:10 +01:00
Oguz Bektas	b8ac0dd14e	fix lxc-cgroup not giving output lxc-cgroup fails to provide any output since the latest version, this should fix it Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>	2018-12-12 10:26:36 +01:00
Wolfgang Bumiller	b3fc069e41	Merge pull request #2749 from brauner/2018-12-11/storage_utils storage: src cannot be truncated	2018-12-11 14:26:11 +01:00
Christian Brauner	4f08c8d46f	storage: remove unused function Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-12-11 13:54:35 +01:00

1 2 3 4 5 ...

8081 Commits