mirror_lxc

mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-03 02:46:50 +00:00

Author	SHA1	Message	Date
Christian Brauner	a0738fa00b	Merge pull request #3947 from blenk92/fix-missing-seccomp config: enable seccomp profile only when compiled with libseccomp	2021-08-24 09:07:48 +02:00
Maximilian Blenk	3d46e1d1f8	config: enable seccomp profile only when compiled with libseccomp Make lxc fail if seccomp.profile is specified but lxc is compiled without seccomp support. Currently, seccomp.profile is silently ignored if is specified in such a scenario. This could lead to the false impression that the seccomp filter is applied while it actually isn't. Signed-off-by: Maximilian Blenk <Maximilian.Blenk@bmw.de>	2021-08-24 01:17:32 +02:00
Stéphane Graber	f1b5286c65	Merge pull request #3943 from brauner/2021-08-19.fixes seccomp: fix complication when !HAVE_DECL_SECCOMP_NOTIFY_FD	2021-08-19 15:18:07 -04:00
Christian Brauner	c16d194abf	seccomp: fix complication when !HAVE_DECL_SECCOMP_NOTIFY_FD [2021-08-18 05:48:26] [build-stdout] mv -f $depbase.Tpo $depbase.Po [2021-08-18 05:48:26] [build-stderr] seccomp.c: In function ‘seccomp_notify_cleanup_handler’: [2021-08-18 05:48:26] [build-stderr] seccomp.c:1367:25: error: ‘struct lxc_seccomp’ has no member named ‘notifier’ [2021-08-18 05:48:26] [build-stderr] 1367 \| if (fd == conf->seccomp.notifier.notify_fd) [2021-08-18 05:48:26] [build-stderr] \| ^ [2021-08-18 05:48:26] [build-stderr] In file included from af_unix.h:12, [2021-08-18 05:48:26] [build-stderr] from seccomp.c:14: [2021-08-18 05:48:26] [build-stderr] seccomp.c:1368:29: error: ‘struct lxc_seccomp’ has no member named ‘notifier’ [2021-08-18 05:48:26] [build-stderr] 1368 \| fd = move_fd(conf->seccomp.notifier.notify_fd); [2021-08-18 05:48:26] [build-stderr] \| ^ [2021-08-18 05:48:26] [build-stderr] macro.h:655:26: note: in definition of macro ‘move_fd’ [2021-08-18 05:48:26] [build-stderr] 655 \| int __internal_fd__ = (fd); \ [2021-08-18 05:48:26] [build-stderr] \| ^~ [2021-08-18 05:48:26] [build-stderr] seccomp.c:1368:29: error: ‘struct lxc_seccomp’ has no member named ‘notifier’ [2021-08-18 05:48:26] [build-stderr] 1368 \| fd = move_fd(conf->seccomp.notifier.notify_fd); [2021-08-18 05:48:26] [build-stderr] \| ^ [2021-08-18 05:48:26] [build-stderr] macro.h:656:4: note: in definition of macro ‘move_fd’ [2021-08-18 05:48:26] [build-stderr] 656 \| (fd) = -EBADF; \ [2021-08-18 05:48:26] [build-stderr] \| ^~ [2021-08-18 05:48:26] [build-stderr] make[3]: * [Makefile:4496: seccomp.o] Error 1 [2021-08-18 05:48:26] [build-stdout] make[3]: Leaving directory '/opt/src/src/lxc' [2021-08-18 05:48:26] [build-stdout] make[2]: Leaving directory '/opt/src/src' [2021-08-18 05:48:26] [build-stdout] make[1]: Leaving directory '/opt/src/src' [2021-08-18 05:48:26] [build-stderr] make[2]: * [Makefile:440: all-recursive] Error 1 [2021-08-18 05:48:26] [build-stderr] make[1]: * [Makefile:379: all] Error 2 [2021-08-18 05:48:26] [build-stderr] make: * [Makefile:537: all-recursive] Error 1 [2021-08-18 05:48:26] [build-stderr] + '[' -f build.ninja ']' [2021-08-18 05:48:26] [build-stdout] Semmle autobuild: no supported build system detected. [2021-08-18 05:48:26] [build-stderr] + '[' -d ../_lgtm_build_dir ']' [2021-08-18 05:48:26] [build-stderr] + for f in build build.sh [2021-08-18 05:48:26] [build-stderr] + '[' -x build ']' [2021-08-18 05:48:26] [build-stderr] + for f in build build.sh [2021-08-18 05:48:26] [build-stderr] + '[' -x build.sh ']' [2021-08-18 05:48:26] [build-stderr] + '[' -f setup.py ']' [2021-08-18 05:48:26] [build-stderr] + echo 'Semmle autobuild: no supported build system detected.' [2021-08-18 05:48:26] [build-stderr] + exit 1 [2021-08-18 05:48:26] [ERROR] Spawned process exited abnormally (code 1; tried to run: [/opt/dist/tools/linux64/preload_tracer, /opt/dist/cpp/tools/do-build]) [2021-08-18 05:48:26] [build-stderr] A fatal error occurred: Exit status 1 from command: [/opt/dist/cpp/tools/do-build] [2021-08-18 05:48:26] [build-stderr] deptrace-server: received exit command [2021-08-18 05:48:27] [ERROR] Spawned process exited abnormally (code 2; tried to run: [/opt/work/lgtm-workspace/lgtm/extract.sh]) A fatal error occurred: Exit status 2 from command: [/opt/work/lgtm-workspace/lgtm/extract.sh] Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-19 10:47:31 +02:00
Stéphane Graber	ba4339b677	Merge pull request #3940 from brauner/2021-08-16.fixes.2 tests: only rely on busybox template getting rid of all network dependencies; terminal: allow for tty allocation even when container did not request separate devpts instance	2021-08-17 12:45:57 -04:00
Christian Brauner	41ed9db898	tests: use busybox in lxc-test-usernic.in Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-17 17:35:48 +02:00
Christian Brauner	6c321ceada	tests: use busybox in lxc-test-unpriv Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-17 17:35:48 +02:00
Christian Brauner	f6a53ad2c5	tests: use busybox in lxc-test-no-new-privs Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-17 17:35:48 +02:00
Christian Brauner	bc84935552	test: use busybox in lxc-test-autostart Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-17 13:51:28 +02:00
Christian Brauner	adb14537d2	test: use busybox in lxc-test-apparmor-mount Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-17 13:51:27 +02:00
Christian Brauner	acd792c965	test: use busybox in lxc-test-apparmor-generated Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-17 13:51:27 +02:00
Christian Brauner	fd0349a7a0	tests: fix order in sys_mixed We need to set the config item after we loaded the config obviously. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-17 13:51:27 +02:00
Christian Brauner	03585adc0e	conf: allow for tty allocation even when container did not request separate devpts instance Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-17 13:51:27 +02:00
Christian Brauner	b081cb55e4	busybox: simplify Start relying on autodev for busybox template and wipe all the device creation. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-17 13:50:58 +02:00
Christian Brauner	8829829deb	busybox: mount sys:ro There's no udev so sys doesn't need to be read-write. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-17 13:49:56 +02:00
Christian Brauner	803839b8b9	terminal: use /dev/ptmx when allocating pty devices from devpts instances we didn't mount ourselves When we aren't told what devpts instance to allocate from we assume it is the one in the caller's mount namespace. This poses a slight complication, a lot of distros will change permissions on /dev/ptmx so it can be opened by unprivileged users but will not change permissions on /dev/pts/ptmx itself. In addition, /dev/ptmx can either be a symlink, a bind-mount, or a separate device node. So we need to allow for fairly lax lookup. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-17 11:39:17 +02:00
Christian Brauner	d06abe2f9c	file_utils: add same_device() helper Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-17 11:39:17 +02:00
Stéphane Graber	72c6d3a56d	Merge pull request #3938 from brauner/2021-08-16.fixes cgroups: simplify offline and isolated cpumask handling	2021-08-16 12:35:46 -04:00
Christian Brauner	12a0f27dfe	Merge pull request #3939 from Cypresslin/fix-test-exec-bit tests: set lxc-test-automount/createconfig/snapdeps as executable	2021-08-16 12:06:16 +02:00
Po-Hsu Lin	02f00bdc3e	tests: set lxc-test-automount/createconfig/snapdeps as executable The debian/tests/exercise script will skip those non-executable tests in src/test, thus these three tests were never get tested. Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com>	2021-08-16 17:34:20 +08:00
Christian Brauner	4d8f68fb97	cgroups: simplify offline and isolated cpu handling Don't create separate cpumask arrays for them. Just clear the ones that are set in the original cpumask array. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-16 11:11:43 +02:00
Christian Brauner	0627ffc0c6	cgroups: use semantically clean check in cpuset1_cpus_initialize() The variable is a pointer not a integer. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-16 10:56:51 +02:00
Stéphane Graber	6f76b9e528	Merge pull request #3937 from brauner/2021-08-13.fixes cgroups: cpumask fixes	2021-08-14 11:12:27 -04:00
Christian Brauner	f5bc57d23c	cgroups: fix cpumask handling Link: https://discuss.linuxcontainers.org/t/lxc-4-0-9-lxc-start-sigabrt-on-systems-with-defined-offline-cpus-and-a-total-number-of-cpus-divisible-by-32 Signed-off-by: Jim Ferrigno <jim.ferrigno@oracle.com> Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-14 00:39:03 +02:00
Christian Brauner	21e84b0205	cgroups: fix comments in cpuset1_initialize() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-13 21:37:02 +02:00
Christian Brauner	f6949b6993	Revert "cgroups: fix cpu bitmasks" This reverts commit `e0f7296a6d`. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-13 21:35:30 +02:00
Christian Brauner	fb40641cac	Merge pull request #3934 from brauner/2021-08-12.fixes cgroups: cpumask fixes	2021-08-12 10:12:45 +02:00
Christian Brauner	7e80755d0c	cgroups: s/calloc/zalloc/g Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-12 09:00:00 +02:00
Jim Ferrigno	e0f7296a6d	cgroups: fix cpu bitmasks Link: https://discuss.linuxcontainers.org/t/lxc-4-0-9-lxc-start-sigabrt-on-systems-with-defined-offline-cpus-and-a-total-number-of-cpus-divisible-by-32 Signed-off-by: Jim Ferrigno <jim.ferrigno@oracle.com> Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-12 08:56:04 +02:00
Stéphane Graber	cf92aaac1c	Merge pull request #3899 from denisfa/master Improve bash completion experience.	2021-08-11 13:42:18 -04:00
Stéphane Graber	ef10e680d5	Merge pull request #3932 from brauner/2021-08-11.fixes mainloop: further io_uring fixes	2021-08-11 13:22:48 -04:00
Christian Brauner	82abff81b6	mainloop: disable IORING_SETUP_SQPOLL for now It's a bit more complicated to use then I envisioned here. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-11 17:47:39 +02:00
Christian Brauner	c9d1f58725	mainloop: add comments about multishot and oneshot cleanup Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-11 17:47:39 +02:00
Christian Brauner	e5e7c954c5	mainloop: s/handler_name/name/g Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-11 17:47:39 +02:00
Stéphane Graber	34a16b88c6	Merge pull request #3931 from brauner/2021-08-11.fixes memory_utils: make cleanup handler as unused	2021-08-11 10:58:21 -04:00
Christian Brauner	96348aa8ab	mainloop: move variables into tighter scope Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-11 15:52:12 +02:00
Christian Brauner	f7050a2d87	memory_utils: make cleanup handler as unused They are sometimes used to just clean something up automatically at end of scope but the variables themselves might not be actually used. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-11 15:43:18 +02:00
Stéphane Graber	d5b6db61e2	Merge pull request #3930 from brauner/2021-08-10.fixes mainloop: io_uring cleanup handling fixes	2021-08-11 09:08:09 -04:00
Christian Brauner	4f142001a8	mainloop: fix io_uring cleanup handling Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-11 11:03:13 +02:00
Christian Brauner	cba2278a10	mainloop: remove CANCEL_RAISE flag This is really not needed since we're not checking it anywhere anyway. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-10 17:57:26 +02:00
Christian Brauner	80aa5876b3	mainloop: minor fixes Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-10 17:42:41 +02:00
Christian Brauner	fa21f71fef	Merge pull request #3928 from simondeziel/download-user-agent lxc-download: customize the user-agent to include LXC package version and compat level	2021-08-10 17:09:06 +02:00
Christian Brauner	4c56d112a6	Merge pull request #3929 from tych0/fix-sys-poll-warning mainloop: s,sys/poll,poll	2021-08-10 17:07:19 +02:00
Tycho Andersen	1551ac0791	mainloop: s,sys/poll,poll I get the following warning (which then fails the build because of -Werror): In file included from mainloop.c:11: /usr/include/sys/poll.h:1:2: error: #warning redirecting incorrect #include <sys/poll.h> to <poll.h> [-Werror=cpp] 1 \| #warning redirecting incorrect #include <sys/poll.h> to <poll.h> \| ^~~~~~~ Signed-off-by: Tycho Andersen <tycho@tycho.pizza>	2021-08-10 08:45:21 -06:00
Simon Deziel	dcc08eb562	lxc-download: add LXC version/compat level to user-agent Signed-off-by: Simon Deziel <simon.deziel@canonical.com>	2021-08-10 10:35:48 -04:00
Stéphane Graber	a399d7ead0	Merge pull request #3924 from brauner/2021-06-04.io_uring mainloop: io_uring support	2021-08-10 10:01:55 -04:00
Christian Brauner	543d2f838c	mainloop: add io_uring support Users can choose to compile liblxc with io_uring support. This will cause LXC to use io_uring instead of epoll. We're using both, io_uring's one-shot and multi-shot poll mode depending on the type of handler. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-10 14:33:48 +02:00
Christian Brauner	5dab527cb7	Merge pull request #3927 from tomponline/tp-nic-address-broadcast doc: Adds mention of ability to specify manual IPv4 broadcast address	2021-08-10 13:03:10 +02:00
Thomas Parrott	5686798d8e	doc: Adds mention of ability to specify manual IPv4 broadcast address See also https://github.com/lxc/lxd/pull/9103 Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>	2021-08-10 11:32:30 +01:00
Christian Brauner	3298b37d53	tree-wide: s/lxc_epoll_descr/lxc_async_descr/g Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-08-10 10:03:13 +02:00

1 2 3 4 5 ...

10927 Commits