proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-16 18:10:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
10,927 Commits 6 Branches 17 Tags 29 MiB
a0738fa00b
Commit Graph

10927 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Christian Brauner
ee91fa0616
confile: cleanup __set_config_cgroup_controller() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-08 15:40:50 +01:00
Christian Brauner
c4d9b15942
confile: cleanup set_config_signal_stop() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-08 15:40:50 +01:00
Christian Brauner
7d6b1a204a
confile: cleanup set_config_signal_reboot() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-08 15:40:50 +01:00
Christian Brauner
d12fabf8d6
confile: cleanup set_config_signal_halt() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-08 15:40:49 +01:00
Christian Brauner
0c48b874fd
confile: cleanup set_config_log_level() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-08 15:40:49 +01:00
Christian Brauner
806244c69d
confile: cleanup set_config_log_level() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-08 15:40:49 +01:00
Christian Brauner
34f3b30a78
confile: cleanup set_config_log_file() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-08 15:40:49 +01:00
Christian Brauner
7f44fda1da
confile: cleanup set_config_apparmor_raw() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-08 15:40:49 +01:00
Christian Brauner
55a7689135
confile: cleanup set_config_apparmor_allow_nesting() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-08 15:40:49 +01:00
Christian Brauner
042f87117f
confile: cleanup set_config_apparmor_allow_incomplete() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-08 15:40:49 +01:00
Christian Brauner
755d653269
confile: cleanup set_config_tty_max() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-08 15:40:49 +01:00
Christian Brauner
a6bf1128eb
confile: cleanup set_config_environment() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-08 15:40:48 +01:00
Christian Brauner
1543699535
confile: cleanup set_config_group() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-08 15:40:48 +01:00
Christian Brauner
cb5f3df258
confile: cleanup set_config_monitor_signal_pdeath() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-08 15:40:48 +01:00
Christian Brauner
e166597316
confile: cleanup set_config_monitor() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-08 15:40:48 +01:00
Christian Brauner
572f6a1470
confile: cleanup set_config_start() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-08 15:40:48 +01:00
Christian Brauner
49aabd9d60
confile: cleanup set_config_pty_max() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-08 15:40:48 +01:00
Christian Brauner
62af653cc1
confile: cleanup set_config_personality() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-08 15:40:48 +01:00
Wolfgang Bumiller
4c9ffb3e66
Merge pull request #3594 from brauner/2020-12-08/fixes 
tree-wide: fixes and cleanups
 2020-12-08 14:36:47 +01:00
Christian Brauner
ed1454e852
confile: clean up hooks 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-08 12:19:04 +01:00
Christian Brauner
059a1ec30b
confile: clean up network configuration parsing 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-08 12:18:08 +01:00
Christian Brauner
c4ef8f4c11
tree-wide: use call_cleaner(netns_freeifaddrs) 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-08 12:00:01 +01:00
Stéphane Graber
d1042c9dc4
Merge pull request #3593 from brauner/2020-12-07/bugfixes 
2020 12 07/bugfixes
 2020-12-07 10:25:54 -05:00
Christian Brauner
abd833eb58
macro: bump MAX_GRBUF_SIZE to 2 mb 
Closes #3592.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-07 15:39:06 +01:00
Christian Brauner
052535c865
macro: move MAX_GRBUF_SIZE 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-07 11:25:58 +01:00
Stéphane Graber
065d331af0
Merge pull request #3589 from tych0/fix-nonet-cleanup 
network: fix LXC_NET_NONE cleanup
 2020-12-02 11:06:46 -05:00
Tycho Andersen
04213960f7 network: fix LXC_NET_NONE cleanup 
We have a case where we have a nested container with LXC_NET_NONE run
inside a container that's *also* got no network namespace (run by
lxc-usernsexec).

The "am I root" check in this function then does not suffice, since the
euid of the task is 0 but it does not have privilege over its network
namespace, and thus cannot do any of the restore operations:

lxc foo 20201201232059.271 TRACE    network - network.c:lxc_restore_phys_nics_to_netns:3299 - Moving physical network devices back to parent network namespace
lxc foo 20201201232059.271 ERROR    network - network.c:lxc_restore_phys_nics_to_netns:3307 - Operation not permitted - Failed to enter network namespace
lxc foo 20201201232059.271 ERROR    start - start.c:__lxc_start:2045 - Failed to move physical network devices back to parent network namespace

Let's check that we indeed did clone the network namespace, and thus have
things to restore to their correct namespace before attempting to actually
restore them.

I suspect it's possible we can also get rid of some of the network namespace
preservation stuff in start.c in the LXC_NET_NONE case.

Signed-off-by: Tycho Andersen <tycho@tycho.pizza>
 2020-12-02 06:26:18 -08:00
Stéphane Graber
55f7e4d688
Merge pull request #3586 from tenforward/japanese 
doc: Add lxc.cgroup.dir.monitor.pivot to Japanese man page
 2020-11-21 10:56:16 -05:00
KATOH Yasufumi
74f9fb2c9d doc: Add lxc.cgroup.dir.monitor.pivot to Japanese man page 
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
 2020-11-22 00:26:35 +09:00
Stéphane Graber
4aa5a10e02
Merge pull request #3583 from brauner/2020-11-18/fixes 
commands_utils: fix lxc-wait
 2020-11-18 16:33:10 -05:00
Christian Brauner
d2bab66fa9
commands_utils: fix lxc-wait 
Closes: #3570
Fixes: 7792a5b60f ("commands: add additional check to lxc_cmd_sock_get_state()")
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-11-18 21:06:37 +01:00
Stéphane Graber
2cc8d550f8
Merge pull request #3582 from brauner/2020-11-17/bugfixes 
file_utils: fix config file parsing
 2020-11-17 18:22:50 -05:00
Christian Brauner
7d84e2cd65
file_utils: fix config file parsing 
We accidently used the "bytes_to_write" variable after we've written all the
bytes at which point it is guaranteed to be 0. Let's use the "bytes_read"
variable instead.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-11-17 22:34:05 +01:00
Stéphane Graber
59c6b06611
Merge pull request #3581 from brauner/2020-11-16/fixes 
conf: improve mountinfo and config parsing
 2020-11-16 09:50:14 -05:00
Christian Brauner
a39fc34bd6
conf: switch to fd_to_fd() when copying mountinfo 
Closes: #3580.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=209971
Suggested-by: Joan Bruguera <joanbrugueram@gmail.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-11-16 14:41:36 +01:00
Christian Brauner
26dffd8258
parse: rework config parsing routine 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-11-16 14:41:36 +01:00
Christian Brauner
c875dc6374
Merge pull request #3579 from lifeng68/master 
cgfsng: adjust log level to warn instead of error
 2020-11-13 16:03:48 +01:00
lifeng68
34375fd74c cgfsng: adjust log level to warn instead of error 
Signed-off-by: lifeng68 <lifeng68@huawei.com>
 2020-11-13 13:49:21 +08:00
Stéphane Graber
74294d76f9
Merge pull request #3577 from brauner/2020-11-05/bugfixes 
attach: silence stdio permission adjust warnings
 2020-11-05 18:08:25 -05:00
Christian Brauner
a2c26befc9
attach: silence stdio permission adjust warnings 
Closes: #3576.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-11-05 20:25:29 +01:00
Stéphane Graber
056b6a60bc
Merge pull request #3574 from Drachenfels-GmbH/seccomp-fixes 
Add missing free for monitor_pivot_dir.
 2020-11-05 12:50:18 -05:00
Ruben Jenster
eb60b5648b Add missing free for monitor_pivot_dir. 
Signed-off-by: Ruben Jenster <r.jenster@drachenfels.de>
 2020-11-05 11:03:18 +01:00
Stéphane Graber
9f39b9e2f4
Merge pull request #3572 from brauner/2020-11-02/seccomp_nonblocking 
seccomp: fixes
 2020-11-02 12:58:43 -05:00
Christian Brauner
0d724ab4f4
seccomp: log aborted system calls 
Suggested-by: Jann Horn <jann@thejh.net>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-11-02 16:48:52 +01:00
Christian Brauner
a60c98aaf6
seccomp: make seccomp notifier fd non-blocking 
Suggested-by: Jann Horn <jann@thejh.net>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-11-02 16:48:52 +01:00
Stéphane Graber
7fde74f375
Merge pull request #3568 from brauner/2020-10-28/fixes 
coverity fixes
 2020-10-28 08:02:51 -04:00
Christian Brauner
65129087f4
attach: require that LXC_ATTACH_LSM_LABEL is specified 
to avoid liblxc stumbling over an smaller struct passed in from an older
liblxc. In the future we should version by size but this requires a new
attach2().

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-10-28 04:16:41 +01:00
Christian Brauner
0dde733e5a
utils: check snprintf return value 
Fixes: Coverity 1465853
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-10-28 04:04:42 +01:00
Christian Brauner
8ddf34f7a0
conf: check snprint return value 
Fixes: Coverity 1465854
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-10-28 04:03:31 +01:00
Christian Brauner
3715d0c03f
utils: don't deref after NULL check 
Fixes: Coverity 1465855
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-10-28 04:01:19 +01:00