proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-14 03:31:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
5,109 Commits 6 Branches 17 Tags 29 MiB
aa0db7d356
Commit Graph

5109 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Serge Hallyn
1545a1f163 Merge pull request #1528 from brauner/2017-04-28/close_fd_in_lxc_setup_devpts 
conf: close fd in lxc_setup_devpts()
 2017-04-28 09:44:08 -05:00
Christian Brauner
e87bd19ceb
conf: close fd in lxc_setup_devpts() 
This left the file descriptor to the underlying /dev/ptmx file open which
confused the hell out of criu. Let's close it.

Closes https://github.com/lxc/lxd/issues/3243.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-28 15:19:17 +02:00
Christian Brauner
da1ef68cae Merge pull request #1527 from tenforward/japanese 
doc: add lxc.limit to lxc.container.conf(5)
 2017-04-25 11:09:03 +02:00
KATOH Yasufumi
e7267b539e doc: add lxc.limit to lxc.container.conf(5) 
Update for commit 93f9e90

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
 2017-04-25 17:33:36 +09:00
Stéphane Graber
50fce81cd9 Merge pull request #1526 from brauner/2017-04-24/build_lxc_with_musl 
confile: fix musl build
 2017-04-23 21:55:44 -04:00
Christian Brauner
2e6e3febb1
confile: fix musl build 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-24 00:34:48 +02:00
Stéphane Graber
e85e742c9c Merge pull request #1523 from brauner/2017-04-23/improve_cgfsng_debug 
cgroups: improve cgfsng debugging
 2017-04-23 16:50:56 -04:00
Christian Brauner
0bc4a8473d
issue template: fix typo 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-23 22:04:54 +02:00
Christian Brauner
e4aeecf54b
cgroups: improve cgfsng debugging 
In a lot of cases we need a list of the writeable cgroup controllers detected
by the cgfsng driver.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-23 15:06:10 +02:00
Stéphane Graber
2e2cbfd21b Merge pull request #1520 from brauner/2017-04-22/improve_loop 
utils: use loop device helpers from LXD
 2017-04-22 21:10:10 -04:00
Stéphane Graber
170a37711e Merge pull request #1522 from brauner/2017-04-22/lxc_issue_template 
create ISSUE_TEMPLATE.md
 2017-04-22 21:09:44 -04:00
Christian Brauner
8b62db216e
create ISSUE_TEMPLATE.md 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-22 18:40:36 +02:00
Christian Brauner
c6868a1f81
utils: use loop device helpers from LXD 
Use the loop device helpers I wrote for LXD in LXC as well. They should be more
efficient.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-22 14:04:34 +02:00
Christian Brauner
d435aae15b
conf: non-functional changes 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-22 14:01:53 +02:00
Stéphane Graber
dc46df1e42 Merge pull request #1519 from brauner/2017-04-21/setup_pts 
conf: use bind-mount for /dev/ptmx
 2017-04-21 21:12:43 -04:00
Christian Brauner
d5cb35d636
conf: use bind-mount for /dev/ptmx 
AppArmor will refuse on /dev/ptmx being a symlink.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-22 00:14:15 +02:00
Christian Brauner
70761e5ee2
conf: non-functional changes to setup_pts() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-21 23:40:38 +02:00
Serge Hallyn
68a1e26c4f Merge pull request #1514 from brauner/2017-04-18/autoconf_cap_get_file 
autotools: check for cap_get_file
 2017-04-18 19:36:38 -05:00
Christian Brauner
c61079a4d0
caps: return false if caps are not supported 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-19 01:02:10 +02:00
Christian Brauner
69924fff1b
autotools: check for cap_get_file 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-19 01:02:10 +02:00
Stéphane Graber
c69ab769ef Merge pull request #1513 from brauner/2017-04-17/skip_cap_get_file_on_android 
caps: skip file capability checks on android
 2017-04-18 16:00:19 -04:00
Christian Brauner
d6018f88cb
caps: skip file capability checks on android 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-17 23:23:26 +02:00
Christian Brauner
b399477467 Merge pull request #1512 from 0x0916/fix-comment 
attach|unshare: fix the wrong comment
 2017-04-17 17:09:06 +02:00
0x0916
281f36af6d attach|unshare: fix the wrong comment 
Signed-off-by: 0x0916 <w@laoqinren.net>
 2017-04-17 23:02:33 +08:00
Christian Brauner
e6ceab4571 Merge pull request #1511 from evgeni/typo 
fix typo introduced in #1509
 2017-04-17 10:21:12 +02:00
Evgeni Golov
d26582c15a fix typo introduced in #1509 
Signed-off-by: Evgeni Golov <evgeni@debian.org>
 2017-04-17 10:04:57 +02:00
Serge Hallyn
93caf97185 Merge pull request #1509 from brauner/2017-04-15/improve_lxc_id_map 
idmap improvements
 2017-04-16 10:20:50 -05:00
Christian Brauner
1a35a74623 Merge pull request #1510 from 0x0916/fix-ls 
ls: simplify the judgment condition when list active containers
 2017-04-16 14:51:28 +02:00
0x0916
045e2de34a ls: simplify the judgment condition when list active containers 
Signed-off-by: 0x0916 <w@laoqinren.net>
 2017-04-16 18:36:57 +08:00
Christian Brauner
91c3e2814c
conf: improve log when mounting rootfs 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-16 00:59:46 +02:00
Christian Brauner
df6a294548
conf: check for {filecaps,setuid} on new{g,u}idmap 
The new{g,u}idmap binaries where a source of trouble for users when they lacked
sufficient privileges. This commit adds code to check for sufficient privilege.
It checks whether new{g,u}idmap is root owned and has the setuid bit set and if
it doesn't it checks whether new{g,u}idmap is root owned and has CAP_SETUID in
its CAP_PERMITTED and CAP_EFFECTIVE set.

Closes #296.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-16 00:59:46 +02:00
Christian Brauner
207c4c71ee
caps: add lxc_{proc,file}_cap_is_set() 
Add two new helpers that allow to determine whether a given proc or file has a
capability in the given set and move lxc_cap_is_set() to static function that
both call internally.

Closes #296.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-15 22:50:50 +02:00
Christian Brauner
4bc3b75957
conf: lxc_map_ids() non-functional changes 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-15 13:30:00 +02:00
Stéphane Graber
b4f185c70d Merge pull request #1508 from brauner/2017-04-14/add_prlimit_implementation_for_bionic 
android: add prlimit implementation for 32bit
 2017-04-14 18:47:15 -04:00
Christian Brauner
a04f540725
android: add prlimit implementation for 32bit 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-15 00:18:31 +02:00
Christian Brauner
421a42bfe3 Merge pull request #1504 from Blub/limits-fixup 
start: fix error handling when limits fail to apply
 2017-04-11 17:10:57 +02:00
Wolfgang Bumiller
84ff3af745 start: fix error handling when limits fail to apply 
(The code was moved here from the child side of the startup
without adapting the error case.)

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2017-04-11 16:43:41 +02:00
Christian Brauner
64f26a8902 Merge pull request #1276 from Blub/limits 
Resource Limits
 2017-04-11 16:35:06 +02:00
Wolfgang Bumiller
a6390f01cc conf: less error prone pointer access 
These functions define pointer to their key shifted by a
number and guard access to it later via another variable.
Let's make this more explicit (and additionally have the
pointer be NULL in the case where it is not supposed to be
used).

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2017-04-11 14:01:11 +02:00
Wolfgang Bumiller
fe17b651c5 test: resource limit config entries 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2017-04-11 14:01:11 +02:00
Wolfgang Bumiller
93f9e90d72 doc: add lxc.limit to lxc.container.conf 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2017-04-11 14:01:11 +02:00
Wolfgang Bumiller
c6d09e15c5 conf: implement resource limits 
This adds lxc.limit.<name> options consisting of one or two
colon separated numerical values (soft and optional hard
limit). If only one number is specified it'll be used for
both soft and hard limit. Additionally the word 'unlimited'
can be used instead of numbers.

Eg.
  lxc.limit.nofile = 30000:32768
  lxc.limit.stack = unlimited

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2017-04-11 14:01:11 +02:00
Christian Brauner
359f86f975 Merge pull request #1501 from jgillich/patch-1 
remove obsolete note about api stability
 2017-04-08 06:18:43 +02:00
Jakob Gillich
0cb906e681
remove obsolete note about api stability 
Signed-off-by: Jakob Gillich <jakob@gillich.me>
 2017-04-08 03:16:33 +02:00
Stéphane Graber
57f0c5808e Merge pull request #1500 from BegBlev/1498 
make Alpine template more POSIX shell friendly #1498
 2017-04-07 12:09:54 -04:00
Vincent Catros
7276799bd7 avoid assigning to a variable which is not POSIX shell proof (bug #1498) 
Signed-off-by: Vincent Catros <vincent.catros@laposte.net>
 2017-04-07 17:14:44 +02:00
Stéphane Graber
67c9752186 Merge pull request #1494 from d4s/lxcinfo 
Increased buffer length in print_stats()
 2017-03-30 12:26:27 -04:00
Stéphane Graber
1266eb51fb Merge pull request #1493 from t-fohrer/t-fohrer-patch-4 
Avoid waiting for bridge interface on bootup
 2017-03-30 12:11:19 -04:00
Denis Pynkin
1bbc627538
Increased buffer length in print_stats() 
Some "/sys" entries exceeds buffer size.
This results to some statistics loss ('BlkIO' in particular):

 wc -c /sys/fs/cgroup/blkio/lxc/alt/blkio.throttle.io_service_bytes
 318 /sys/fs/cgroup/blkio/lxc/alt/blkio.throttle.io_service_bytes

Signed-off-by: Denis Pynkin <dans@altlinux.org>
 2017-03-30 18:43:25 +03:00
Torsten Fohrer
723d30f7ff Avoid waiting for bridge interface if disabled in sysconfig/lxc | lxc-net via USE_LXC_BRIDGE 
Signed-off-by: Torsten Fohrer <tfohrer@googlemail.com>
 2017-03-30 11:57:14 +02:00