proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-14 09:05:44 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
5,109 Commits 6 Branches 17 Tags 29 MiB
aa0db7d356
Commit Graph

5109 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stéphane Graber
1a9eaaab20 Merge pull request #1432 from brauner/2017-02-15/fix_lxc_execute_return_code 
tools: exit with return code of lxc_execute()
 2017-03-23 17:49:56 -04:00
Christian Brauner
d04813f9b5
Makefile: fix static clang init.lxc build 
Signed-off-by: Serge Hallyn <serge@hallyn.com>
 2017-03-23 22:22:10 +01:00
Stéphane Graber
fcab4fecdb Merge pull request #1487 from t-fohrer/t-fohrer-patch-3 
Keep veth.pair.name on network shutdown
 2017-03-23 11:43:58 -04:00
Torsten Fohrer
ea80ca74d2 Keep veth.pair.name on network shutdown 
In case of a container that is rebooting, freeing veth.pair.name here results in losing given veth.pair name
(Only if given lxc_netdev is reused).

Signed-off-by: Torsten Fohrer <tfohrer@googlemail.com>
 2017-03-23 14:58:33 +01:00
Christian Brauner
69d47ee1c4 Merge pull request #1486 from stgraber/master 
fedora: Fix i386 handling
 2017-03-22 22:30:36 +01:00
Stéphane Graber
e8672a9d71
fedora: Fix i386 handling 
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
 2017-03-22 17:18:47 -04:00
Stéphane Graber
0ccaa85b5b Merge pull request #1483 from johnchen902/patch-1 
Fix opening wrong file in suggest_default_idmap
 2017-03-22 00:38:34 -04:00
John Chen
6be7389a70 Fix opening wrong file in suggest_default_idmap 
Fixing the typo making `suggest_default_idmap` open `subuidfile`
instead of `subgidfile` to read subgid information.

Signed-off-by: Pochang Chen <johnchen902@gmail.com>
 2017-03-22 11:08:47 +08:00
Stéphane Graber
f73d368b72 Merge pull request #1479 from brauner/2017-03-20/sysmacro 
tree-wide: include <sys/sysmacros.h> directly
 2017-03-21 19:19:50 -04:00
Christian Brauner
79061184c2 Merge pull request #1482 from stgraber/master 
tests: Support running on IPv6 networks
 2017-03-21 22:18:16 +01:00
Stéphane Graber
09ef083882
tests: Kill containers (don't wait for shutdown) 
We waste a lot of time waiting for Ubuntu containers to cleanly stop
right before we destroy them anyway.

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
 2017-03-21 16:35:44 -04:00
Stéphane Graber
f332b5d0a0
tests: Support running on IPv6 networks 
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
 2017-03-21 16:23:27 -04:00
Christian Brauner
66c1f8c270
tree-wide: include <sys/sysmacros.h> directly 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-03-21 12:03:16 +01:00
Stéphane Graber
f5c3ae5928 Merge pull request #1476 from brauner/2017-03-20/sysmacro 
tree-wide: include <sys/sysmacros.h> directly
 2017-03-20 11:10:57 -04:00
Christian Brauner
ce831b3b88
tree-wide: include <sys/sysmacros.h> directly 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-03-20 15:42:50 +01:00
Stéphane Graber
81f8080a6a Merge pull request #1474 from evgeni/no-default-passwords 
don't set a default password for altlinux, gentoo, openmandriva and pld
 2017-03-19 15:01:21 -04:00
Stéphane Graber
f341f1aea8 Merge pull request #1473 from taikedz/keyservfix 
Allow setting the key server as an environment variable
 2017-03-19 15:00:03 -04:00
Evgeni Golov
436ab4be72 don't set a default password for altlinux, gentoo, openmandriva and pld 
Refs: #1158
Signed-off-by: Evgeni Golov <evgeni@debian.org>
 2017-03-19 18:48:22 +01:00
Tai Kedzierski
a9a53b5070 Change variable check to match existing style 
Signed-off-by: Tai Kedzierski <dch.tai@gmail.com>
 2017-03-19 17:28:26 +00:00
Tai Kedzierski
d2e5c5d18f lxc-download.in / Document keyserver change in help 
Signed-off-by: Tai Kedzierski <dch.tai@gmail.com>
 2017-03-19 09:27:42 +00:00
Tai Kedzierski
a6a7c7d191 lxc-download.in / allow setting keyserver from env 
Checks if DOWNLOAD_KEYSERVER has already been set in the environment before setting a value

Signed-off-by: Tai Kedzierski <dch.tai@gmail.com>
 2017-03-19 09:21:29 +00:00
Christian Brauner
b49bb7dce8 Merge pull request #1468 from stgraber/master 
python3: Deal with potential NULL char*
 2017-03-17 10:45:10 +01:00
Stéphane Graber
f194007973
python3: Deal with potential NULL char* 
Closes #1466

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
 2017-03-17 10:15:02 +01:00
Stéphane Graber
1fc76a07d4 Merge pull request #1433 from rjmccabe3701/bugfix/run-within-docker 
Added 'mkdir -p' functionality in create_or_remove_cgroup
 2017-03-15 19:41:13 -04:00
Stéphane Graber
6e42a5ea63 Merge pull request #1465 from geaaru/lxc-sabayon-unpriv 
[lxc-sabayon] Disable _unprivileged_shift_owner for create unprivileg…
 2017-03-15 19:10:36 -04:00
Geaaru
3d288bbe37 [lxc-sabayon] Disable _unprivileged_shift_owner for create unprivileged container images for lxd and lxc-download. 
Signed-off-by: Geaaru <geaaru@gmail.com>
 2017-03-15 20:23:39 +01:00
Stéphane Graber
bb2f438985 Merge pull request #1463 from armchair-philosophy/up_templates_arch 
[templates] archlinux: resolve conflicting files
 2017-03-14 20:47:21 -04:00
otofune
d720fa1130 [templates] archlinux: noneed default_timezone variable 
Signed-off-by: otofune <otofune@gmail.com>
 2017-03-15 09:38:18 +09:00
otofune
349fadd6e3 [templates] archlinux: resolve conflicting files 
- already found /etc/localtime
- duplicate creation /etc/resolv.conf

Signed-off-by: otofune <otofune@gmail.com>
 2017-03-15 09:17:07 +09:00
Christian Brauner
9b001960df Merge pull request #1462 from hallyn/2017-03-14/checknewuidmap 
lxc-checkconfig: verify new[ug]idmap are setuid-root
 2017-03-14 20:41:25 +01:00
Serge Hallyn
f974149d92 lxc-checkconfig: verify new[ug]idmap are setuid-root 
Signed-off-by: Serge Hallyn <serge@hallyn.com>
 2017-03-14 13:18:01 -05:00
Christian Brauner
50de283493 Merge pull request #1461 from jirutka/alpine 
lxc-alpine: few modifications
 2017-03-14 19:01:08 +01:00
Jakub Jirutka
72ead1c054
lxc-alpine: use dl-cdn.a.o as default mirror instead of random one 
Some mirrors from the mirrors list are not very reliable and it seems
that no one really wants to use some random mirror as the default
option.

Signed-off-by: Jakub Jirutka <jakub@jirutka.cz>
 2017-03-14 17:58:19 +01:00
Jakub Jirutka
288142218a
lxc-alpine: add community repository to default repositories 
Signed-off-by: Jakub Jirutka <jakub@jirutka.cz>
 2017-03-14 17:50:35 +01:00
Christian Brauner
d32e7cd7f3 Merge pull request #1460 from stgraber/master 
Patch from Harald Dunkel + tweak
 2017-03-14 14:36:02 +01:00
Stéphane Graber
bd657b44e9
Fix mixed tab/spaces in previous patch 
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
 2017-03-14 12:44:35 +00:00
Harald Dunkel
8fc698019c
Fix lxc-containers to support multiple bridges 
Signed-off-by: Harald Dunkel <harald.dunkel@aixigo.de>
 2017-03-14 12:42:15 +00:00
Serge Hallyn
7fae49187a Merge pull request #1458 from brauner/2017-01-28/lxc_user_nic_ensure_target_netns_is_caller_owned 
lxc-user-nic: improvements
 2017-03-12 16:18:06 -05:00
Christian Brauner
9aaaad30ac
conf: only try to delete veth when privileged 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-03-11 13:12:52 +01:00
Christian Brauner
54e9a0e13d
lxc-user-nic: delete link on failure 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-03-11 12:42:49 +01:00
Christian Brauner
2b333aee38
lxc-user-nic: improve + bugfix 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-03-11 12:42:45 +01:00
Christian Brauner
1f109d47e2
lxc-user-nic: re-order #includes 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-03-11 12:09:08 +01:00
Christian Brauner
16af238036
CVE-2017-5985: Ensure target netns is caller-owned 
Before this commit, lxc-user-nic could potentially have been tricked into
operating on a network namespace over which the caller did not hold privilege.

This commit ensures that the caller is privileged over the network namespace by
temporarily dropping privilege.

Launchpad: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1654676
Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-03-09 11:35:16 -05:00
Christian Brauner
7c583068ce Merge pull request #1453 from hallyn/2017-03-06/seccomp 
seccomp: set SCMP_FLTATR_ATL_TSKIP if available
 2017-03-06 22:43:06 +01:00
Serge Hallyn
127c52930b seccomp: set SCMP_FLTATR_ATL_TSKIP if available 
Newer libseccomp has a flag called SCMP_FLTATR_ATL_TSKIP which
allows syscall '-1' (nop) to be executed.  Without that flag,
debuggers cannot skip system calls inside containers.  For reference,
see the seccomp(2) manpage, which says:

	The tracer can skip the system call by changing the system call  number  to  -1.

and see the seccomp issue #80

Signed-off-by: Serge Hallyn <serge@hallyn.com>
 2017-03-06 14:30:50 -06:00
Serge Hallyn
81e4574cc2 Merge pull request #1449 from brauner/2017-03-03/fix_trim 
cgfsng: make trim() safer
 2017-03-02 18:16:16 -06:00
Christian Brauner
2c28d76baa
cgfsng: make trim() safer 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-03-03 00:33:40 +01:00
Stéphane Graber
fb8df267ca Merge pull request #1447 from brauner/2017-02-27/fix_logging_timestamps 
log: fix lxc_unix_epoch_to_utc()
 2017-02-27 11:50:21 -05:00
Christian Brauner
86698d3885
log: fix lxc_unix_epoch_to_utc() 
The conversion algorithm used uses a clever trick by letting a year start at 1
March. So we need to add 1 for January and February.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-02-27 16:02:24 +01:00
Stéphane Graber
e3e54165fe Merge pull request #1445 from brauner/2017-02-26/dumb_down_invalid_sigchld_warning 
start: dumb down SIGCHLD from WARN() to NOTICE()
 2017-02-26 11:12:43 -05:00