mirror_lxc

mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-03 21:21:39 +00:00

Author	SHA1	Message	Date
Stéphane Graber	7ee4b4b8f0	Merge pull request #2574 from brauner/2018-08-26/cgroup_keep confile: add lxc.cgroup.keep	2018-08-28 11:06:40 -07:00
Christian Brauner	5a087e056f	cgroups: don't escape if lxc.cgroup.keep is true Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> Cc: Felix Abecassis <fabecassis@nvidia.com> Cc: Jonathan Calmels <jcalmels@nvidia.com>	2018-08-27 03:16:41 +02:00
Christian Brauner	76f0e2e739	confile: add lxc.cgroup.keep This adds the new lxc.cgroup.keep config key. The key can be used to instruct LXC to not escape to never escape to the root cgroup. This makes it easy for users to adhere to restrictions enforced by cgroup2 and systemd. Specifically, this makes it possible to run LXC containers as systemd services. Note that cgroup v1 is considered legacy and will not see additional controllers being added to it. This means that it is safe to use lxc.cgroup.keep as config key since there is no "keep" controller. The only way a conflict can be introduced is if the user is creating a named controller. I think this case can be safely ignored since it is super rare and also the users problem. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> Cc: Felix Abecassis <fabecassis@nvidia.com> Cc: Jonathan Calmels <jcalmels@nvidia.com>	2018-08-27 03:07:51 +02:00
Christian Brauner	a7c4ddea9f	start: do not initialize cgroup_ops twice Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-08-26 19:01:36 +02:00
Wolfgang Bumiller	40a6212ec9	Merge pull request #2570 from brauner/2018-08-23/fix_privileged_logging execute: pass /proc/self/fd/<nr>	2018-08-23 17:58:43 +02:00
Christian Brauner	bf58a98013	execute: pass /proc/self/fd/<nr> Passing /proc/1/fd/<nr> presupposes that CLONE_NEWPID was specified. This isn't the case when users use lxc.namespace.keep = pid to inherit pid namespaces. Pass /proc/self/fd/<nr> instead. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> Reported-by: Mrinal Dhillon <mdhillon@juniper.net>	2018-08-23 17:43:03 +02:00
Stéphane Graber	f24e4d0046	Merge pull request #2569 from brauner/2018-08-23/fix_unpriv_execute_logging execute: skip lxc-init logging when unprivileged	2018-08-23 11:30:14 -04:00
Christian Brauner	5c61824350	execute: skip lxc-init logging when unprivileged Unprivileged app containers will not be able to open the passed in /proc/1/fd/<idx> log path and will thus currently fail completely as soon as any log level or log file is passed. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> Reported-by: Mrinal Dhillon <mdhillon@juniper.net>	2018-08-23 16:34:20 +02:00
Wolfgang Bumiller	c5dc704ae5	Merge pull request #2568 from brauner/2018-08-22/ifaddrs include: add safe getifaddrs() version	2018-08-23 14:26:42 +02:00
Christian Brauner	d029e1defd	Makefile: conditionalize ifaddrs.h inclusion Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-08-23 14:06:54 +02:00
Christian Brauner	59e9eabe0d	ifaddrs: add safe implementation of getifaddrs() The old version was crazy. This replaces it with an internal version based on musl. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-08-23 14:06:54 +02:00
Stéphane Graber	898b34e658	Merge pull request #2565 from brauner/2018-08-22/more_fixes remove last pam_cgfs special-casing	2018-08-22 18:54:18 -04:00
Christian Brauner	95552b1b5c	Merge pull request #2567 from stgraber/master Fix typo	2018-08-22 20:06:14 +02:00
Stéphane Graber	e01516d78d	Fix typo Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>	2018-08-22 13:58:17 -04:00
Christian Brauner	9e99997bd7	conf: add missing headers Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-08-22 15:54:24 +02:00
Christian Brauner	f4274ae889	Makefile: remove last pam_cgfs special-casing Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-08-22 15:54:24 +02:00
Christian Brauner	dca12ddf8d	string_utils: add remove_trailing_slashes() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-08-22 15:54:24 +02:00
Christian Brauner	1f27e82065	string_utils: remove unused headers Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-08-22 15:40:58 +02:00
Christian Brauner	8018dce8c7	string_utils: remove unnecessary include Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-08-22 15:37:41 +02:00
Christian Brauner	bcf6424544	initutils: remove useless comment Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-08-22 15:37:04 +02:00
Christian Brauner	1b0575412a	{file,string}_utils: remove NO_LOG Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-08-22 15:36:15 +02:00
Wolfgang Bumiller	38bce1541e	Merge pull request #2564 from brauner/2018-08-22/strerror_r_detection log: handle strerror_r() versions + autotools: add --{disable,enable}-thread-safety	2018-08-22 14:24:08 +02:00
Christian Brauner	d6457631f0	log: fail build on ENFORCE_THREAD_SAFETY error Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-08-22 13:42:19 +02:00
Christian Brauner	81c76cff14	autotools: add --{disable,enable}-thread-safety Fail the build if --enable-thread-safety is passed and the environment cannot guarantee thread-safety. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-08-22 13:41:43 +02:00
Christian Brauner	607e3fcae1	log: handle strerror_r() versions Closes #2563. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-08-22 13:41:41 +02:00
Christian Brauner	027e437ccb	Merge pull request #2562 from brauner/2018-08-22/check_compiler autotools: check if compiler is new enough	2018-08-22 01:57:28 +02:00
Christian Brauner	95ef0d7c0d	start: add out_sync_fini cleanup label Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-08-22 01:54:40 +02:00
Christian Brauner	9b5724cd58	autotools: check if compiler is new enough We line up with the Linux kernel and won't support any compiler under 4.6. Additionally, we also require at least gnu99 so this is due anyway. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-08-22 00:04:19 +02:00
Stéphane Graber	577abe431b	Merge pull request #2554 from brauner/2018-08-21/attach_fixes attach: bugfixes	2018-08-21 11:59:55 -04:00
Stéphane Graber	723abbab3d	Merge pull request #2561 from brauner/2018-08-21/test_pam_cgfs Makefile: don't allow undefined symbols	2018-08-21 11:58:01 -04:00
Christian Brauner	9089937b5e	Makefile: don't allow undefined symbols Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-08-21 17:27:25 +02:00
Christian Brauner	604ca1c06b	macro: move macros from attach.c Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-08-21 16:55:07 +02:00
Christian Brauner	ef05d36887	attach: move struct declaration to top Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-08-21 16:54:36 +02:00
Christian Brauner	c7ac2e1ca7	macro: s/rexit()/_exit()/g Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-08-21 16:54:34 +02:00
Stéphane Graber	ac907950d8	Merge pull request #2560 from brauner/2018-08-21/fix_fully_unprivileged_containers conf: fix devpts mounting when fully unprivileged	2018-08-21 10:53:57 -04:00
Stéphane Graber	d5f670c12c	Merge pull request #2558 from brauner/2018-08-21/pam_cgfs pam_cgfs: build from the same sources as liblxc	2018-08-21 10:52:46 -04:00
Christian Brauner	ce155c606d	conf: fix devpts mounting when fully unprivileged Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-08-21 16:16:36 +02:00
Christian Brauner	71174d464f	pam_cgfs: build from the same sources as liblxc Closes #2556. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-08-21 13:01:44 +02:00
Christian Brauner	37ef15bbd2	utils: split into {file,string}_utils.{c,h} Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-08-21 13:00:20 +02:00
Christian Brauner	f8f3f6672e	Merge pull request #2559 from ssup2/master start: Fix net iface remaining issue	2018-08-21 12:59:49 +02:00
Jungsub Shin	78852a0c17	start: Fix net iface remaining issue When creating container that has multiple net ifaces fails because of wrong net config, lxc doesn't remove previously created net ifaces. Solve this issue with changing return path in lxc_spawn(). Signed-off-by: Jungsub Shin jungsub_shin@tmax.co.kr	2018-08-21 19:21:59 +09:00
Christian Brauner	501751d09a	Merge pull request #2555 from tcharding/clang-format-cmd cmd: Fix format issues found by clang-format	2018-08-21 11:25:34 +02:00
Christian Brauner	3c84108681	Merge pull request #2557 from 2xsec/bugfix list: fix indent	2018-08-21 11:24:52 +02:00
2xsec	ca9a25048b	list: fix indent Signed-off-by: 2xsec <dh48.jeong@samsung.com>	2018-08-21 15:02:06 +09:00
Tobin C. Harding	2ec1c48453	cmd: Fix format issues found by clang-format clang-format finds a few format issues, lets fix these up. Fix format issues found by clang-format. Signed-off-by: Tobin C. Harding <me@tobin.cc>	2018-08-21 09:56:26 +10:00
Christian Brauner	06d390dfb9	Merge pull request #2552 from tcharding/cpp-check cmd: Lint with cppcheck	2018-08-21 01:37:31 +02:00
Tobin C. Harding	aac44dc4ff	cmd: Reduce scope of 'count' variable Variable is used in one plaice only within a nested statement block. The code is cleaner if the variable is declared near where it is used. Found using cppcheck. Reduce the scope of 'count' variable. Signed-off-by: Tobin C. Harding <me@tobin.cc>	2018-08-21 09:25:30 +10:00
Tobin C. Harding	ba464e9b66	cmd: Do not reassign variable before it is used cppcheck emits warning Variable 'ofd' is reassigned a value before the old one has been used. We do not need to initialise a variable if it is assigned to on first use. Signed-off-by: Tobin C. Harding <me@tobin.cc>	2018-08-21 09:25:30 +10:00
Wolfgang Bumiller	86cea5d143	Merge pull request #2549 from brauner/2018-08-19/cmd_usernsexec_fixes cmd: lxc-usernsexec fixes + macro: move declarations + config_utils: macvlan fixes	2018-08-20 15:35:10 +02:00
Christian Brauner	62a38dfff0	cmd: use goto for cleanup in lxc-usernsexec Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-08-20 15:16:33 +02:00

1 2 3 4 5 ...

7627 Commits