proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-05 09:37:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
8,455 Commits 6 Branches 17 Tags 29 MiB
c425edc661
Commit Graph

8455 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
KATOH Yasufumi
c425edc661 doc: Fix and improve Japanese translation 
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Reviewed-by: Hiroaki Nakamura <hnakamur@gmail.com>
 2019-05-09 15:47:16 +09:00
KATOH Yasufumi
7dd6ead904 doc: Update Japanese lxc.container.conf(5) 
This is the translation for the following description:
  - lxc.seccomp.notify.proxy (commit 8a64375)
  - host side veth device static routes (commit d4a7da4)
  - IPVLAN (commit c9f5238)
  - Layer 2 proxy mode (commit 6509154)
  - gateway device route mode (commit a2f9a67)

and fix typo in English man page.

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
 2019-05-08 21:48:15 +09:00
Christian Brauner
b1045fd37b
Merge pull request #2982 from Rachid-Koucha/patch-5 
Devices created in rootfs instead of rootfs/dev
 2019-05-07 16:14:51 +02:00
Rachid Koucha
28eb86bd43
Devices created in rootfs instead of rootfs/dev 
Added /dev in the mknod commands.

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>
 2019-05-07 16:03:02 +02:00
Christian Brauner
668084bb25
Merge pull request #2981 from tomponline/tp-veth-gateway 
network: Re-works veth gateway logic
 2019-05-07 15:50:43 +02:00
tomponline
009d612748 network: Re-works veth gateway logic 
Handles more errors and gives better error messages.

Signed-off-by: tomponline <thomas.parrott@canonical.com>
 2019-05-07 14:38:23 +01:00
Christian Brauner
1732294cab
Merge pull request #2979 from tomponline/tp-vlan-mtu 
network: Makes vlan network interfaces set mtu before upscript called
 2019-05-07 14:03:52 +02:00
Christian Brauner
2c07c966f9
Merge pull request #2978 from tomponline/tp-ipvlan-mtu 
network: Adds custom mtu support for ipvlan interfaces
 2019-05-07 13:37:38 +02:00
tomponline
3e2a7b083b network: Makes vlan network interfaces set mtu before upscript called 
This is consistent with veth and ipvlan types.

Also makes the debug message for success occur after up script has run.

Also makes device clean up on error more thorough and consistent.

Signed-off-by: tomponline <thomas.parrott@canonical.com>
 2019-05-07 12:34:34 +01:00
tomponline
006e135e22 network: Adds custom mtu support for ipvlan interfaces 
Signed-off-by: tomponline <thomas.parrott@canonical.com>
 2019-05-07 12:13:46 +01:00
Stéphane Graber
19a503200d
Merge pull request #2976 from brauner/2019-05-06/bugfixes 
seccomp: document path calculation
 2019-05-06 15:10:20 -04:00
Stéphane Graber
7e30d659c3
Merge pull request #2977 from brauner/2019-05-06/pidfd_send_signal 
raw_syscalls: add initial support for pidfd_send_signal()
 2019-05-06 14:36:50 -04:00
Christian Brauner
d9bb2fbab6
raw_syscalls: add initial support for pidfd_send_signal() 
Well, I added this syscall so we better use it. :)

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-05-06 10:49:31 +02:00
Christian Brauner
18847d37dd
seccomp: document path calculation 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-05-06 09:39:40 +02:00
Stéphane Graber
192023dd5a
Merge pull request #2974 from brauner/master 
tree-wide: make socket SOCK_CLOEXEC
 2019-05-05 00:20:06 -04:00
Stéphane Graber
3ade816713
Merge pull request #2975 from brauner/2019-05-04/returns_twice 
compiler: add __returns_twice attribute
 2019-05-05 00:19:51 -04:00
Christian Brauner
633cb8bee3
compiler: add __returns_twice attribute 
The returns_twice attribute tells the compiler that a function may return more
than one time. The compiler will ensure that all registers are dead before
calling such a function and will emit a warning about the variables that may be
clobbered after the second return from the function. Examples of such functions
are setjmp and vfork. The longjmp-like counterpart of such function, if any,
might need to be marked with the noreturn attribute.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-05-04 13:35:51 +02:00
Christian Brauner
0854538f13
Merge pull request #2973 from tomponline/tp-gw-dev 
network: Adds gateway device route mode
 2019-05-04 12:56:45 +02:00
Christian Brauner
9e8c3ebeb5
Merge pull request #2968 from tomponline/tp-ipvlan-l2proxy 
network: Static routes for IPVLAN with L2PROXY
 2019-05-03 21:09:37 +02:00
tomponline
b670016ac9 network: Adds ipvlan static routes for l2proxy mode 
Signed-off-by: tomponline <thomas.parrott@canonical.com>
 2019-05-03 19:59:24 +01:00
Christian Brauner
ad9429e529
tree-wide: make socket SOCK_CLOEXEC 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-05-03 20:35:02 +02:00
tomponline
a2f9a6706d network: Adds gateway device route mode 
Adds ability to specify "dev" as the gateway value, which will cause a device route to be set as default gateway.

Signed-off-by: tomponline <thomas.parrott@canonical.com>
 2019-05-03 15:08:49 +01:00
Christian Brauner
5b94d538dd
Merge pull request #2964 from tomponline/tp-l2proxy 
network: Adds layer 2 (ARP/NDP) proxy mode
 2019-05-03 12:36:00 +02:00
Stéphane Graber
9e1accb9d2
Merge pull request #2972 from brauner/2019-05-02/seccomp_notify_mem_fd 
seccomp: send process memory fd
 2019-05-02 16:56:10 -04:00
Christian Brauner
99b68bdb48
Merge pull request #2971 from hallyn/2019-05-01/nsshare.2 
namespaces: allow a pathname to a nsfd for namespace to share
 2019-05-02 22:55:51 +02:00
Christian Brauner
5ed06d3ad6
seccomp: send process memory fd 
There's an inherent race when reading a process's memory. The easiest way is to
have liblxc get an fd and check that the race was one, send it to the caller
(They are free to ignore it if they don't use recvmsg()).

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-05-02 17:06:00 +02:00
Serge Hallyn
39e6fd369d namespaces: allow a pathname to a nsfd for namespace to share 
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
 2019-05-02 06:10:15 -07:00
tomponline
6509154de1 network: Adds layer 2 (ARP/NDP) proxy mode 
Adds the lxc.net.[i].l2proxy flag that can be either 0 or 1.

Defaults to 0.

This, when used with lxc.net.[i].link, will add IP neighbour proxy entries on the linked device
for any IPv4 and IPv6 addresses on the container's network device.

Additionally, for IPv6 addresses it will check the following sysctl values and fail with an error if not set:

	net.ipv6.conf.[link].proxy_ndp=1
	net.ipv6.conf.[link].forwarding=1

Signed-off-by: tomponline <thomas.parrott@canonical.com>
 2019-05-02 14:07:28 +01:00
Stéphane Graber
0b5afd323e
Merge pull request #2969 from brauner/2019-05-01/seccomp_fixes 
seccomp: ensure fields are set to 0
 2019-05-01 12:44:48 -04:00
Christian Brauner
370460664f
seccomp: ensure fields are set to 0 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-05-01 18:35:58 +02:00
Christian Brauner
ea84ddf9e2
Merge pull request #2950 from tomponline/tp-ipvlan 
network: Adds IPVLAN support
 2019-05-01 18:24:56 +02:00
tomponline
c9f5238291 network: Adds IPVLAN support 
Example usage:

	lxc.net[i].type=ipvlan
	lxc.net[i].ipvlan.mode=[l3|l3s|l2] (defaults to l3)
	lxc.net[i].ipvlan.flags=[bridge|private|vepa] (defaults to bridge)
	lxc.net[i].link=eth0
	lxc.net[i].flags=up

Signed-off-by: tomponline <thomas.parrott@canonical.com>
 2019-05-01 10:10:44 +01:00
Stéphane Graber
28805eb0e7
Merge pull request #2967 from brauner/2019-05-01/seccomp_notifier_api_removal 
seccomp: remove alignment requirements
 2019-04-30 23:16:46 -04:00
Christian Brauner
2a621ecedd
seccomp: remove alignment requirements 
since apparently there are insane programming languages out there that just
silently remove packed members in structs.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-05-01 02:04:02 +02:00
Stéphane Graber
2bad947676
Merge pull request #2966 from brauner/2019-05-01/seccomp_notifier_api_removal 
seccomp: don't commit to an api just yet
 2019-04-30 19:42:33 -04:00
Christian Brauner
ebc1c319f6
seccomp: don't commit to an api just yet 
I'm not sure that I want to be married (to this layout) just yet.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-05-01 01:29:06 +02:00
Stéphane Graber
0b8bb8db54
Merge pull request #2965 from brauner/2019-05-01/seccomp_notifier_fixes 
seccomp: notifier fixes
 2019-04-30 18:53:21 -04:00
Christian Brauner
2ac0f627f5
seccomp: notifier fixes 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-05-01 00:36:41 +02:00
Christian Brauner
8d539bc9a8
Merge pull request #2961 from tomponline/tp-static-net-funcs 
network: Makes some routing functions static
 2019-04-30 11:46:24 +02:00
tomponline
8f82874c8c network: Makes some routing functions static 
The following functions can be made static for consistency:

	lxc_ipv4_dest_add
	lxc_ipv6_dest_add
	lxc_ip_route_dest_add (renamed)

Signed-off-by: tomponline <thomas.parrott@canonical.com>
 2019-04-30 10:33:29 +01:00
Christian Brauner
75614e8e52
Merge pull request #2960 from tomponline/tp-seccomp-apiext-docs 
docs: Adds missing doc entries for seccomp related API extensions
 2019-04-30 11:17:40 +02:00
tomponline
7b766ddc3a docs: Adds missing doc entries for seccomp related API extensions 
Signed-off-by: tomponline <thomas.parrott@canonical.com>
 2019-04-30 10:14:55 +01:00
Christian Brauner
5efab6bf45
Merge pull request #2949 from tomponline/tp-veth-routes 
network: Adds veth static routes feature
 2019-04-29 17:15:38 +02:00
Christian Brauner
7815c73372
Merge pull request #2957 from tomponline/tp-macvlan-mode 
network: Fixes bug in macvlan mode selection
 2019-04-29 16:17:42 +02:00
tomponline
b56680fd74 network: Fixes bug in macvlan mode selection 
Signed-off-by: tomponline <thomas.parrott@canonical.com>
 2019-04-29 15:11:17 +01:00
Stéphane Graber
978dfc7ec4
Merge pull request #2956 from brauner/2019-04-29/seccomp_trap_cleanup 
seccomp: cleanup
 2019-04-29 09:47:29 -04:00
Christian Brauner
c3e3c21a10
seccomp: cleanup 
Simplify and cleanup some of the seccomp code. This mainly focuses on removing
the open coding of various seccomp settings all over the code place in favor of
centralized helpers.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-04-29 15:17:31 +02:00
Stéphane Graber
27b737093d
Merge pull request #2955 from tomponline/tp-ignore-test-build 
tests: Updates .gitignore to ignore test build artefacts
 2019-04-29 08:59:32 -04:00
Stéphane Graber
c62784df38
Merge pull request #2954 from tomponline/tp-vlan-hook 
network: Fixes vlan hook script
 2019-04-29 08:59:20 -04:00
tomponline
9574a3780a tests: Updates .gitignore to ignore test build artefacts 
Signed-off-by: tomponline <thomas.parrott@canonical.com>
 2019-04-29 09:50:06 +01:00