proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-06-11 08:01:02 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,470 Commits 6 Branches 17 Tags 29 MiB
c56a9652d7
Commit Graph

4470 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Christian Brauner
c56a9652d7
tools: lxc_deslashify() handle special cases 
Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
 2016-09-26 19:41:34 +02:00
Stéphane Graber
30498b9e1d Merge pull request #1207 from brauner/2016-09-25/fix_lxc_string_split 
utils: fix lxc_string_split()
 2016-09-25 14:45:22 -04:00
Christian Brauner
605ea1f73b
utils: fix lxc_string_split() 
Make sure we don't return uninitialized memory.

Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
 2016-09-25 17:20:25 +02:00
Christian Brauner
021eb12614 Merge pull request #1206 from cwoac/master 
Fix null derefence if attach is called without access to any tty
 2016-09-25 11:22:21 +02:00
Oliver Matthews
b9a24c4f2f Fix null derefence if attach is called without access to any tty 
Signed-off-by: Oliver Matthews <oliver@codersoffortune.net>
 2016-09-25 09:37:43 +01:00
Christian Brauner
0f73b621c4 Merge pull request #1204 from tych0/close-tty-on-restore 
c/r: detatch from controlling tty on restore
 2016-09-22 00:08:14 +02:00
Tycho Andersen
a7fb6043b9 c/r: detatch from controlling tty on restore 
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
 2016-09-21 21:46:20 +00:00
Stéphane Graber
2b8640dfbf Merge pull request #1201 from brauner/2016-09-21/lxc_ls_no_spaces 
tools: do not add trailing spaces on lxc-ls -1
 2016-09-21 15:34:34 -04:00
Stéphane Graber
9c395c35de Merge pull request #1202 from brauner/2016-09-21/lxc_attach_no_new_priv_fix 
tools: fix lxc-attach regression with -s USER
 2016-09-21 15:33:45 -04:00
Stéphane Graber
5c01fd0b2c Merge pull request #1203 from brauner/2016-09-21/retrieve_mtu_from_bridge 
2016 09 21/retrieve mtu from bridge
 2016-09-21 15:32:00 -04:00
Christian Brauner
729e8bf685
conf: try to retrieve mtu from veth 
When the mtu cannot be retrieved from netdev->link try from veth device.

Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
 2016-09-21 21:07:24 +02:00
Christian Brauner
e9280f6590
conf: retrieve mtu from netdev->link 
When mtu is not set, try to retrieve mtu from netdev->link.

Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
 2016-09-21 20:56:03 +02:00
Christian Brauner
bd4307f0c1
tools: fix lxc-attach regression with -s USER 
Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
 2016-09-21 17:26:19 +02:00
Christian Brauner
27de259f33
tools: do not add trailing spaces on lxc-ls -1 
Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
 2016-09-21 09:15:14 +02:00
Christian Brauner
bb095bebd9 Merge pull request #1197 from ysbnim/master 
Update Korean manuals
 2016-09-20 11:35:53 +02:00
Sungbae Yoo
15f919b9cc doc: Add lxc.no_new_privs to Korean lxc.container.conf(5) 
Update for commit 222ddc

Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
 2016-09-20 18:10:33 +09:00
Stéphane Graber
651ef4efbb Merge pull request #1194 from tych0/cgroup-root-on-dump 
Cgroup root on dump
 2016-09-16 23:20:10 -04:00
Tycho Andersen
09e80d0cc4 c/r: check that cgroup_num_hierarchies > 0 
Otherwise in the error case, we end up subtracting two from the
static_args, which would lead to a segfault :)

Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
 2016-09-16 20:26:31 -06:00
Tycho Andersen
a0c91fccd9 cgroup: drop cgroup_canonical_path 
This is almost never the right thing to use, and we don't use it any more
anyway.

Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
 2016-09-16 15:19:19 -06:00
Tycho Andersen
6df334d158 cgroup: get rid of weird hack in cgfsng_escape 
We initialized cgfsng in a strange way inside of its implementation of
escape so we could use it during checkpoint. Instead, the previous patch
does a hacky initialization in criu.c, and we can get rid of the hacks
elsewhere :)

Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
 2016-09-16 15:19:19 -06:00
Tycho Andersen
0ab5703fcf c/r: pass --cgroup-roots on checkpoint 
CRIU has added support for passing --cgroup-root on dump, which we should
use (see the criu commit 07d259f365f224b32914de26ea0fd59fc6db0001 for
details). Note that we don't have to do any version checking or anything,
because CRIU just ignored --cgroup-root on checkpoint before, so passing it
is safe, and will result in correct behavior when a sufficient version of
CRIU is present.

Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
 2016-09-16 15:19:07 -06:00
Tycho Andersen
aeb3682ff6 utils: add lxc_deslashify 
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
 2016-09-16 15:17:03 -06:00
Tycho Andersen
3666241644 cgroup: add new functions for interacting with hierachies 
N.B. that these are only implemented in cgfsng, but,

15:28:28    tych0 | do we still use cgfs anywhere? or the cgm backend?
15:29:19 stgraber | not anywhere we care about

...I think that's okay.

Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
 2016-09-16 15:17:03 -06:00
Tycho Andersen
5f178bc983 c/r: fix typo in comment 
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
 2016-09-16 15:17:03 -06:00
Stéphane Graber
127a74d7aa Merge pull request #1193 from hallyn/2016-09-16/thierry 
lxc-create -t debian fails on ppc64el arch
 2016-09-16 13:35:42 -04:00
Thierry Fauck
bfbf793616 lxc-create -t debian fails on ppc64el arch 
Template catches arch from uname -m, but for ppc64el system, arch reports ppc64le
which doesn't match image repo.

Signed-off-by: Thierry Fauck <tfauck@free.fr>
Signed-off-by: Serge Hallyn <serge@hallyn.com>
 2016-09-16 08:34:41 -05:00
Christian Brauner
2ca2138322 Merge pull request #1192 from tenforward/japanese 
doc: Add lxc.no_new_privs to Japanese lxc.container.conf(5)
 2016-09-16 09:18:45 +02:00
KATOH Yasufumi
16e58f07bd doc: Add lxc.no_new_privs to Japanese lxc.container.conf(5) 
Update for commit 222ddc

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
 2016-09-16 15:56:45 +09:00
Serge Hallyn
a307c27146 Merge pull request #1166 from brauner/2016-09-02/no_new_privileges 
implement PR_SET_NO_NEW_PRIVS in liblxc
 2016-09-15 20:35:21 -05:00
Stéphane Graber
18000bb3a3 Merge pull request #1187 from lpirl/master 
make rsync deal with sparse files efficiently
 2016-09-14 13:02:43 -04:00
Lukas Pirl
4f142fad8b make rsync deal with sparse files efficiently 
Signed-off-by: Lukas Pirl <git@lukas-pirl.de>
 2016-09-14 17:42:28 +02:00
Christian Brauner
13dbc78075 Merge pull request #1185 from tych0/free-valid-opts-if-necessary 
c/r: free valid_opts if necessary
 2016-09-14 01:16:57 +02:00
Tycho Andersen
f686506dfb c/r: free valid_opts if necessary 
2cb80427bc introduced a malloc without a
matching free.

Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
 2016-09-13 16:43:30 -06:00
Stéphane Graber
f8650a7a2b Merge pull request #1184 from brauner/2016-09-13/zfs_fixes 
lxczfs: small fixes
 2016-09-13 12:23:44 -04:00
Christian Brauner
326b171d39 lxczfs: small fixes 
- We expect destroy to fail in zfs_clone() so try to silence it so users are
  not irritated when they create zfs snapshots.
- Add -r recursive to zfs_destroy(). This code is only hit when a) the
  container has no snapshots or b) the user calls destroy with snapshots. So
  this should be safe. Without -r snapshots will remain.

Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
 2016-09-13 17:22:30 +02:00
Christian Brauner
3622fda038 Merge pull request #1177 from tych0/zero-smaller-migrate-struct 
c/r: zero a smaller than known migrate_opts struct
 2016-09-08 20:52:52 +02:00
Tycho Andersen
2cb80427bc c/r: zero a smaller than known migrate_opts struct 
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
 2016-09-08 18:28:10 +00:00
Christian Brauner
d32bcb1722 Merge pull request #1173 from melato/alpine-cron-v2 
templates: use correct cron version in alpine template
 2016-09-06 16:15:44 +02:00
Alex Athanasopoulos
b68d0b8c3d templates: use correct cron version in alpine template 
Signed-off-by: Alex Athanasopoulos <alex@melato.org>
 2016-09-06 17:09:55 +03:00
Christian Brauner
bca94305af
tests: add test for PR_SET_NO_NEW_PRIVS 
Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
 2016-09-06 15:58:52 +02:00
Christian Brauner
955e2a0237
attach, start: declare PR_{S,G}PR_GET_NO_NEW_PRIVS 
Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
 2016-09-06 15:57:46 +02:00
Christian Brauner
222ddc91a8
doc: add lxc.no_new_privs to lxc.container.conf 
Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
 2016-09-05 22:56:24 +02:00
Christian Brauner
2e812c16a5
attach: use PR_SET_NO_NEW_PRIVS 
- When we detect that the container, we want to attach to, has been stared with
  PR_SET_NO_NEW_PRIVS we attach with PR_SET_NO_NEW_PRIVS as well. (We might
  relax this restriction later but let's be strict for now.)
- When LXC_ATTACH_NO_NEW_PRIVS is set in the flags passed to
  lxc_attach()/attach_child_main() then we set PR_SET_NO_NEW_PRIVS irrespective
  of whether the container was started with PR_SET_NO_NEW_PRIVS or not.
- Set no_new_privs before lsm and seccomp. We probably don't want attach() to
  be able to change the lsm or seccomp policy if the container was started with
  PR_SET_NO_NEW_PRIVS enabled.

Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
 2016-09-05 22:56:22 +02:00
Christian Brauner
ff07d7bb5a
attach: call lxc_container_new() earlier 
We will reuse the newly initialized container for PR_SET_NO_NEW_PRIVS.

Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
 2016-09-05 22:56:20 +02:00
Christian Brauner
1325da7eae
attach_options: add LXC_ATTACH_NO_NEW_PRIVS 
Add a flag for PR_SET_NO_NEW_PRIVS. It is off by default.

Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
 2016-09-05 22:56:17 +02:00
Christian Brauner
029cdff582
start: set PR_SET_NO_NEW_PRIVS when requested 
Set no_new_privs after setting the lsm label. If we do set it before we aren't
allowed to change the label anymore.

Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
 2016-09-05 22:56:06 +02:00
Christian Brauner
5a46f2831e
conf, confile: add option for PR_SET_NO_NEW_PRIVS 
Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
 2016-09-05 20:11:12 +02:00
Christian Brauner
44c4da8e89 Merge pull request #1168 from jerome-pouiller/master 
configure: add --disable-werror
 2016-09-05 20:01:18 +02:00
Stéphane Graber
a47e327c4e Merge pull request #1169 from brauner/2016-09-04/fix_syslog 
syslog tweaks
 2016-09-05 12:51:57 -04:00
Stéphane Graber
e3197b0c0c Merge pull request #1167 from brauner/2016-09-03/fix_log_name 
console: use correct log name
 2016-09-05 12:48:25 -04:00