proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-01 01:04:07 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
5,245 Commits 6 Branches 17 Tags 29 MiB
cccd2219a4
Commit Graph

5245 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stéphane Graber
dc46df1e42 Merge pull request #1519 from brauner/2017-04-21/setup_pts 
conf: use bind-mount for /dev/ptmx
 2017-04-21 21:12:43 -04:00
Christian Brauner
d5cb35d636
conf: use bind-mount for /dev/ptmx 
AppArmor will refuse on /dev/ptmx being a symlink.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-22 00:14:15 +02:00
Christian Brauner
70761e5ee2
conf: non-functional changes to setup_pts() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-21 23:40:38 +02:00
Serge Hallyn
68a1e26c4f Merge pull request #1514 from brauner/2017-04-18/autoconf_cap_get_file 
autotools: check for cap_get_file
 2017-04-18 19:36:38 -05:00
Christian Brauner
c61079a4d0
caps: return false if caps are not supported 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-19 01:02:10 +02:00
Christian Brauner
69924fff1b
autotools: check for cap_get_file 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-19 01:02:10 +02:00
Stéphane Graber
c69ab769ef Merge pull request #1513 from brauner/2017-04-17/skip_cap_get_file_on_android 
caps: skip file capability checks on android
 2017-04-18 16:00:19 -04:00
Christian Brauner
d6018f88cb
caps: skip file capability checks on android 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-17 23:23:26 +02:00
Christian Brauner
b399477467 Merge pull request #1512 from 0x0916/fix-comment 
attach|unshare: fix the wrong comment
 2017-04-17 17:09:06 +02:00
0x0916
281f36af6d attach|unshare: fix the wrong comment 
Signed-off-by: 0x0916 <w@laoqinren.net>
 2017-04-17 23:02:33 +08:00
Christian Brauner
e6ceab4571 Merge pull request #1511 from evgeni/typo 
fix typo introduced in #1509
 2017-04-17 10:21:12 +02:00
Evgeni Golov
d26582c15a fix typo introduced in #1509 
Signed-off-by: Evgeni Golov <evgeni@debian.org>
 2017-04-17 10:04:57 +02:00
Serge Hallyn
93caf97185 Merge pull request #1509 from brauner/2017-04-15/improve_lxc_id_map 
idmap improvements
 2017-04-16 10:20:50 -05:00
Christian Brauner
1a35a74623 Merge pull request #1510 from 0x0916/fix-ls 
ls: simplify the judgment condition when list active containers
 2017-04-16 14:51:28 +02:00
0x0916
045e2de34a ls: simplify the judgment condition when list active containers 
Signed-off-by: 0x0916 <w@laoqinren.net>
 2017-04-16 18:36:57 +08:00
Christian Brauner
91c3e2814c
conf: improve log when mounting rootfs 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-16 00:59:46 +02:00
Christian Brauner
df6a294548
conf: check for {filecaps,setuid} on new{g,u}idmap 
The new{g,u}idmap binaries where a source of trouble for users when they lacked
sufficient privileges. This commit adds code to check for sufficient privilege.
It checks whether new{g,u}idmap is root owned and has the setuid bit set and if
it doesn't it checks whether new{g,u}idmap is root owned and has CAP_SETUID in
its CAP_PERMITTED and CAP_EFFECTIVE set.

Closes #296.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-16 00:59:46 +02:00
Christian Brauner
207c4c71ee
caps: add lxc_{proc,file}_cap_is_set() 
Add two new helpers that allow to determine whether a given proc or file has a
capability in the given set and move lxc_cap_is_set() to static function that
both call internally.

Closes #296.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-15 22:50:50 +02:00
Christian Brauner
4bc3b75957
conf: lxc_map_ids() non-functional changes 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-15 13:30:00 +02:00
Stéphane Graber
b4f185c70d Merge pull request #1508 from brauner/2017-04-14/add_prlimit_implementation_for_bionic 
android: add prlimit implementation for 32bit
 2017-04-14 18:47:15 -04:00
Christian Brauner
a04f540725
android: add prlimit implementation for 32bit 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-15 00:18:31 +02:00
Christian Brauner
421a42bfe3 Merge pull request #1504 from Blub/limits-fixup 
start: fix error handling when limits fail to apply
 2017-04-11 17:10:57 +02:00
Wolfgang Bumiller
84ff3af745 start: fix error handling when limits fail to apply 
(The code was moved here from the child side of the startup
without adapting the error case.)

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2017-04-11 16:43:41 +02:00
Christian Brauner
64f26a8902 Merge pull request #1276 from Blub/limits 
Resource Limits
 2017-04-11 16:35:06 +02:00
Wolfgang Bumiller
a6390f01cc conf: less error prone pointer access 
These functions define pointer to their key shifted by a
number and guard access to it later via another variable.
Let's make this more explicit (and additionally have the
pointer be NULL in the case where it is not supposed to be
used).

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2017-04-11 14:01:11 +02:00
Wolfgang Bumiller
fe17b651c5 test: resource limit config entries 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2017-04-11 14:01:11 +02:00
Wolfgang Bumiller
93f9e90d72 doc: add lxc.limit to lxc.container.conf 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2017-04-11 14:01:11 +02:00
Wolfgang Bumiller
c6d09e15c5 conf: implement resource limits 
This adds lxc.limit.<name> options consisting of one or two
colon separated numerical values (soft and optional hard
limit). If only one number is specified it'll be used for
both soft and hard limit. Additionally the word 'unlimited'
can be used instead of numbers.

Eg.
  lxc.limit.nofile = 30000:32768
  lxc.limit.stack = unlimited

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2017-04-11 14:01:11 +02:00
Christian Brauner
359f86f975 Merge pull request #1501 from jgillich/patch-1 
remove obsolete note about api stability
 2017-04-08 06:18:43 +02:00
Jakob Gillich
0cb906e681
remove obsolete note about api stability 
Signed-off-by: Jakob Gillich <jakob@gillich.me>
 2017-04-08 03:16:33 +02:00
Stéphane Graber
57f0c5808e Merge pull request #1500 from BegBlev/1498 
make Alpine template more POSIX shell friendly #1498
 2017-04-07 12:09:54 -04:00
Vincent Catros
7276799bd7 avoid assigning to a variable which is not POSIX shell proof (bug #1498) 
Signed-off-by: Vincent Catros <vincent.catros@laposte.net>
 2017-04-07 17:14:44 +02:00
Stéphane Graber
67c9752186 Merge pull request #1494 from d4s/lxcinfo 
Increased buffer length in print_stats()
 2017-03-30 12:26:27 -04:00
Stéphane Graber
1266eb51fb Merge pull request #1493 from t-fohrer/t-fohrer-patch-4 
Avoid waiting for bridge interface on bootup
 2017-03-30 12:11:19 -04:00
Denis Pynkin
1bbc627538
Increased buffer length in print_stats() 
Some "/sys" entries exceeds buffer size.
This results to some statistics loss ('BlkIO' in particular):

 wc -c /sys/fs/cgroup/blkio/lxc/alt/blkio.throttle.io_service_bytes
 318 /sys/fs/cgroup/blkio/lxc/alt/blkio.throttle.io_service_bytes

Signed-off-by: Denis Pynkin <dans@altlinux.org>
 2017-03-30 18:43:25 +03:00
Torsten Fohrer
723d30f7ff Avoid waiting for bridge interface if disabled in sysconfig/lxc | lxc-net via USE_LXC_BRIDGE 
Signed-off-by: Torsten Fohrer <tfohrer@googlemail.com>
 2017-03-30 11:57:14 +02:00
Stéphane Graber
1a9eaaab20 Merge pull request #1432 from brauner/2017-02-15/fix_lxc_execute_return_code 
tools: exit with return code of lxc_execute()
 2017-03-23 17:49:56 -04:00
Christian Brauner
d04813f9b5
Makefile: fix static clang init.lxc build 
Signed-off-by: Serge Hallyn <serge@hallyn.com>
 2017-03-23 22:22:10 +01:00
Stéphane Graber
fcab4fecdb Merge pull request #1487 from t-fohrer/t-fohrer-patch-3 
Keep veth.pair.name on network shutdown
 2017-03-23 11:43:58 -04:00
Torsten Fohrer
ea80ca74d2 Keep veth.pair.name on network shutdown 
In case of a container that is rebooting, freeing veth.pair.name here results in losing given veth.pair name
(Only if given lxc_netdev is reused).

Signed-off-by: Torsten Fohrer <tfohrer@googlemail.com>
 2017-03-23 14:58:33 +01:00
Christian Brauner
69d47ee1c4 Merge pull request #1486 from stgraber/master 
fedora: Fix i386 handling
 2017-03-22 22:30:36 +01:00
Stéphane Graber
e8672a9d71
fedora: Fix i386 handling 
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
 2017-03-22 17:18:47 -04:00
Stéphane Graber
0ccaa85b5b Merge pull request #1483 from johnchen902/patch-1 
Fix opening wrong file in suggest_default_idmap
 2017-03-22 00:38:34 -04:00
John Chen
6be7389a70 Fix opening wrong file in suggest_default_idmap 
Fixing the typo making `suggest_default_idmap` open `subuidfile`
instead of `subgidfile` to read subgid information.

Signed-off-by: Pochang Chen <johnchen902@gmail.com>
 2017-03-22 11:08:47 +08:00
Stéphane Graber
f73d368b72 Merge pull request #1479 from brauner/2017-03-20/sysmacro 
tree-wide: include <sys/sysmacros.h> directly
 2017-03-21 19:19:50 -04:00
Christian Brauner
79061184c2 Merge pull request #1482 from stgraber/master 
tests: Support running on IPv6 networks
 2017-03-21 22:18:16 +01:00
Stéphane Graber
09ef083882
tests: Kill containers (don't wait for shutdown) 
We waste a lot of time waiting for Ubuntu containers to cleanly stop
right before we destroy them anyway.

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
 2017-03-21 16:35:44 -04:00
Stéphane Graber
f332b5d0a0
tests: Support running on IPv6 networks 
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
 2017-03-21 16:23:27 -04:00
Christian Brauner
66c1f8c270
tree-wide: include <sys/sysmacros.h> directly 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-03-21 12:03:16 +01:00
Stéphane Graber
f5c3ae5928 Merge pull request #1476 from brauner/2017-03-20/sysmacro 
tree-wide: include <sys/sysmacros.h> directly
 2017-03-20 11:10:57 -04:00