proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-01 01:04:07 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
5,245 Commits 6 Branches 17 Tags 29 MiB
cccd2219a4
Commit Graph

5245 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Christian Brauner
ce831b3b88
tree-wide: include <sys/sysmacros.h> directly 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-03-20 15:42:50 +01:00
Stéphane Graber
81f8080a6a Merge pull request #1474 from evgeni/no-default-passwords 
don't set a default password for altlinux, gentoo, openmandriva and pld
 2017-03-19 15:01:21 -04:00
Stéphane Graber
f341f1aea8 Merge pull request #1473 from taikedz/keyservfix 
Allow setting the key server as an environment variable
 2017-03-19 15:00:03 -04:00
Evgeni Golov
436ab4be72 don't set a default password for altlinux, gentoo, openmandriva and pld 
Refs: #1158
Signed-off-by: Evgeni Golov <evgeni@debian.org>
 2017-03-19 18:48:22 +01:00
Tai Kedzierski
a9a53b5070 Change variable check to match existing style 
Signed-off-by: Tai Kedzierski <dch.tai@gmail.com>
 2017-03-19 17:28:26 +00:00
Tai Kedzierski
d2e5c5d18f lxc-download.in / Document keyserver change in help 
Signed-off-by: Tai Kedzierski <dch.tai@gmail.com>
 2017-03-19 09:27:42 +00:00
Tai Kedzierski
a6a7c7d191 lxc-download.in / allow setting keyserver from env 
Checks if DOWNLOAD_KEYSERVER has already been set in the environment before setting a value

Signed-off-by: Tai Kedzierski <dch.tai@gmail.com>
 2017-03-19 09:21:29 +00:00
Christian Brauner
b49bb7dce8 Merge pull request #1468 from stgraber/master 
python3: Deal with potential NULL char*
 2017-03-17 10:45:10 +01:00
Stéphane Graber
f194007973
python3: Deal with potential NULL char* 
Closes #1466

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
 2017-03-17 10:15:02 +01:00
Stéphane Graber
1fc76a07d4 Merge pull request #1433 from rjmccabe3701/bugfix/run-within-docker 
Added 'mkdir -p' functionality in create_or_remove_cgroup
 2017-03-15 19:41:13 -04:00
Stéphane Graber
6e42a5ea63 Merge pull request #1465 from geaaru/lxc-sabayon-unpriv 
[lxc-sabayon] Disable _unprivileged_shift_owner for create unprivileg…
 2017-03-15 19:10:36 -04:00
Geaaru
3d288bbe37 [lxc-sabayon] Disable _unprivileged_shift_owner for create unprivileged container images for lxd and lxc-download. 
Signed-off-by: Geaaru <geaaru@gmail.com>
 2017-03-15 20:23:39 +01:00
Stéphane Graber
bb2f438985 Merge pull request #1463 from armchair-philosophy/up_templates_arch 
[templates] archlinux: resolve conflicting files
 2017-03-14 20:47:21 -04:00
otofune
d720fa1130 [templates] archlinux: noneed default_timezone variable 
Signed-off-by: otofune <otofune@gmail.com>
 2017-03-15 09:38:18 +09:00
otofune
349fadd6e3 [templates] archlinux: resolve conflicting files 
- already found /etc/localtime
- duplicate creation /etc/resolv.conf

Signed-off-by: otofune <otofune@gmail.com>
 2017-03-15 09:17:07 +09:00
Christian Brauner
9b001960df Merge pull request #1462 from hallyn/2017-03-14/checknewuidmap 
lxc-checkconfig: verify new[ug]idmap are setuid-root
 2017-03-14 20:41:25 +01:00
Serge Hallyn
f974149d92 lxc-checkconfig: verify new[ug]idmap are setuid-root 
Signed-off-by: Serge Hallyn <serge@hallyn.com>
 2017-03-14 13:18:01 -05:00
Christian Brauner
50de283493 Merge pull request #1461 from jirutka/alpine 
lxc-alpine: few modifications
 2017-03-14 19:01:08 +01:00
Jakub Jirutka
72ead1c054
lxc-alpine: use dl-cdn.a.o as default mirror instead of random one 
Some mirrors from the mirrors list are not very reliable and it seems
that no one really wants to use some random mirror as the default
option.

Signed-off-by: Jakub Jirutka <jakub@jirutka.cz>
 2017-03-14 17:58:19 +01:00
Jakub Jirutka
288142218a
lxc-alpine: add community repository to default repositories 
Signed-off-by: Jakub Jirutka <jakub@jirutka.cz>
 2017-03-14 17:50:35 +01:00
Christian Brauner
d32e7cd7f3 Merge pull request #1460 from stgraber/master 
Patch from Harald Dunkel + tweak
 2017-03-14 14:36:02 +01:00
Stéphane Graber
bd657b44e9
Fix mixed tab/spaces in previous patch 
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
 2017-03-14 12:44:35 +00:00
Harald Dunkel
8fc698019c
Fix lxc-containers to support multiple bridges 
Signed-off-by: Harald Dunkel <harald.dunkel@aixigo.de>
 2017-03-14 12:42:15 +00:00
Serge Hallyn
7fae49187a Merge pull request #1458 from brauner/2017-01-28/lxc_user_nic_ensure_target_netns_is_caller_owned 
lxc-user-nic: improvements
 2017-03-12 16:18:06 -05:00
Christian Brauner
9aaaad30ac
conf: only try to delete veth when privileged 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-03-11 13:12:52 +01:00
Christian Brauner
54e9a0e13d
lxc-user-nic: delete link on failure 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-03-11 12:42:49 +01:00
Christian Brauner
2b333aee38
lxc-user-nic: improve + bugfix 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-03-11 12:42:45 +01:00
Christian Brauner
1f109d47e2
lxc-user-nic: re-order #includes 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-03-11 12:09:08 +01:00
Christian Brauner
16af238036
CVE-2017-5985: Ensure target netns is caller-owned 
Before this commit, lxc-user-nic could potentially have been tricked into
operating on a network namespace over which the caller did not hold privilege.

This commit ensures that the caller is privileged over the network namespace by
temporarily dropping privilege.

Launchpad: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1654676
Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-03-09 11:35:16 -05:00
Christian Brauner
7c583068ce Merge pull request #1453 from hallyn/2017-03-06/seccomp 
seccomp: set SCMP_FLTATR_ATL_TSKIP if available
 2017-03-06 22:43:06 +01:00
Serge Hallyn
127c52930b seccomp: set SCMP_FLTATR_ATL_TSKIP if available 
Newer libseccomp has a flag called SCMP_FLTATR_ATL_TSKIP which
allows syscall '-1' (nop) to be executed.  Without that flag,
debuggers cannot skip system calls inside containers.  For reference,
see the seccomp(2) manpage, which says:

	The tracer can skip the system call by changing the system call  number  to  -1.

and see the seccomp issue #80

Signed-off-by: Serge Hallyn <serge@hallyn.com>
 2017-03-06 14:30:50 -06:00
Serge Hallyn
81e4574cc2 Merge pull request #1449 from brauner/2017-03-03/fix_trim 
cgfsng: make trim() safer
 2017-03-02 18:16:16 -06:00
Christian Brauner
2c28d76baa
cgfsng: make trim() safer 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-03-03 00:33:40 +01:00
Stéphane Graber
fb8df267ca Merge pull request #1447 from brauner/2017-02-27/fix_logging_timestamps 
log: fix lxc_unix_epoch_to_utc()
 2017-02-27 11:50:21 -05:00
Christian Brauner
86698d3885
log: fix lxc_unix_epoch_to_utc() 
The conversion algorithm used uses a clever trick by letting a year start at 1
March. So we need to add 1 for January and February.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-02-27 16:02:24 +01:00
Stéphane Graber
e3e54165fe Merge pull request #1445 from brauner/2017-02-26/dumb_down_invalid_sigchld_warning 
start: dumb down SIGCHLD from WARN() to NOTICE()
 2017-02-26 11:12:43 -05:00
Christian Brauner
af4c0f05fc
start: dumb down SIGCHLD from WARN() to NOTICE() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-02-26 12:51:30 +01:00
Christian Brauner
8d7638c73f Merge pull request #1417 from zorun/master 
debian template: Allow to embed a SSH public key in the new container
 2017-02-25 03:02:41 +01:00
Christian Brauner
ad7d44ffec Merge pull request #1444 from evgeni/kill-squeeze 
squeeze is not a supported release anymore, drop the key
 2017-02-23 22:16:32 +01:00
Evgeni Golov
ac12a36f9c squeeze is not a supported release anymore, drop the key 
Signed-off-by: Evgeni Golov <evgeni@debian.org>
 2017-02-23 22:04:56 +01:00
Stéphane Graber
6a1fcb8fb1 Merge pull request #1442 from mkeeler/master 
Fix issue with the clonehostname hook not working for overlayfs snapshot clones
 2017-02-23 12:47:10 -05:00
Matt Keeler
cd85f31e26 Use LXC_ROOTFS_MOUNT in clonehostname hook 
Previously this hook did not work when cloning containers using an overlayfs snapshot as the LXC_ROOTFS_PATH didn't point to the actual filesystem that the container would see. LXC_ROOTFS_MOUNT should be used instead and in fact lxc.container.conf man page says that you usually would want to use the _MOUNT variant.

Signed-off-by: Matt Keeler <mjkeeler7@gmail.com>
 2017-02-23 10:13:16 -05:00
Christian Brauner
4fbf4a3172 Merge pull request #1441 from tych0/only-do-bind-mounts 
c/r: only supply --ext-mount-map for bind mounts
 2017-02-22 18:29:41 +01:00
Christian Brauner
f79384762e Merge pull request #1438 from stgraber/master 
lxc-download: Bump compat level to 4
 2017-02-19 23:13:31 +01:00
Stéphane Graber
3ab18243f2
lxc-download: Bump compat level to 4 
For templates introduced after LXC 2.0 was released.

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
 2017-02-19 15:17:39 -05:00
Stéphane Graber
5ae75b1d59 Merge pull request #1437 from ganto/lxc-fedora 
Various fixes for Fedora bootstrapping on non-Fedora hosts
 2017-02-18 11:52:44 -05:00
Reto Gantenbein
3256fa1797 Fix argument parsing for recently added parameters 
Signed-off-by: Reto Gantenbein <reto.gantenbein@linuxmonk.ch>
 2017-02-18 17:08:48 +01:00
Reto Gantenbein
e93dfa9c34 Adjust indenting 
Signed-off-by: Reto Gantenbein <reto.gantenbein@linuxmonk.ch>
 2017-02-18 17:08:42 +01:00
Reto Gantenbein
509140b0cd Various fixes for bootstrap image download via HTTPS 
- Make sure mirror URL is queried for $FEDORA_RELEASE_DEFAULT
- Fix image path for URLs queried via mirror list

Signed-off-by: Reto Gantenbein <reto.gantenbein@linuxmonk.ch>
 2017-02-18 17:08:36 +01:00
Reto Gantenbein
c898497de8 Fix undefined arch on initial bootstrap setup 
Signed-off-by: Reto Gantenbein <reto.gantenbein@linuxmonk.ch>
 2017-02-18 17:08:29 +01:00