proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-15 21:26:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
5,022 Commits 6 Branches 17 Tags 29 MiB
d0524eea72
Commit Graph

5022 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Serge Hallyn
55b8c7557a Merge pull request #1537 from brauner/2017-05-05/report_errno_on_monitor_startup_failure 
monitor: report errno on exec() error
 2017-05-05 22:33:51 -05:00
Christian Brauner
00cccc8bd2
monitor: report errno on exec() error 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-05-05 14:37:27 +02:00
Stéphane Graber
f5351e2437 Merge pull request #1533 from brauner/2017-05-02/mount_opts 
conf: pedantry
 2017-05-03 18:35:46 -04:00
Stéphane Graber
2a902a63c5 Merge pull request #1535 from brauner/2017-05-03/api_extension_lxc_is_supported_config_item 
api extension: lxc_config_item_is_supported()
 2017-05-03 18:35:27 -04:00
Christian Brauner
add40e6270
test: add lxc_config_item_is_supported() tests 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-05-03 12:24:39 +02:00
Christian Brauner
1246142888
lxccontainer: add lxc_config_item_is_supported() 
This adds lxc_config_item_is_supported() as API extension. It allows to check
whether a given config item (e.g. lxc.autodev) is supported by this LXC
instance. The function is useful in the following scenarios:
1. Users have compiled liblxc from source and have removed a config items from
   the corresponding struct in confile.c. (For example, embedded users might
   decide to gut a bunch of options that they cannot use.)
2. Callers that want to check for a specific configuration item independent of
   the version numbers exposed in our version.h header.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-05-03 12:12:22 +02:00
Christian Brauner
8912711cac
conf: add MS_LAZYTIME to mount options 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-05-03 11:15:00 +02:00
Christian Brauner
470b359b9d
conf: order mount options 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-05-02 23:37:16 +02:00
Stéphane Graber
2c0807c7c4 Merge pull request #1531 from mar-kolya/master 
Change sshd template to work with Ubuntu 17.04
 2017-05-02 00:07:37 -04:00
Nikolay Martynov
a0430b2f97 Change sshd template to work with Ubuntu 17.04 
A few things have changed and this patch makes container generated for sshd work in Ubuntu

Signed-off-by: Nikolay Martynov <mar.kolya@gmail.com>
 2017-05-01 21:45:10 -04:00
Serge Hallyn
c0614b0c23 Merge pull request #1529 from brauner/2017-04-28/create_proc_if_missing 
utils: tweak lxc_mount_proc_if_needed()
 2017-04-28 20:06:07 -05:00
Christian Brauner
fc2ad9dcdd
utils: tweak lxc_mount_proc_if_needed() 
Create /proc directory if it doesn't exist.

Closes #1475.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-29 00:05:42 +02:00
Christian Brauner
943144d931
conf: non-functional changes 
Closes #1475.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-29 00:05:29 +02:00
Serge Hallyn
1545a1f163 Merge pull request #1528 from brauner/2017-04-28/close_fd_in_lxc_setup_devpts 
conf: close fd in lxc_setup_devpts()
 2017-04-28 09:44:08 -05:00
Christian Brauner
e87bd19ceb
conf: close fd in lxc_setup_devpts() 
This left the file descriptor to the underlying /dev/ptmx file open which
confused the hell out of criu. Let's close it.

Closes https://github.com/lxc/lxd/issues/3243.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-28 15:19:17 +02:00
Christian Brauner
da1ef68cae Merge pull request #1527 from tenforward/japanese 
doc: add lxc.limit to lxc.container.conf(5)
 2017-04-25 11:09:03 +02:00
KATOH Yasufumi
e7267b539e doc: add lxc.limit to lxc.container.conf(5) 
Update for commit 93f9e90

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
 2017-04-25 17:33:36 +09:00
Stéphane Graber
50fce81cd9 Merge pull request #1526 from brauner/2017-04-24/build_lxc_with_musl 
confile: fix musl build
 2017-04-23 21:55:44 -04:00
Christian Brauner
2e6e3febb1
confile: fix musl build 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-24 00:34:48 +02:00
Stéphane Graber
e85e742c9c Merge pull request #1523 from brauner/2017-04-23/improve_cgfsng_debug 
cgroups: improve cgfsng debugging
 2017-04-23 16:50:56 -04:00
Christian Brauner
0bc4a8473d
issue template: fix typo 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-23 22:04:54 +02:00
Christian Brauner
e4aeecf54b
cgroups: improve cgfsng debugging 
In a lot of cases we need a list of the writeable cgroup controllers detected
by the cgfsng driver.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-23 15:06:10 +02:00
Stéphane Graber
2e2cbfd21b Merge pull request #1520 from brauner/2017-04-22/improve_loop 
utils: use loop device helpers from LXD
 2017-04-22 21:10:10 -04:00
Stéphane Graber
170a37711e Merge pull request #1522 from brauner/2017-04-22/lxc_issue_template 
create ISSUE_TEMPLATE.md
 2017-04-22 21:09:44 -04:00
Christian Brauner
8b62db216e
create ISSUE_TEMPLATE.md 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-22 18:40:36 +02:00
Christian Brauner
c6868a1f81
utils: use loop device helpers from LXD 
Use the loop device helpers I wrote for LXD in LXC as well. They should be more
efficient.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-22 14:04:34 +02:00
Christian Brauner
d435aae15b
conf: non-functional changes 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-22 14:01:53 +02:00
Stéphane Graber
dc46df1e42 Merge pull request #1519 from brauner/2017-04-21/setup_pts 
conf: use bind-mount for /dev/ptmx
 2017-04-21 21:12:43 -04:00
Christian Brauner
d5cb35d636
conf: use bind-mount for /dev/ptmx 
AppArmor will refuse on /dev/ptmx being a symlink.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-22 00:14:15 +02:00
Christian Brauner
70761e5ee2
conf: non-functional changes to setup_pts() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-21 23:40:38 +02:00
Serge Hallyn
68a1e26c4f Merge pull request #1514 from brauner/2017-04-18/autoconf_cap_get_file 
autotools: check for cap_get_file
 2017-04-18 19:36:38 -05:00
Christian Brauner
c61079a4d0
caps: return false if caps are not supported 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-19 01:02:10 +02:00
Christian Brauner
69924fff1b
autotools: check for cap_get_file 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-19 01:02:10 +02:00
Stéphane Graber
c69ab769ef Merge pull request #1513 from brauner/2017-04-17/skip_cap_get_file_on_android 
caps: skip file capability checks on android
 2017-04-18 16:00:19 -04:00
Christian Brauner
d6018f88cb
caps: skip file capability checks on android 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-17 23:23:26 +02:00
Christian Brauner
b399477467 Merge pull request #1512 from 0x0916/fix-comment 
attach|unshare: fix the wrong comment
 2017-04-17 17:09:06 +02:00
0x0916
281f36af6d attach|unshare: fix the wrong comment 
Signed-off-by: 0x0916 <w@laoqinren.net>
 2017-04-17 23:02:33 +08:00
Christian Brauner
e6ceab4571 Merge pull request #1511 from evgeni/typo 
fix typo introduced in #1509
 2017-04-17 10:21:12 +02:00
Evgeni Golov
d26582c15a fix typo introduced in #1509 
Signed-off-by: Evgeni Golov <evgeni@debian.org>
 2017-04-17 10:04:57 +02:00
Serge Hallyn
93caf97185 Merge pull request #1509 from brauner/2017-04-15/improve_lxc_id_map 
idmap improvements
 2017-04-16 10:20:50 -05:00
Christian Brauner
1a35a74623 Merge pull request #1510 from 0x0916/fix-ls 
ls: simplify the judgment condition when list active containers
 2017-04-16 14:51:28 +02:00
0x0916
045e2de34a ls: simplify the judgment condition when list active containers 
Signed-off-by: 0x0916 <w@laoqinren.net>
 2017-04-16 18:36:57 +08:00
Christian Brauner
91c3e2814c
conf: improve log when mounting rootfs 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-16 00:59:46 +02:00
Christian Brauner
df6a294548
conf: check for {filecaps,setuid} on new{g,u}idmap 
The new{g,u}idmap binaries where a source of trouble for users when they lacked
sufficient privileges. This commit adds code to check for sufficient privilege.
It checks whether new{g,u}idmap is root owned and has the setuid bit set and if
it doesn't it checks whether new{g,u}idmap is root owned and has CAP_SETUID in
its CAP_PERMITTED and CAP_EFFECTIVE set.

Closes #296.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-16 00:59:46 +02:00
Christian Brauner
207c4c71ee
caps: add lxc_{proc,file}_cap_is_set() 
Add two new helpers that allow to determine whether a given proc or file has a
capability in the given set and move lxc_cap_is_set() to static function that
both call internally.

Closes #296.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-15 22:50:50 +02:00
Christian Brauner
4bc3b75957
conf: lxc_map_ids() non-functional changes 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-15 13:30:00 +02:00
Stéphane Graber
b4f185c70d Merge pull request #1508 from brauner/2017-04-14/add_prlimit_implementation_for_bionic 
android: add prlimit implementation for 32bit
 2017-04-14 18:47:15 -04:00
Christian Brauner
a04f540725
android: add prlimit implementation for 32bit 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2017-04-15 00:18:31 +02:00
Christian Brauner
421a42bfe3 Merge pull request #1504 from Blub/limits-fixup 
start: fix error handling when limits fail to apply
 2017-04-11 17:10:57 +02:00
Wolfgang Bumiller
84ff3af745 start: fix error handling when limits fail to apply 
(The code was moved here from the child side of the startup
without adapting the error case.)

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2017-04-11 16:43:41 +02:00