proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-05-30 11:44:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
11,276 Commits 6 Branches 17 Tags 29 MiB
d09a31dba6
Commit Graph

29 Commits

Author SHA1 Message Date
Christian Brauner
d90d30072c
conf: add cgroup2, cgroup2:ro, cgroup2:force, cgroup2:ro:force options 
We keep running into situations where we want to pre-mount a pure
cgroup2 layout regardless of the layout of the host.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-21 16:40:16 +02:00
Stéphane Graber
58795066dc
doc/api-extensions: Grammar fix 
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
 2021-08-09 13:40:49 -04:00
Christian Brauner
3df13023b0
api_extensions: introduce idmapped_mounts_v2 api extension 
This indicates that LXC supports idmapping the rootfs and
idmapped lxc.mount.entry entries.

Link: https://github.com/lxc/lxd/issues/8870
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-06-08 15:59:13 +02:00
Christian Brauner
fa3a003464
api-extensions: add entry for idmapped_mounts 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-04-28 15:39:37 +02:00
Christian Brauner
0dd2e321c2
api-extension: add missing seccomp_proxy_send_notify_fd extension 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-08-06 17:33:09 +02:00
Christian Brauner
2140576960
seccomp: add seccomp_notify_fd_active api extension 
which allows to retrieve an active seccomp notifier fd from a running
container.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-08-06 14:40:13 +02:00
Christian Brauner
f797f05e6e
terminal: safely allocate pts devices from inside the container 
This was a year long journey which seems to finally have come to an end.

Closes: #1620.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-08-05 15:16:51 +02:00
Christian Brauner
c312db1110
api-extensions: add seccomp_allow_deny_syntax extension 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-07-03 15:14:15 +02:00
Christian Brauner
b1248e473b
api: add time_namespace extension 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-06-26 01:03:24 +02:00
Christian Brauner
e9619d75b1
api-extensions: add and document cgroup_advanced_isolation 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-04-04 12:09:21 +02:00
Christian Brauner
f3741b92fd
api-extensions: use correct headings 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-03-11 16:05:13 +01:00
Christian Brauner
712ff18d45
api-extensions: document "network_veth_router" api extension 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-03-11 16:03:09 +01:00
Christian Brauner
51c9ca2ceb
api-extensions: reflow "seccomp_allow_nesting" api extension 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-03-11 16:02:14 +01:00
Christian Brauner
b3883456f5
api-extensions: reflow "seccomp_notify" api extension 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-03-11 16:01:01 +01:00
Christian Brauner
cc08c0f322
api-extensions: reflow "cgroup2_devices" extensions 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-03-11 16:00:34 +01:00
Christian Brauner
15ba80d524
api-extensions: reflow "cgroup2" api extension 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-03-11 16:00:11 +01:00
Christian Brauner
77f5bdc240
api-extensions: add "pidfd" api extension 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-03-11 15:59:44 +01:00
Christian Brauner
fa3621ea82
lxccontainer: add init_pidfd() API extension 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-03-11 15:59:32 +01:00
Christian Brauner
890ecf0860
lxccontainer.h: document seccomp_notify_fd() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-03-11 15:59:32 +01:00
Christian Brauner
c60ee0a929
api-extensions: document cgroup2_devices and cgroup2 api extensions 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-03-05 10:12:28 +01:00
tomponline
3e5c2e691b doc: Documents the lxc.net.[i].veth.mode option 
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
 2019-07-11 12:37:23 +01:00
Thomas Parrott
bc99910758 api: Adds the network_phys_macvlan_mtu extension 
This will allow LXD to check for custom MTU support for phys and macvlan devices.

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
 2019-05-09 16:55:51 +01:00
tomponline
a2f9a6706d network: Adds gateway device route mode 
Adds ability to specify "dev" as the gateway value, which will cause a device route to be set as default gateway.

Signed-off-by: tomponline <thomas.parrott@canonical.com>
 2019-05-03 15:08:49 +01:00
tomponline
6509154de1 network: Adds layer 2 (ARP/NDP) proxy mode 
Adds the lxc.net.[i].l2proxy flag that can be either 0 or 1.

Defaults to 0.

This, when used with lxc.net.[i].link, will add IP neighbour proxy entries on the linked device
for any IPv4 and IPv6 addresses on the container's network device.

Additionally, for IPv6 addresses it will check the following sysctl values and fail with an error if not set:

	net.ipv6.conf.[link].proxy_ndp=1
	net.ipv6.conf.[link].forwarding=1

Signed-off-by: tomponline <thomas.parrott@canonical.com>
 2019-05-02 14:07:28 +01:00
tomponline
c9f5238291 network: Adds IPVLAN support 
Example usage:

	lxc.net[i].type=ipvlan
	lxc.net[i].ipvlan.mode=[l3|l3s|l2] (defaults to l3)
	lxc.net[i].ipvlan.flags=[bridge|private|vepa] (defaults to bridge)
	lxc.net[i].link=eth0
	lxc.net[i].flags=up

Signed-off-by: tomponline <thomas.parrott@canonical.com>
 2019-05-01 10:10:44 +01:00
tomponline
7b766ddc3a docs: Adds missing doc entries for seccomp related API extensions 
Signed-off-by: tomponline <thomas.parrott@canonical.com>
 2019-04-30 10:14:55 +01:00
tomponline
d4a7da4632 network: Adds support host side veth device static routes 
Adds the following new config keys:

	lxc.net.[i].veth.ipv4.route
	lxc.net.[i].veth.ipv6.route
E.g.

	lxc.net.0.veth.ipv4.route = 192.0.2.1/32
	lxc.net.0.veth.ipv4.route = 192.0.3.0/24
	lxc.net.0.veth.ipv6.route = 2001:db8::1/128
	lxc.net.0.veth.ipv6.route = 2001:db8:2::/64

Signed-off-by: tomponline <thomas.parrott@canonical.com>
 2019-04-29 08:38:33 +01:00
Josh Soref
a8b46a6bee spelling: indefinitely 
Signed-off-by: Josh Soref <jsoref@gmail.com>
 2018-10-30 07:12:08 +00:00
Christian Brauner
aafa5f96f6
api_extensions: introduce lxc_has_api_extension() 
This is modeled after LXD's API extension checks. This allows API users
to query the given LXC instance whether a given API extension is
supported.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-09-21 15:17:15 +02:00