proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-14 01:39:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
8,713 Commits 6 Branches 17 Tags 29 MiB
d1fcb47a33
Commit Graph

8713 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Christian Brauner
c121b3000f
Merge pull request #3063 from lifeng68/fix_memory_leak 
cgfsng: fix memory leak in lxc_cpumask_to_cpulist
 2019-06-27 09:40:55 +02:00
LiFeng
24cac6aff1 cgfsng: fix memory leak in lxc_cpumask_to_cpulist 
Signed-off-by: LiFeng <lifeng68@huawei.com>
 2019-06-27 00:00:09 -04:00
Rachid Koucha
eff0e7bbd8
Container's specific file/directory names 
To be used when making file/directory names for containers (e.g. in lxccontainer.c)

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>
 2019-06-21 14:20:04 +02:00
Christian Brauner
679289bf5f
lxccontainer: rework seccomp notify api function 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-06-21 12:59:36 +02:00
Stéphane Graber
daf6a727aa
Merge pull request #3056 from brauner/2019-06-20/cpuset 
cgfsng: write cpuset.mems of correct ancestor
 2019-06-20 13:54:12 -04:00
Christian Brauner
f68ea354f4
cgfsng: write cpuset.mems of correct ancestor 
Reported-by: Free Ekanayaka <free.ekanayaka@canonical.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-06-20 19:37:09 +02:00
Rachid Koucha
1b5d4bd864
Use file/directory names from macro.h 
To make the file/directory names, use the defines from macro.h

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>
 2019-06-20 18:24:21 +02:00
Christian Brauner
23852ec4d0
Merge pull request #3052 from tanyifeng/fd_leak 
parse.c: fix fd leak from memfd_create
 2019-06-20 11:33:41 +02:00
t00416110
22c8ac96f6 parse.c: fix fd leak from memfd_create 
Signed-off-by: t00416110 <tanyifeng1@huawei.com>
 2019-06-20 16:26:59 -04:00
Christian Brauner
2fea2116c9
Merge pull request #3050 from hallyn/pkgconfig 
lxc.pc.in: add libs.private for static linking
 2019-06-18 21:09:28 +02:00
Serge Hallyn
a65cce2f9d lxc.pc.in: add libs.private for static linking 
None of them seem to support pkg-config themselves, else we could add
them to Requires.private.

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
 2019-06-18 13:13:34 -05:00
Christian Brauner
52ac245b52
Merge pull request #3047 from Rachid-Koucha/patch-11 
Fixed file descriptor leak for network namespace
 2019-06-16 04:11:35 +02:00
Rachid Koucha
aa0c0e7b8a
Fixed file descriptor leak for network namespace 
In privileged mode, the container startup looses a file descriptor for "handler->nsfd[LX_NS_NET]". At line 1782, we preserve the namespaces file descriptor (in privileged mode, the network namespace is also preserved) :
	for (i = 0; i < LXC_NS_MAX; i++)
		if (handler->ns_on_clone_flags & ns_info[i].clone_flag)
			INFO("Cloned %s", ns_info[i].flag_name);

	if (!lxc_try_preserve_namespaces(handler, handler->ns_on_clone_flags, handler->pid)) {
		ERROR("Failed to preserve cloned namespaces for lxc.hook.stop");
		goto out_delete_net;
	}

Then at line 1830, we preserve one more time the network namespace :
		ret = lxc_try_preserve_ns(handler->pid, "net");
		if (ret < 0) {
			if (ret != -EOPNOTSUPP) {
				SYSERROR("Failed to preserve net namespace");
				goto out_delete_net;
			}
The latter overwrites the file descriptor already stored in handler->nsfd[LXC_NS_NET] at line 1786.

So, this fix checks that the entry is not already filled.

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>
 2019-06-15 15:17:50 +02:00
Serge Hallyn
3d43f6113b
Merge pull request #3045 from hallyn/2019-06-13/openssl 
[RFC\ Switch from gnutls to openssl for sha1
 2019-06-14 23:00:48 -05:00
Stéphane Graber
bd6c1ff60b
Merge pull request #3046 from brauner/lxc/master 
network: fix lxc_netdev_rename_by_index()
 2019-06-14 07:48:31 -04:00
Christian Brauner
90d79629cb
network: fix lxc_netdev_rename_by_index() 
Return an error code when the name is invalid instead of pretending that things
are fine.

Closes #3044.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-06-14 12:39:20 +02:00
Serge Hallyn
fa2bb6ba53 Switch from gnutls to openssl for sha1 
The reason for this is because openssl can be statically linked
against, gnutls cannot.

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
 2019-06-13 22:19:27 -05:00
Christian Brauner
f00010ff82
Merge pull request #3042 from tenforward/japanese 
doc: add a note about shared ns + LSMs to Japanese doc
 2019-06-13 14:10:00 +02:00
KATOH Yasufumi
3c452dec31 doc: add a note about shared ns + LSMs to Japanese doc 
Update for commit 8de9038436

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
 2019-06-13 21:05:24 +09:00
Stéphane Graber
23b50e75af
Merge pull request #3041 from brauner/2019-06-12/seccomp_notify_fixes 
seccomp: do not set SECCOMP_FILTER_FLAG_NEW_LISTENER
 2019-06-12 08:18:24 -04:00
Christian Brauner
2959742385
Merge pull request #3040 from Rachid-Koucha/patch-11 
Centralize hook names
 2019-06-12 14:15:39 +02:00
Christian Brauner
f73adb35fb
seccomp: do not set SECCOMP_FILTER_FLAG_NEW_LISTENER 
Do not set SECCOMP_FILTER_FLAG_NEW_LISTENER as seccomp attribute.
Prior to libseccomp merging support for SECCOMP_RET_USER_NOTIF there was a
libseccomp specific attribute that needed to be set before
SECCOMP_RET_USER_NOTIF could be used. This has been removed.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-06-12 13:42:25 +02:00
Rachid Koucha
3ea957c616
Centralize hook names 
The hook string names must not be repeated in the source code to facilitate future changes

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>
 2019-06-12 08:36:40 +02:00
Stéphane Graber
16512e0c36
Merge pull request #3039 from brauner/master 
seccomp: add ifdefine for SECCOMP_FILTER_FLAG_NEW_LISTENER
 2019-06-11 18:11:32 -04:00
Christian Brauner
fe02f63c08
seccomp: add ifdefine for SECCOMP_FILTER_FLAG_NEW_LISTENER 
So that we can deal with older kernels.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-06-12 00:02:49 +02:00
Stéphane Graber
b322965e7e
Merge pull request #3038 from brauner/master 
seccomp: s/SCMP_FLTATR_NEW_LISTENER/SECCOMP_FILTER_FLAG_NEW_LISTENER/g
 2019-06-11 17:53:05 -04:00
Christian Brauner
2e5bcac329
seccomp: s/SCMP_FLTATR_NEW_LISTENER/SECCOMP_FILTER_FLAG_NEW_LISTENER/g 
Align with upstream libseccomp.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-06-11 23:51:34 +02:00
Stéphane Graber
76b65b40c2
Merge pull request #3037 from brauner/master 
seccomp: align with upstream libseccomp
 2019-06-11 17:43:10 -04:00
Christian Brauner
d7d2d2d9a5
seccomp: s/HAVE_DECL_SECCOMP_NOTIF_GET_FD/HAVE_DECL_SECCOMP_NOTIFY_FD/g 
Align with upstream libseccomp.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-06-11 23:36:56 +02:00
Christian Brauner
9965620643
seccomp: /sseccomp_notif_free/seccomp_notify_free/g 
Align with upstream libseccomp.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-06-11 23:34:33 +02:00
Christian Brauner
1f51fc702b
seccomp: s/seccomp_notif_alloc/seccomp_notify_alloc/g 
Align with upstream libseccomp.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-06-11 23:33:22 +02:00
Christian Brauner
72b101aedf
seccomp: s/seccomp_notif_id_valid/seccomp_notify_id_valid/g 
Align with upstream libseccomp.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-06-11 23:32:19 +02:00
Christian Brauner
3c216fe27b
seccomp: s/seccomp_notif_send_resp/seccomp_notify_respond/g 
Align with upstream libseccomp.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-06-11 23:31:12 +02:00
Christian Brauner
e3998402d6
seccomp: s/seccomp_notif_receive/seccomp_notify_receive/g 
Align with upstream libseccomp.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-06-11 23:29:39 +02:00
Christian Brauner
da9c8317e8
seccomp: s/seccomp_notif_get_fd/seccomp_notify_fd/g 
Align with upstream libseccomp.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-06-11 23:27:33 +02:00
Christian Brauner
02ca9d758e
seccomp: s/SCMP_ACT_USER_NOTIF/SCMP_ACT_NOTIFY/g 
Align with upstream libseccomp.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-06-11 23:25:44 +02:00
Christian Brauner
e9ab177d3f
Merge pull request #3032 from promlow/lxcbasename_fix 
proposed fix for #2892 - fix lxcbasename in lxc/lxccontainer.c
 2019-06-07 02:35:39 +02:00
Stéphane Graber
20a64b0b0d
Merge pull request #3034 from brauner/2019-06-05/boot_id 
start: generate new boot id on container start
 2019-06-06 12:57:11 +02:00
Christian Brauner
2050265234
start: generate new boot id on container start 
Closes #3027.

BugLink: https://bugs.launchpad.net/bugs/1831258
Cc: Dimitri John Ledkov <xnox@ubuntu.com>
Cc: Scott Moser <smoser@ubuntu.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-06-06 01:20:37 +02:00
Paul Romlow
85e02f5600 proposed fix for #2892 - fix lxcbasename in lxc/lxccontainer.c 
Signed-off-by: Paul Romlow <paul@romlow.com>
 2019-06-05 13:28:21 -05:00
Stéphane Graber
1d51e3de49
Merge pull request #3029 from brauner/2019-06-05/fix_offline_cpus 
cgroups: prevent segfault
 2019-06-05 13:09:42 +02:00
Christian Brauner
8e75ed57cc
Merge pull request #3031 from Rachid-Koucha/patch-11 
Make /tmp accessible to any user
 2019-06-05 13:08:39 +02:00
Rachid Koucha
a725bbc4b7
Make /tmp accessible to any user 
/tmp created with "rwxrwxrwt" mode

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>
 2019-06-05 13:04:11 +02:00
Christian Brauner
dcd14a3db6
cgroups: prevent segfault 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-06-05 09:31:17 +02:00
Christian Brauner
fa0330c9c0
Merge pull request #3028 from lifeng68/fix_memory_leak 
start: fix handler memory leak at lxc_init failed
 2019-06-05 06:56:17 +02:00
LiFeng
39cb2d9ee8 start: fix handler memory leak at lxc_init failed 
Signed-off-by: LiFeng <lifeng68@huawei.com>
 2019-06-05 00:44:17 -04:00
Christian Brauner
c86d12141a
Merge pull request #3026 from xmcqueen/master 
lxc_usernsexec: continuing after unshare fails leads to confusing and…
 2019-06-04 16:11:42 +02:00
Brian McQueen
dfe4a687a2 lxc_usernsexec: continuing after unshare fails leads to confusing and misleading error messages 
Signed-off-by: Brian McQueen <bmcqueen@linkedin.com>
 2019-06-04 06:46:37 -07:00
Stéphane Graber
94d3c14dd7
Merge pull request #3014 from brauner/2019-05-24/cgroups_handle_offline_cpus 
cgroups: handle offline cpus in v1 hierarchy
 2019-06-04 13:52:07 +02:00
Christian Brauner
1eaa8c428a
Merge pull request #3024 from avkvl/fix_groups_with_a_lot_of_members 
lxc-user-net: Failed to convert string " Failed to get group name" to integer
 2019-06-04 10:49:57 +02:00