mirror_lxc

mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-06 17:44:23 +00:00

Author	SHA1	Message	Date
Felix Abecassis	d23c6cc996	Fix license of the nvidia hook Fixes: #2494 Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>	2018-07-28 18:06:58 -07:00
Stéphane Graber	38a8a5e5fa	Merge pull request #2493 from brauner/2018-07-26/bugfixes utils: add lxc_iterate_parts(), compile with -Wvla and -std=gnu11	2018-07-26 10:56:46 -04:00
Christian Brauner	81a56e8029	autotools: default to -Wvla -std=gnu11 We can't really support anything less than gcc-4.8 anyway. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-07-26 16:38:42 +02:00
Christian Brauner	dd94de5a87	include: remove VLAs Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-07-26 16:38:42 +02:00
Christian Brauner	f994bc87af	tests: remove VLAs Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-07-26 16:38:42 +02:00
Christian Brauner	b84eb74f95	Makefile: add missing lxctest.h Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-07-26 16:38:42 +02:00
Christian Brauner	84c5549b66	utils: s/strtok_r()/lxc_iterate_parts()/g Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-07-26 16:38:42 +02:00
Christian Brauner	7de8e0a9b0	tools: s/strtok_r()/lxc_iterate_parts()/g Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-07-26 16:38:42 +02:00
Christian Brauner	eb29852ff4	storage: s/strtok_r()/lxc_iterate_parts()/g Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-07-26 16:38:42 +02:00
Christian Brauner	89aca5a5ee	state: s/strtok_r()/lxc_iterate_parts()/g Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-07-26 16:38:42 +02:00
Christian Brauner	834027f169	parse: s/strtok_r()/lxc_iterate_parts()/g Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-07-26 16:38:42 +02:00
Christian Brauner	803fd7bffe	namespace: s/strtok_r()/lxc_iterate_parts()/g Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-07-26 16:38:42 +02:00
Christian Brauner	3c1f04cdfa	lxccontainer: s/strtok_r()/lxc_iterate_parts()/g Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-07-26 16:38:42 +02:00
Christian Brauner	62dd965e45	confile: s/strtok_r()/lxc_iterate_parts()/g Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-07-26 16:38:42 +02:00
Christian Brauner	8db9d26faf	conf: s/strtok_r()/lxc_iterate_parts()/g Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-07-26 16:23:11 +02:00
Christian Brauner	0be0d78f42	cgroups: s/strtok_r()/lxc_iterate_parts() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-07-26 16:23:10 +02:00
Christian Brauner	521b4771a9	utils: add lxc_iterate_parts() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-07-26 16:23:09 +02:00
Serge Hallyn	400081550b	Merge pull request #2479 from Blub/apparmor-profiles RFC: Generated Apparmor profiles, namespaces, stacking	2018-07-25 23:04:32 -05:00
Wolfgang Bumiller	e7311a84e5	tests: add test for generated apparmor profiles Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>	2018-07-25 14:40:26 +02:00
Wolfgang Bumiller	242a9fa7ee	apparmor: allow start-container to change to lxc- For generated profiles with apparmor namespaces we get profile names with slashes in them. To match those, we need to allow changing to lxc-, not just lxc-*. Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>	2018-07-25 14:40:26 +02:00
Wolfgang Bumiller	1800f92473	apparmor: profile generation This copies lxd's apparmor profile generation. This tries to detect features such as cgroup namespaces, apparmor namespaces and stacking support, and has profile parts conditionally for unprivileged containers. This introduces the following changes to the configuration: lxc.apparmor.profile = generated The fixed value 'generated' will cause this functionality to be used, otherwise there should be no functional changes happening unless specifically requested with the next key: lxc.apparmor.allow_nesting This is a boolean which, if enabled, causes the following changes: When generated apparmor profiles are used, they will contain the necessary changes to allow creating a nested container. In addition to the usual mount points, /dev/.lxc/proc and /dev/.lxc/sys will contain procfs and sysfs mount points without the lxcfs overlays, which, if generated apparmor profiles are being used, will not be read/writable directly. lxc.apparmor.raw A list of raw apparmor profile lines to append to the profile. Only valid when using generated profiles. The following apparmor profile lines have not been copied from lxd: mount /var/lib/lxd/shmounts/ -> /var/lib/lxd/shmounts/, mount none -> /var/lib/lxd/shmounts/, mount options=bind /var/lib/lxd/shmounts/ -> /var/lib/lxd/, They should be added via lxc.apparmor.raw entries by lxd. In order for apparmor_parser's cache to be of use, this adds a --with-apparmor-cache-dir ./configure option. Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>	2018-07-25 14:37:32 +02:00
Wolfgang Bumiller	6e6aca3e3e	apparmor: update current profiles remove cgmanager rules and add fstype=cgroup2 variants for the existing fstype=cgroup rules Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>	2018-07-25 12:13:17 +02:00
Wolfgang Bumiller	eb5c2e6aee	utils: add must_concat helper Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>	2018-07-25 12:12:27 +02:00
Wolfgang Bumiller	7e556d185c	apparmor: use fopen_cloexec Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>	2018-07-25 12:12:25 +02:00
Stéphane Graber	434381b00b	Merge pull request #2492 from brauner/2018-07-14/fix_indendation lxccontainer: fix indendation	2018-07-24 11:17:32 -04:00
Christian Brauner	095b5c7d2e	lxccontainer: fix indendation Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-07-24 15:09:13 +02:00
Wolfgang Bumiller	c68d5b0dd6	lsm: fixup lsm_process_label_set_at return values Always return -1 on error (some code paths returned -1, some returned negative error codes), don't assume 'errno' is set afterwards, as the function already prints errors and not all code paths will have a usable errno value. Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>	2018-07-24 13:59:25 +02:00
Wolfgang Bumiller	39e2cbec3c	tests: lxc-test-apparmor-mount: check environment early don't kill all my processes when running it as user... Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>	2018-07-24 13:59:25 +02:00
Wolfgang Bumiller	d652391586	tests: lxc-test-apparmor-mount: show a log on error Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>	2018-07-24 13:59:25 +02:00
Christian Brauner	023d07ee10	Merge pull request #2489 from 2xsec/bugfix change log macro of error case from lxc_ambient_caps_up/down	2018-07-22 17:42:33 +02:00
Christian Brauner	9ddc6b44c4	Merge pull request #2300 from LizaTretyakova/mount_injection Mount injection API	2018-07-22 16:20:31 +02:00
Christian Brauner	54fc984b50	confile: add missing header Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-07-22 16:05:50 +02:00
Christian Brauner	ea0e06dd74	start: coding style fixes Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-07-22 16:05:50 +02:00
Christian Brauner	6b74139780	conf: coding style fixes Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-07-22 15:50:47 +02:00
Liza Tretyakova	fd14fdb827	confile: add strdup failure check Signed-off-by: Liza Tretyakova <elizabet.tretyakova@gmail.com> [christian.brauner@ubuntu.com: coding style] Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-07-22 15:50:29 +02:00
Liza Tretyakova	60534030e4	conf, lxccontainer: fix length checks in snprintf Signed-off-by: Liza Tretyakova <elizabet.tretyakova@gmail.com>	2018-07-22 15:35:21 +02:00
Liza Tretyakova	7a41e8578e	conf, confile, lxccontainer, start: nonfunctional changes Signed-off-by: Liza Tretyakova <elizabet.tretyakova@gmail.com>	2018-07-22 15:35:21 +02:00
Christian Brauner	1f5a90f946	lxccontainer: reword create_mount_target() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-07-22 15:35:21 +02:00
Christian Brauner	3340f44172	lxccontainer: do_lxcapi_mount() coding-style Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-07-22 15:34:06 +02:00
Liza Tretyakova	117deb709e	tests: add filesystem and char device tests Signed-off-by: Liza Tretyakova <elizabet.tretyakova@gmail.com>	2018-07-22 15:34:06 +02:00
Liza Tretyakova	c6885c3f24	lxccontainer: add handling of file mounts Signed-off-by: Liza Tretyakova <elizabet.tretyakova@gmail.com>	2018-07-22 15:33:51 +02:00
Christian Brauner	643bcac997	tests: tweak mount injection tests Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-07-22 15:33:51 +02:00
Liza Tretyakova	c8c568c85f	tests: add tests for umount Signed-off-by: Liza Tretyakova <elizabet.tretyakova@gmail.com>	2018-07-22 15:33:01 +02:00
Liza Tretyakova	d83da817b3	lxccontainer: add the umount API function Signed-off-by: Liza Tretyakova <elizabet.tretyakova@gmail.com> [christian@brauner.io: minor coding-style changes] Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2018-07-22 15:32:42 +02:00
Liza Tretyakova	d81423f2a0	tests: add mount injection tests Signed-off-by: Liza Tretyakova <elizabet.tretyakova@gmail.com>	2018-07-22 15:32:42 +02:00
Liza Tretyakova	29df56cda5	lxccontainer: add container API function and structs for injecting a mount Signed-off-by: Liza Tretyakova <elizabet.tretyakova@gmail.com>	2018-07-22 15:25:16 +02:00
Liza Tretyakova	4d6cc24cbe	start: add shmount setup on container start Signed-off-by: Liza Tretyakova <elizabet.tretyakova@gmail.com>	2018-07-22 15:25:16 +02:00
Liza Tretyakova	f6310f1844	utils: add shared mount point detection Signed-off-by: Liza Tretyakova <elizabet.tretyakova@gmail.com>	2018-07-22 15:25:15 +02:00
Liza Tretyakova	0d190408c2	conf, confile: add parsing of a shmounts config parameter Signed-off-by: Liza Tretyakova <elizabet.tretyakova@gmail.com>	2018-07-22 15:25:15 +02:00
Liza Tretyakova	adf0ba1fc7	conf, confile: introduce basic structs for shared mount point Signed-off-by: Liza Tretyakova <elizabet.tretyakova@gmail.com>	2018-07-22 15:25:13 +02:00

1 2 3 4 5 ...

7354 Commits