proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-07-27 01:57:23 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
6,611 Commits 6 Branches 17 Tags 29 MiB
d4feae43a6
Commit Graph

6611 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Christian Brauner
e3f0e4368f
lxclock: remove pthread_atfork_handlers 
They shouldn't be needed anymore.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-13 05:39:13 +01:00
Christian Brauner
5b9912ab9b
Merge branch 'tanyifeng-support_mount_propagation' into lxc/master 2018-02-12 10:58:24 +01:00
Yifeng Tan
d840039ecf
conf: support mount propagation 
Closes #810.

Signed-off-by: Yifeng Tan <tanyifeng1@huawei.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-12 10:57:17 +01:00
Christian Brauner
b251b0fe43
Merge pull request #2158 from lifeng68/Fix_lxc-console 
Fix lxc-console hang
 2018-02-12 08:41:51 +01:00
LiFeng
a54585adf7 Fix lxc-console hang 
The variable 'descr' is mistakenly covered with 'descr_console'.

Signed-off-by: LiFeng <lifeng68@huawei.com>
 2018-02-12 07:26:40 -05:00
Christian Brauner
35896049c0
Merge pull request #2159 from lifeng68/modify_gitignore 
Modify .gitignore
 2018-02-12 07:27:37 +01:00
LiFeng
18fff5e30e Modify .gitignore 
add:
src/lxc/cmd/lxc-checkconfig
src/lxc/cmd/lxc-update-config

Signed-off-by: LiFeng <lifeng68@huawei.com>
 2018-02-12 09:45:22 -05:00
Serge Hallyn
4d46764248
Merge pull request #2155 from brauner/2018-02-10/remove_legacy_items 
tree-wide: remove legacy codepaths
 2018-02-11 21:30:28 -06:00
Christian Brauner
6fba98b524
tree-wide: remove legacy codepaths 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-11 23:56:56 +01:00
Stéphane Graber
f704a070d4
Merge pull request #2090 from brauner/2018-01-12/tools_remove_non_api_symbols 
tools: remove non api symbols
 2018-02-11 17:52:01 -05:00
Stéphane Graber
a3533a4980
Merge pull request #2150 from brauner/2018-02-10/cgfsng_fix_unpriv_devices 
conf: fix clearing cgroup settings
 2018-02-10 15:32:14 -05:00
Stéphane Graber
de0cd2004b
Merge pull request #2151 from brauner/2018-02-10/remove_openpty_lock 
console: they are really not necessary
 2018-02-10 15:31:34 -05:00
Christian Brauner
8d81a3c87f
console: they are really not necessary 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-10 12:54:31 +01:00
Christian Brauner
ab1a6cacaf
conf: fix clearing cgroup settings 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-10 12:16:41 +01:00
Stéphane Graber
ba2861ff76
Merge pull request #2144 from brauner/2018-02-08/coverity_bug_smash 
coverity: bug smash
 2018-02-09 10:36:34 -05:00
Christian Brauner
056fec39f7
Merge pull request #2149 from tych0/fix-userns-error-handling 
fix userns helper error handling
 2018-02-09 14:49:11 +01:00
Christian Brauner
7995662124
pam: create writable cgroups for unpriv users 
This moves pam_cgfs from the LXCFS repo into the LXC repo. This will allow us
to share a bunch of code between the cgroup backends and the pam module. The
next step obviously is to share code.

Closes #1307.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-09 14:39:43 +01:00
Tycho Andersen
ee1b16bcbd fix userns helper error handling 
In both of these cases if there is actually an error, we won't close the
pipe and the api call will hang. Instead, let's be sure to close the pipe
before waiting, so that it doesn't hang.

Signed-off-by: Tycho Andersen <tycho@tycho.ws>
 2018-02-09 13:26:31 +00:00
Christian Brauner
2df70fba94
Merge branch 'duguhaotian-new' into lxc/master 2018-02-09 12:12:10 +01:00
duguhaotian
90f2046676
conf: fix log message 
Signed-off-by: duguhaotian <duguhaotian@gmail.com>
 2018-02-09 12:11:53 +01:00
Christian Brauner
287df277ff
coverity: #1425971 
Dereference after null check

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-09 10:37:53 +01:00
Christian Brauner
f38cf5b8f4
coverity: #1426083 
Dereference after null check

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-09 10:37:53 +01:00
Christian Brauner
cb8ff4d033
lxccontainer: satisfy coverity 
The container name can't be NULL so don't give coverity the impression that it
could be.

Silences coverity #1426123.
Silences coverity #1426124.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-09 10:37:53 +01:00
Christian Brauner
341ed84c47
start: use goto instead of simple return 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-09 10:37:52 +01:00
Christian Brauner
5b7f756a67
coverity: #1426126 
Unchecked return value

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-09 10:37:49 +01:00
Christian Brauner
fa456191d0
coverity: #1426734 
Argument cannot be negative

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-09 00:25:53 +01:00
Christian Brauner
bd01b7d552
coverity: #1429139 
Resource leak

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-09 00:25:50 +01:00
Stéphane Graber
17eba7a26f
Merge pull request #2143 from brauner/2018-02-08/fix_cgroup_ns 
start: check for cgroup namespace support
 2018-02-08 18:07:51 -05:00
Christian Brauner
7bd05339e1
start: check for cgroup namespace support 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-08 23:47:10 +01:00
Christian Brauner
e3fe3512c3
Merge pull request #2142 from hallyn/2018-02-08/priv 
2018 02 08/priv
 2018-02-08 23:40:50 +01:00
Serge Hallyn
e0010464c7 Restore most cases of am_guest_unpriv 
The only cases where we really need to be privileged with respect
to the host is when we are trying to mknod, and in some cases
to do with a physical network device.  This patch leaves the
detection of the network device cases as a TODO.

This should fix the currently broken case of starting a privileged
container with at least one veth nic, nested inside an unprivileged
container.

Cc: Tycho Andersen <tycho@tycho.ws>
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
 2018-02-08 13:06:52 -06:00
Serge Hallyn
477aa378e9 define am_guest_unpriv 
Sometimes we want to know whether we are privileged wrt our
namespaces, and sometimes we want to know whether we are priv
wrt init_user_ns.

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
 2018-02-08 12:06:39 -06:00
Stéphane Graber
5596585d3b
Merge pull request #2125 from brauner/2018-02-02/add_namespace_configs 
confile: add lxc.namespace.share.[namespace], lxc.namespace.keep, lxc.namespace.clone
 2018-02-08 10:26:57 -05:00
Stéphane Graber
dfb7073f20
Merge pull request #2137 from brauner/2018-02-07/fix_unprivileged_flag 
tools/lxc-ls: fix logic for unpriv containers
 2018-02-08 10:26:09 -05:00
Stéphane Graber
d99e66cd14
Merge pull request #2140 from brauner/2018-02-08/cgfsng_fix_ro_remount 
cgfsng: add required remount flags
 2018-02-08 10:25:50 -05:00
Christian Brauner
1323838283
tools/lxc_unshare: satisfy Android 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-08 16:14:09 +01:00
Christian Brauner
5285689c58
cgfsng: add required remount flags 
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9566d6742852c527bf5af38af5cbb878dad75705

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-08 11:37:16 +01:00
Christian Brauner
ca20a3b350
Merge branch 'marcosps-selinux_simplification' into lxc/master 2018-02-08 10:50:10 +01:00
Marcos Paulo de Souza
08fccae2bb
lsm: fix missing @ in function documentation 
Signed-off-by: Marcos Paulo de Souza <marcos.souza.org@gmail.com>
 2018-02-08 10:49:51 +01:00
Marcos Paulo de Souza
1be8cb0450
selinux: simplify check for default label 
Signed-off-by: Marcos Paulo de Souza <marcos.souza.org@gmail.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-08 10:49:48 +01:00
Christian Brauner
5c80e9fcb4
Merge branch 'marcosps-issue_870' into lxc/master 2018-02-08 10:34:54 +01:00
Marcos Paulo de Souza
9ea09fb48b
cgroups: add check for lxc.cgroup.use 
Closes #870.

Signed-off-by: Marcos Paulo de Souza <marcos.souza.org@gmail.com>
 2018-02-08 10:34:28 +01:00
Christian Brauner
c66687101f
include: remove getsubopt.* 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-07 21:13:06 +01:00
Christian Brauner
f71634fcc9
tools/lxc-ls: fix logic for unpriv containers 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-07 21:06:01 +01:00
Christian Brauner
ff5976cd54
templates: CentOS fixes 
Issues fixed:
- lxc-centos died about a missing /run directory
- lxc-centos complained about some config files it couldn't modify
- the new container got stuck at startup time for a minute
  (literally), waiting for systemd-remount-fs startup script

Of course it still works for RHEL 6, CentOS 6 and 7 as well. I did not
verify earlier CentOS or RHEL releases.

Signed-off-by: Harald Dunkel <harald.dunkel@aixigo.de>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-07 11:39:19 +01:00
Christian Brauner
08fbe494cc
Merge branch 'lifeng68-remount_cgroup' into lxc/master 2018-02-07 11:30:40 +01:00
Christian Brauner
886cac862b
cgfsng: non-functional changes 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-07 11:27:57 +01:00
LiFeng
f8c40ffa39
cgfsng: do MS_REMOUNT 
Perform MS_REMOUNT on mounts with MS_RDONLY.

Signed-off-by: LiFeng <lifeng68@huawei.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-07 11:21:57 +01:00
Christian Brauner
c112f06d29
Merge branch 'lifeng68-use_env_vars_in_container' into lxc/master 2018-02-07 11:18:42 +01:00
Christian Brauner
3d55242aa5
attach: non-functional changes 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-02-07 11:15:37 +01:00