mirror_lxc

mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-11 18:50:00 +00:00

Author	SHA1	Message	Date
Stéphane Graber	cd7bd1fdd8	Merge pull request #3916 from brauner/2021-07-29.fixes conf: move remaining setup before pivot root	2021-07-29 13:26:19 -04:00
Christian Brauner	6a2ca1b4dc	conf: move lxc_create_ttys() before pivot root This is the last setup step that occured after pivot root. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-07-29 19:00:32 +02:00
Christian Brauner	4655bdd112	terminal: split out lxc_devpts_terminal() helper Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-07-29 18:58:46 +02:00
Stéphane Graber	85fdf33f4e	Merge pull request #3915 from brauner/2021-07-29.fixes string_utils: cast __s64 to long long signed int	2021-07-29 12:42:39 -04:00
Christian Brauner	e39f333336	string_utils: cast __s64 to long long signed int Link: https://launchpadlibrarian.net/550723147/buildlog_snap_ubuntu_focal_ppc64el_lxd-latest-edge_BUILDING.txt.gz Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-07-29 18:25:19 +02:00
Stéphane Graber	3f4530847b	Merge pull request #3914 from brauner/2021-07-29.devpts devpts: move setup before pivot root	2021-07-29 12:20:23 -04:00
Christian Brauner	96a980e1af	conf: merge devpts setup and move before pivot root Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-07-29 15:54:46 +02:00
Christian Brauner	cb01e31126	terminal: don't use ttyname_r() for native terminal allocation Since we can call that function from another mount namespace we need to do this manually. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-07-29 15:49:17 +02:00
Christian Brauner	c146c54eee	conf: add and use mount_beneath_fd() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-07-29 15:49:17 +02:00
Christian Brauner	d27ae9992a	conf: update comment Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-07-29 15:41:00 +02:00
Christian Brauner	068534278e	conf: use a relative path in symlinkat() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-07-29 15:41:00 +02:00
Christian Brauner	42c0d0568f	conf: s/lxc_setup_devpts_parent/lxc_recv_devpts_from_child/g Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-07-29 15:41:00 +02:00
Christian Brauner	f30fc74d07	conf: attach devpts mount directly when new mount api can be used Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-07-29 15:40:57 +02:00
Christian Brauner	a32e275f25	conf: set source property for devpts Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-07-29 15:39:04 +02:00
Christian Brauner	87dfb724ea	conf: surface failures to setup console Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-07-29 15:36:21 +02:00
Stéphane Graber	9dcca2d5e0	Merge pull request #3912 from brauner/2021-07-28.devpts conf: devpts rework	2021-07-28 16:48:18 -04:00
Christian Brauner	52da248213	Merge pull request #3913 from stgraber/master Fix typos	2021-07-28 21:49:14 +02:00
Stéphane Graber	10fe481d5f	Fix typos This fixes all typos identified by lintian. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>	2021-07-28 15:14:38 -04:00
Christian Brauner	7294a26d3d	conf: ensure devpts_fd is set to -EBADF Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-07-28 18:40:14 +02:00
Christian Brauner	ecfc18270e	terminal: ttyname_r() returns an error number on failure In other words, how inconsistent can an API be? Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-07-28 18:40:13 +02:00
Christian Brauner	289b707bd1	conf: use new mount api for devpts setup Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-07-28 18:40:13 +02:00
Christian Brauner	f10866f0d5	Merge pull request #3910 from petris/tty_enxio lxc_setup_ttys: Handle existing ttyN file without underlying device	2021-07-22 09:24:15 +02:00
Christian Brauner	b9327b7f92	Merge pull request #3909 from petris/bpf_enosys_warn bpf: simplify detection if BPF is supported	2021-07-21 15:25:36 +02:00
Christian Brauner	669953fbd1	Merge pull request #3911 from siv0/fix_legacy_cgroup_devices Fix legacy cgroup devices	2021-07-20 17:57:42 +02:00
Petr Malat	7bf85dd20e	bpf: bpf_devices_cgroup_supported() should check if bpf() is available bpf_devices_cgroup_supported() tries to load a simple BPF program to test if BPF works. This is problematic because the function used to load the program - bpf_program_load_kernel() - emits an error to the log if BPF is not enabled in the kernel although device controller is not requested in the configuration. Users could interpret that as a problem. Make bpf_devices_cgroup_supported() check if the BPF syscall is available before calling bpf_program_load_kernel(). We can do it by passing a NULL pointer instead of the syscall argument as the kernel returns either ENOSYS, when the syscall is not implemented or EFAULT, when it is implemented. Signed-off-by: Petr Malat <oss@malat.biz>	2021-07-20 17:51:23 +02:00
Petr Malat	128655e765	lxc_setup_ttys: Handle existing ttyN file without underlying device If a device file is opened and there isn't the underlying device, the open call fails with ENXIO, but the path can be opened with O_PATH, which is enough for mounting over the device file. Generalize this idea and use O_PATH for all cases when the file is there. One still must check for both ENXIO and EEXIST as it's unspecified what error is reported if multiple error conditions occur at the same time. Signed-off-by: Petr Malat <oss@malat.biz>	2021-07-20 15:43:24 +02:00
Stoiko Ivanov	eece10d519	cgroups: remove unneeded variables from cgroup_tree_create Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>	2021-07-20 12:06:27 +02:00
Stoiko Ivanov	60052c3be7	cgroups: populate hierarchy for device cgroup With the changes introduced in: `b7b1e3a34c` the hierarchy-struct did not have the path_lim set anymore, which is needed by setup_limits_legacy (->cg_legacy_set_data->lxc_write_openat) to actually access the cgroup directory. The issue can be reproduced with a container config having ``` lxc.cgroup.devices.deny = a ``` (or any lxc.cgroup.devices entry) set on a system booted with systemd.unified_cgroup_hierarchy=0. This affects all privileged containers on PVE (due to the default devices.deny entry). Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>	2021-07-20 12:04:35 +02:00
Stéphane Graber	0a75530661	Merge pull request #3908 from brauner/2021-07-15.fixes.4 terminal: fix error handling	2021-07-15 16:14:07 -04:00
Christian Brauner	7a31655917	terminal: fix error handling Fixes: `f382bcc6d8` ("terminal: log TIOCGPTPEER failure less alarmingly") Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-07-15 22:09:31 +02:00
Stéphane Graber	8cff10d6a8	Merge pull request #3907 from brauner/2021-07-15.fixes.3 terminal: log TIOCGPTPEER failure less alarmingly	2021-07-15 13:19:26 -04:00
Stéphane Graber	93e2548209	Merge pull request #3906 from brauner/2021-07-15.fixes.2 grammar fixes	2021-07-15 12:48:14 -04:00
Christian Brauner	95103b6095	af_unix: report error when no fd is to be sent Fixes: #3624 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-07-15 18:47:27 +02:00
Christian Brauner	f382bcc6d8	terminal: log TIOCGPTPEER failure less alarmingly This is not a fatal error and the fallback codepath is equally safe. When we use TIOCGPTPEER we're using a stashed fd to the container's devpts mount's ptmx device and allocating a new fd non-path based through this ioctl. If this ioctl can't be used we're falling back to allocating a pts device from the host's devpts mount's ptmx device which is path-based but is not under control of the container and so that's safe. The difference is just that the first method gets you a nice native terminal with all the pleasantries of having tty and friends working whereas the latter method does not. Fixes: #3625 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-07-15 18:37:22 +02:00
Christian Brauner	1d500fed48	sync: fix log message Fixes: #3875 Suggested-by: Hank.shi <shk242673@163.com> Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-07-15 18:18:25 +02:00
Christian Brauner	77093b7ccf	start: fix logging message Fixes: #3875 Suggested-by: Hank.shi <shk242673@163.com> Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-07-15 18:16:39 +02:00
Stéphane Graber	984f5f0bc5	Merge pull request #3905 from brauner/2021-07-15.fixes initutils: include pthread.h	2021-07-15 08:58:57 -04:00
Christian Brauner	d461a40845	initutils: include pthread.h Otherwise we might end up with implicit function declaration warnings. Link: https://jenkins.linuxcontainers.org/job/lxc-build-android/8915/console Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-07-15 10:37:47 +02:00
Stéphane Graber	b2a311c2df	Merge pull request #3904 from hallyn/2021-07-14/mantypo doc/common_options: add trace and alert loglevels	2021-07-15 00:47:44 -04:00
Serge Hallyn	44b87e816b	doc/common_options: add trace and alert loglevels Signed-off-by: Serge Hallyn <serge@hallyn.com>	2021-07-14 22:17:40 -05:00
Stéphane Graber	68963becaa	Merge pull request #3900 from brauner/2021-07-08.fixes file_utils: surface ENOENT when falling back to openat()	2021-07-08 12:10:00 -04:00
Christian Brauner	ebb79ad32a	file_utils: surface ENOENT when falling back to openat() Link: https://discuss.linuxcontainers.org/t/error-failed-to-retrieve-pid-of-executing-child-process Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-07-08 14:49:26 +02:00
Christian Brauner	78598e2b30	Merge pull request #3896 from Blub/include-userns-config-dir RFC: conf: userns.conf: include userns.conf.d	2021-07-05 17:25:24 +02:00
Stéphane Graber	483f5b4f3d	Merge pull request #3897 from brauner/2021-07-05.fixes lxc-unshare: fixes	2021-07-05 08:49:08 -04:00
Christian Brauner	a1ac26802c	lxc_unshare: fix network device handling We were passing the wrong PID. Fix this! Link: https://discuss.linuxcontainers.org/t/problem-with-moving-interface-new-network-namespace-in-lxc-unshare Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-07-05 12:19:31 +02:00
Christian Brauner	ecd92dffbc	lxc_unshare: make mount table private Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-07-05 12:11:42 +02:00
Wolfgang Bumiller	dc73e0f0cb	confile: allow including nonexisting directories If an include directive ends with a trailing slash, we now always assume it is a directory and do not treat the non-existence as an error. Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>	2021-07-05 10:53:41 +02:00
Wolfgang Bumiller	9508fc2727	conf: userns.conf: include userns.conf.d Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>	2021-07-05 09:02:36 +02:00
Stéphane Graber	b235962c17	Merge pull request #3895 from tenforward/japanese Update Japanese lxc.container.conf(5)	2021-07-04 23:36:01 -04:00
KATOH Yasufumi	d47d8b6d4d	doc: Fix typo in English lxc.container.conf(5) Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>	2021-07-05 12:00:32 +09:00

1 2 3 4 5 ...

10890 Commits