]>
git.proxmox.com Git - mirror_lxcfs.git/log
Serge Hallyn [Tue, 22 Mar 2016 04:06:33 +0000 (21:06 -0700)]
proc_access: return EACESS not EPERM
(per the manpage)
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Tue, 22 Mar 2016 04:00:42 +0000 (21:00 -0700)]
release 2.0.0.rc8
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Tue, 22 Mar 2016 04:00:01 +0000 (21:00 -0700)]
Merge pull request #102 from hallyn/2016-03-21/access
implement access(2)
Serge Hallyn [Tue, 22 Mar 2016 03:50:58 +0000 (20:50 -0700)]
remove obsolete comments
i *think* the 'should never get here' was a side effect of using cgmanager
which is no longer valid.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Tue, 22 Mar 2016 00:42:04 +0000 (17:42 -0700)]
implement access(2)
This is needed by lxc's cgfsng driver.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Mon, 21 Mar 2016 17:55:24 +0000 (10:55 -0700)]
release 2.0.0.rc7
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Mon, 21 Mar 2016 17:46:54 +0000 (10:46 -0700)]
use a better word in signal() failure error message
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Stéphane Graber [Mon, 21 Mar 2016 16:04:45 +0000 (12:04 -0400)]
Merge pull request #100 from hallyn/2016-03-20/starton
upstart: change how we decide to not run in a container
Serge Hallyn [Mon, 21 Mar 2016 07:56:03 +0000 (00:56 -0700)]
Merge pull request #101 from hallyn/2016-03-20/misc
Address feedback from Markus Elfring
Serge Hallyn [Mon, 21 Mar 2016 07:25:16 +0000 (00:25 -0700)]
lxcfs reload: only call async-safe functions
So don't call fprintf, don't take a lock we don't need, just set
an atomic volatile int to 1 when called.
Closes #94
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Mon, 21 Mar 2016 07:03:04 +0000 (00:03 -0700)]
configure.ac: drop second call to AM_INIT_AUTOMAKE
Closes #95
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Mon, 21 Mar 2016 06:49:21 +0000 (23:49 -0700)]
handle error in signal(2)
Closes #96
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Mon, 21 Mar 2016 04:08:47 +0000 (21:08 -0700)]
upstart: change how we decide to not run in a container
Otherwise lxcfs keeps lxc from hitting state 'started', which
in turn blocks reboot/shutdown.
Closes #92
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Sun, 20 Mar 2016 16:48:44 +0000 (09:48 -0700)]
Merge pull request #99 from stgraber/master
hook: don't use mountpoint
Stéphane Graber [Sun, 20 Mar 2016 15:00:55 +0000 (11:00 -0400)]
hook: don't use mountpoint
It's not very reliable (had it fail on one of my servers) and since
we're already iterating through a list of mountpoints, it's also
completely unneeded.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Serge Hallyn [Sun, 20 Mar 2016 01:43:35 +0000 (18:43 -0700)]
Merge pull request #98 from stgraber/master
Fix lxcfs mount handling with newer lxc
Stéphane Graber [Sat, 19 Mar 2016 03:23:17 +0000 (23:23 -0400)]
Fix lxcfs mount handling with newer lxc
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Serge Hallyn [Thu, 17 Mar 2016 21:49:39 +0000 (14:49 -0700)]
release 2.0.0.rc6
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Thu, 17 Mar 2016 21:47:03 +0000 (14:47 -0700)]
Merge pull request #97 from hallyn/2016-03-17/14.04
pam: support 14.04
Serge Hallyn [Thu, 17 Mar 2016 21:28:53 +0000 (14:28 -0700)]
pam: support 14.04
In 14.04 our pam_systemd module used a different format for the
login cgroups. If we find one of those in our name, then we want
to just chown it to us and not do anything more, just as we do in
xenial.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Mon, 14 Mar 2016 22:59:22 +0000 (15:59 -0700)]
release 2.0.0.rc5
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Mon, 14 Mar 2016 22:58:52 +0000 (15:58 -0700)]
Merge pull request #91 from hallyn/2016-03-14/nonint
pam_cgfs: create a new systemd cgroup if current isn't ours
Serge Hallyn [Mon, 14 Mar 2016 19:19:27 +0000 (12:19 -0700)]
pam_cgfs: create a new systemd cgroup if current isn't ours
If current systemd cgroup does not end in user-$uid.slice/session-c%d.scope,
then pam did not create our current systemd cgroup for us, so create a new
one rather than chowning the current one.
This happens with noninteractive sessions.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Sat, 12 Mar 2016 07:14:06 +0000 (23:14 -0800)]
Add sysvinit to init systems for Debian and Ubuntu
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Sat, 12 Mar 2016 06:54:13 +0000 (22:54 -0800)]
systemd config files don't go under /usr
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Sat, 12 Mar 2016 06:11:37 +0000 (22:11 -0800)]
release 2.0.0.rc4
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Stéphane Graber [Sat, 12 Mar 2016 05:30:20 +0000 (00:30 -0500)]
Simplify the upstart job
This fixes the nesting case as before it would hit the first check,
which stops the job, then post-stop would unmount it.
Instead, lets just not start in containers, lxcfs is meant to run on the
host and be bind-mounted from there into containers.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Stéphane Graber [Sat, 12 Mar 2016 05:14:50 +0000 (00:14 -0500)]
Fix lxcfs passthrough
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Serge Hallyn [Tue, 8 Mar 2016 00:09:25 +0000 (16:09 -0800)]
release 2.0.0.rc3
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Stéphane Graber [Tue, 8 Mar 2016 00:05:53 +0000 (19:05 -0500)]
Merge pull request #90 from hallyn/2016-03-07/cached
2016 03 07/cached
Serge Hallyn [Mon, 7 Mar 2016 23:50:50 +0000 (15:50 -0800)]
meminfo_read: return 0 for Slab
Slab: is supposed to be the "in-kernel data structures cache". I don't
know of a good way to calculate this from memory cgroup info. If/when
we find it we can update it. This value is used by free -m meaning
that if we don't shrink it, we can end up with negative values for
used memory.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Mon, 7 Mar 2016 23:42:18 +0000 (15:42 -0800)]
always use container root cgroup, not init pid's
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Stéphane Graber [Mon, 7 Mar 2016 18:56:47 +0000 (13:56 -0500)]
Mount /proc files even if /sys/fs/cgroup is disabled
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Stéphane Graber [Fri, 26 Feb 2016 16:24:45 +0000 (11:24 -0500)]
Fix start on lxc-less upstart systems
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Serge Hallyn [Wed, 24 Feb 2016 21:31:38 +0000 (13:31 -0800)]
Fix release tarballs
Tell make dist to ship config/.
Fix the filename for the sysvinit job.
And release rc2 with this fix.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Wed, 24 Feb 2016 21:01:12 +0000 (13:01 -0800)]
release 2.0.0.rc1
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Tue, 23 Feb 2016 21:38:17 +0000 (13:38 -0800)]
Merge pull request #87 from hallyn/2016-02-23/init
Add upstart and systemd init jobs
Serge Hallyn [Tue, 23 Feb 2016 19:52:22 +0000 (11:52 -0800)]
Add upstart and systemd init jobs
Mostly copied from the Ubuntu package.
Note someone still needs to write the bsd and gentoo init
scripts. (You can look at the sysvinit jobs here and the
bsd+gentoo jobs in git://github.com/lxc/cgmanager for
inspiration).
Closes #71
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Fri, 19 Feb 2016 20:31:36 +0000 (12:31 -0800)]
configure.ac: release LXCFS 2.0.0.beta2
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Fri, 19 Feb 2016 20:16:16 +0000 (12:16 -0800)]
pam: don't hang if controllers have no mount path
closes #86
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Thu, 18 Feb 2016 18:10:16 +0000 (10:10 -0800)]
pid_from_ns_wrapper: remove the loop
If we clone a child which can't reply to us within the timeout, do
not keep looping, just return an error. Commonize the function
superficially to make it look like pid_to_ns_wrapper(). Presumably
we can now merge these into one function, that's left for later.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Fabian Grünbichler [Thu, 18 Feb 2016 11:56:44 +0000 (12:56 +0100)]
Use clone instead of fork for PID translation
Because of the different signatures of fork() and clone(),
pid_to_ns and pid_from_ns get an additional wrapper that is
passed to clone(). To pass the needed arguments to
pid_ns_clone_wrapper, a new struct called pid_ns_clone_args
is introduced.
The return type of pid_to_ns and pid_from_ns need to be
changed to int, returning equals exiting with clone().
(serge - inline fix of erorr typo which bled through from the original)
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Fabian Grünbichler [Thu, 18 Feb 2016 11:53:40 +0000 (12:53 +0100)]
Use clone instead of fork in write_task_init_pid_exit
Adds a new wrapper for send_creds, avoiding the fork / pid
namespace issue present in glibc.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Wed, 10 Feb 2016 06:27:39 +0000 (22:27 -0800)]
configure.ac: release 2.0.0.beta1
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Wed, 10 Feb 2016 04:57:13 +0000 (20:57 -0800)]
configure: drop unneeded variable
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Tue, 9 Feb 2016 21:58:29 +0000 (13:58 -0800)]
fix length check in proc_swaps_read
thanks Nehal for reminding me.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Tue, 9 Feb 2016 19:45:48 +0000 (11:45 -0800)]
Don't expand LIBDIR for liblxcfs.so, always use /usr/lib/lxcfs/
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Tue, 9 Feb 2016 19:13:49 +0000 (11:13 -0800)]
Add support for /proc/swaps
Example Output:
[root at lxc-dev <http://lists.linuxcontainers.org/listinfo/lxc-devel> ~]# lxc-attach -n ubuntuwily -- /bin/cat /proc/swaps
Filename Type Size Used Priority
none virtual
1048572 1048572 0
Signed-off-by: Teemu Grönqvist <teemu.gronqvist@net9.fi>
Signed-off-by: Nehal J Wani <nehaljw.kkd1@gmail.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Tue, 9 Feb 2016 08:29:37 +0000 (00:29 -0800)]
Merge pull request #81 from hallyn/2016-02-08/pam
pam_cgfs: change handling of name=systemd
Serge Hallyn [Tue, 9 Feb 2016 05:58:11 +0000 (21:58 -0800)]
pam_cgfs: change handling of name=systemd
Don't always ignore it.
Do ignore it (like all others) if not listed in the -c argument.
If the logged in task's name=systemd cgroup != that of the init
task's, assume we are in systemd and rename the user's.
If they are the same, assume we are in upstart or sysvinit and
create=chown a name=systemd cgroup just as for the others.
This should fix
https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/
1543353
and allow the ubuntu systemd package to drop its cgroup related
delta.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Tue, 9 Feb 2016 05:49:49 +0000 (21:49 -0800)]
Merge pull request #80 from hallyn/2016-02-08/dist
add test_reload.sh to extra_dist
Serge Hallyn [Tue, 9 Feb 2016 05:23:46 +0000 (21:23 -0800)]
add test_reload.sh to extra_dist
to get it into the make dist tarball
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Mon, 8 Feb 2016 19:25:09 +0000 (11:25 -0800)]
Merge pull request #79 from hallyn/2016-02-08/privlib
2016 02 08/privlib
Serge Hallyn [Mon, 8 Feb 2016 17:59:26 +0000 (09:59 -0800)]
testsuite: handle liblxcfs changes
Since it is no longer automatically built, build liblxcfstest by hand
and move it into place.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Mon, 8 Feb 2016 17:39:21 +0000 (09:39 -0800)]
test_reload: actually time out
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Mon, 8 Feb 2016 17:36:18 +0000 (09:36 -0800)]
Look for liblxcfs under LIBDIR/lxcfs
if it was not found using ld.so.
Also use the same function always to load the library.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Mon, 8 Feb 2016 17:23:38 +0000 (09:23 -0800)]
Makefile: make testlib build optional, and drop the soname
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Wolfgang Bumiller [Fri, 5 Feb 2016 10:52:23 +0000 (11:52 +0100)]
bindings: avoid allocating an unused buffer
cgfs_list_children() and cgfs_list_keys() follow the same
pattern with the differences being that one lists
directories, the other files, and that cgfs_list_children()
always allocates an empty list while cgfs_list_keys()
NULL-initializes the list.
Both have a case which returns an error after a list has
been allocated, and in both cases the cleanup code is
guarded with an if(list).
In both cases on success the caller assumes the list is
non-empty which is why cgfs_list_children() returned a list
with a terminating NULL-entry.
This deduplicates the iteration code into a function with a
flag for whether regular files or directories are of
interest and a callback to create the list element.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Wolfgang Bumiller [Fri, 5 Feb 2016 11:10:15 +0000 (12:10 +0100)]
bindings: even more concise must_strcat_pid
We already assume tmp[] is big enough when using an unsized
sprintf(), considering it contains a single pid number and
is 30 bytes we can assume it was also big enough to hold the
terminating null byte.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Wolfgang Bumiller [Fri, 5 Feb 2016 10:50:32 +0000 (11:50 +0100)]
bindings: return value type fixup
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Thu, 4 Feb 2016 08:04:37 +0000 (00:04 -0800)]
configure.ac: add -Wno-portability
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Thu, 4 Feb 2016 00:26:52 +0000 (16:26 -0800)]
Merge pull request #76 from hallyn/2016-02-03/pidfile
2016 02 03/pidfile
Serge Hallyn [Wed, 3 Feb 2016 21:25:19 +0000 (13:25 -0800)]
drop glibc travis exceptions - we don't use glibc any more
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Wed, 3 Feb 2016 21:24:11 +0000 (13:24 -0800)]
Add a pidfile
and update testsuite to use pidfile
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Wed, 3 Feb 2016 21:04:04 +0000 (13:04 -0800)]
drop a debugging printf
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Wed, 3 Feb 2016 01:45:43 +0000 (17:45 -0800)]
Merge pull request #75 from hallyn/n
Don't tie entries in 'hierarchies' to their subsystem id
Serge Hallyn [Wed, 3 Feb 2016 01:23:50 +0000 (17:23 -0800)]
Don't tie entries in 'hierarchies' to their subsystem id
There's no place where we rely on it, and it gets out of whack
if cgroups have been unmounted+remounted.
This is an alternative to https://github.com/lxc/lxcfs/pull/70.
Thanks to smemsh for the report and proposed fix.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Wed, 3 Feb 2016 00:46:57 +0000 (16:46 -0800)]
Merge pull request #74 from hallyn/2016-02-02/split.2
2016 02 02/split.2
Serge Hallyn [Mon, 1 Feb 2016 11:21:01 +0000 (12:21 +0100)]
Make the bulk of the lxcfs code reloadable
Move the majority of the code (the bits most likely to have security
bugs coming up) reloadable. Sending USR1 signal to lxcfs will cause
it to reload the shared library so as to immediately start using the
fixed code. This allows us to upgrade lxcfs in the majority of
cases without having to restart containers.
To achieve this, some code was moved around so that lxcfs.c itself
does not risk pinning any symbols from the shared library (which
would prevent it being unloaded). We track the number of threads
currently using the bindings, and do the reload after it hits
zero (specifically, the next time that we turn the count from 0 to 1)
Also add a test case to make sure an updated library does in fact
get loaded.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Mon, 1 Feb 2016 11:23:30 +0000 (12:23 +0100)]
Avoid redefinition of ret in local scope
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Tue, 2 Feb 2016 18:53:07 +0000 (10:53 -0800)]
Merge pull request #72 from stgraber/master
Don't hardcode strings in testsuites
Stéphane Graber [Tue, 2 Feb 2016 16:54:02 +0000 (17:54 +0100)]
Don't hardcode strings in testsuites
With this, we should be able to run more than one testsuite at once.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Serge Hallyn [Fri, 29 Jan 2016 10:43:07 +0000 (11:43 +0100)]
Merge pull request #69 from sforshee/fixes
Random fixes
Seth Forshee [Thu, 28 Jan 2016 16:17:42 +0000 (17:17 +0100)]
Remove unused chunks in caching code
Several pieces of code which deal with caching contents for proc
files contain code like this:
if (l >= cache_size) {
...
goto err;
}
if (l < cache_size) {
...
} else {
...
}
When the first condition is false the second condition will
always be true, so the code in the else block is never used.
The second if/else statement can then just be replaced with the
code from the if block.
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Seth Forshee [Thu, 28 Jan 2016 16:10:22 +0000 (17:10 +0100)]
Avoid theoretical underflow in prune_init_{slice,scope}
In practice these should never underflow, but in theory it's possible.
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Serge Hallyn [Thu, 28 Jan 2016 13:48:19 +0000 (14:48 +0100)]
tests: update to handle lxcfs virtualizing based on init
lxcfs used to use $current's cgroups to virtualize proc, but
switched in 0.17 to using $current's init's cgroups. The
tests need to be updated to reflect that.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Wed, 27 Jan 2016 13:30:29 +0000 (14:30 +0100)]
mkdir_p: check for null not \0, and fail if enomem
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Wed, 27 Jan 2016 13:07:51 +0000 (14:07 +0100)]
pam: free path when pruning
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Wed, 27 Jan 2016 13:03:03 +0000 (14:03 +0100)]
pam: detect write failure in write_int()
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Wed, 27 Jan 2016 12:59:49 +0000 (13:59 +0100)]
pam: always free line and close file
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Wed, 27 Jan 2016 12:52:40 +0000 (13:52 +0100)]
handle case where only one of comounted controllers is mounted
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Wed, 27 Jan 2016 12:48:57 +0000 (13:48 +0100)]
pam: don't let add_controller fail
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Tue, 26 Jan 2016 19:18:47 +0000 (11:18 -0800)]
configure.ac: release LXCFS 0.17
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Sat, 23 Jan 2016 04:35:19 +0000 (20:35 -0800)]
travis: install pam
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Sat, 23 Jan 2016 03:49:14 +0000 (19:49 -0800)]
make HASH a smidge safer
per tych0 suggestion
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Sat, 23 Jan 2016 00:37:22 +0000 (16:37 -0800)]
turn pidns store into a hashtable
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Fri, 22 Jan 2016 23:49:42 +0000 (15:49 -0800)]
prune unused init pid store entries
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Fri, 22 Jan 2016 23:03:10 +0000 (15:03 -0800)]
pam_cgfs.so: chown user's cgroups
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Fri, 22 Jan 2016 22:51:43 +0000 (14:51 -0800)]
silence some warnings
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Fri, 22 Jan 2016 22:01:44 +0000 (14:01 -0800)]
cache the init pids
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Fri, 22 Jan 2016 19:00:16 +0000 (11:00 -0800)]
epoll: update timeout and retry at eintr
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Fri, 22 Jan 2016 08:49:34 +0000 (00:49 -0800)]
more sanity checking
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Fri, 22 Jan 2016 04:00:11 +0000 (20:00 -0800)]
first start to converting permissions checks
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Fri, 22 Jan 2016 03:47:25 +0000 (19:47 -0800)]
Don't use tasks file to determine access rights to its cgroup
Also rename 'fpath' to 'last' when it is simply referring to the
last path element.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Fri, 22 Jan 2016 02:55:59 +0000 (18:55 -0800)]
switch to epoll
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Fri, 22 Jan 2016 02:21:13 +0000 (18:21 -0800)]
simplify getreaperage
We don't need to switch to their ns, mount their proc, and check /proc/1.
Just find out their init pid using scm credentials and check /pid/$initpid
in our own procfs.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Fri, 22 Jan 2016 02:11:05 +0000 (18:11 -0800)]
use the init pid for reaper age
And rename the function which returns a task's init pid.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Wed, 20 Jan 2016 06:04:54 +0000 (22:04 -0800)]
add pam module
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Thu, 21 Jan 2016 21:21:58 +0000 (13:21 -0800)]
Remove obsolete options from readme
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Thu, 21 Jan 2016 20:50:42 +0000 (12:50 -0800)]
remove stale comment
fuse does in fact filter .. for us.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>