git.proxmox.com Git - mirror_lxc.git/log

]> git.proxmox.com Git - mirror_lxc.git/log

projects / mirror_lxc.git / log

summary | shortlog | log | commit | commitdiff | tree
first ⋅ prev ⋅ next

commit | commitdiff | tree

Maximilian Blenk [Thu, 30 Jan 2020 18:21:10 +0000 (19:21 +0100)]

container.conf: Add option to disable session keyring creation

lxc set's up a new session keyring for every container by default.
There might be valid use-cases where this is not wanted / needed
(e.g. systemd by default creates a new session keyring anyway).

Signed-off-by: Maximilian Blenk <Maximilian.Blenk@bmw.de>

commit | commitdiff | tree

Maximilian Blenk [Wed, 29 Jan 2020 16:09:50 +0000 (17:09 +0100)]

container.conf: Add option to set keyring SELinux context

lxc set's up a new session keyring for every container by default.
If executed on an SELinux enabled system, by default, the keyring
inherits the label of the creating process. If executed with the
currently available SELinux policy, this means that the keyring
is labeled with the lxc_t type. Applications inside the container,
however, might expect that the keyring is labeled with a certain
context (and will fail to access the keyring if it's not explicitly
allowed in the global policy). This patch introduces the config
option lxc.selinux.context.keyring which enables to specify the
label of the newly created keyring. That is, the keyring can be
labeled with the label expected by the started application.

Signed-off-by: Maximilian Blenk <Maximilian.Blenk@bmw.de>

commit | commitdiff | tree

Christian Brauner [Mon, 27 Jan 2020 13:11:12 +0000 (14:11 +0100)]

Merge pull request #3259 from chobostar/fix_default_cgroup_pattern

cgroups: fix default cgroup pattern

commit | commitdiff | tree

Kirill Petrov [Mon, 27 Jan 2020 08:51:36 +0000 (11:51 +0300)]

cgroups: fix default cgroup pattern

Signed-off-by: Kirill Petrov <yakutskkirill@mail.ru>

commit | commitdiff | tree

Stéphane Graber [Fri, 17 Jan 2020 13:18:10 +0000 (08:18 -0500)]

Merge pull request #3255 from brauner/2020-01-16/fix_monitor_hang

start: fix container killing logic

commit | commitdiff | tree

Christian Brauner [Thu, 16 Jan 2020 17:02:35 +0000 (18:02 +0100)]

start: fix container killing logic

We need to account for the case where pidfd's are not supported by the kernel
in question.

Closes: #3254
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Wed, 15 Jan 2020 10:15:13 +0000 (11:15 +0100)]

Merge pull request #3253 from tomponline/tp-network-mtu

network: Restore fixed MTU functionality

commit | commitdiff | tree

Thomas Parrott [Wed, 15 Jan 2020 09:33:31 +0000 (09:33 +0000)]

network: Restore fixed MTU functionality

If MTU setting is provided in network device config then always use it rather than inheriting from the link device.

Affected both bridge and router veth modes.

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

commit | commitdiff | tree

Stéphane Graber [Tue, 14 Jan 2020 14:58:33 +0000 (09:58 -0500)]

Merge pull request #3251 from brauner/master

test: increase timeout for api reboot tests

commit | commitdiff | tree

Christian Brauner [Tue, 14 Jan 2020 13:11:53 +0000 (14:11 +0100)]

Merge pull request #3250 from lifeng68/fix_lxc

cgroup.c: fix memory leak at cgroup init failed

commit | commitdiff | tree

Christian Brauner [Tue, 14 Jan 2020 12:50:45 +0000 (13:50 +0100)]

test: increase timeout for api reboot tests

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

LiFeng [Tue, 14 Jan 2020 09:17:13 +0000 (04:17 -0500)]

cgroup.c: fix memory leak at cgroup init failed

Signed-off-by: LiFeng <lifeng68@huawei.com>

commit | commitdiff | tree

Stéphane Graber [Fri, 10 Jan 2020 13:38:28 +0000 (08:38 -0500)]

Merge pull request #3248 from brauner/2020-01-05/veth_devices

network: improve veth device creation

commit | commitdiff | tree

Christian Brauner [Fri, 10 Jan 2020 11:30:02 +0000 (12:30 +0100)]

network: rework network device creation

This makes all the codepaths easier to follow and also moves and renames
devices in one single step.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Thu, 9 Jan 2020 17:08:48 +0000 (18:08 +0100)]

network: fix network device removal

We can't delete by netdev->ifindex since that's the ifindex of the device in
the container, not on the host. The correct thing is done below.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Thu, 9 Jan 2020 16:10:14 +0000 (17:10 +0100)]

tests: log api reboot test failures

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Thu, 9 Jan 2020 15:28:02 +0000 (16:28 +0100)]

network: fix typ and formatting in comment

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Thu, 9 Jan 2020 11:29:22 +0000 (12:29 +0100)]

network: improve veth device creation

This allows us to avoid having to move the network device. It also allows us to
work around a kernel bug that in combination with a recent change in systemd
244 causes uses of systemd-networkd to not get an ip address.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Stéphane Graber [Thu, 9 Jan 2020 15:47:36 +0000 (10:47 -0500)]

Merge pull request #3249 from brauner/2020-01-09/bugfixes

handle kernel version <--> header incompatibility

commit | commitdiff | tree

Christian Brauner [Thu, 9 Jan 2020 11:25:30 +0000 (12:25 +0100)]

start: handle kernel header and kernel incompatability

We might e.g. be compiled in a container with old kernel headers. In this
scenario CLONE_PIDFD will work but pidfd_send_signal() might not be detected
because __NR_pidfd_send_signal is not defined because the kernel headers don't
match the kernel version.

This explains and fixes test-suite hangs on Jenkins I've recently debugged.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Thu, 9 Jan 2020 11:28:54 +0000 (12:28 +0100)]

tests: timeout after 60 seconds

That should be more than enough to reboot.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Thu, 9 Jan 2020 11:28:19 +0000 (12:28 +0100)]

mainloop: add missing \n

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Serge Hallyn [Wed, 8 Jan 2020 15:45:57 +0000 (09:45 -0600)]

Merge pull request #3241 from brauner/2019-12-25/remove_procfs_pidfd_support

start: remove procfs pidfd support

commit | commitdiff | tree

Stéphane Graber [Sat, 4 Jan 2020 19:11:50 +0000 (14:11 -0500)]

Merge pull request #3247 from Rachid-Koucha/patch-1

Suppress useless udhcpc directory

commit | commitdiff | tree

Rachid Koucha [Fri, 3 Jan 2020 09:48:41 +0000 (10:48 +0100)]

Suppress useless udhcpc directory

The udhcpc directory is created with "mkdir -p" at the place dynamically specified by "busybox udhcpc --help".

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

commit | commitdiff | tree

Christian Brauner [Fri, 27 Dec 2019 12:38:07 +0000 (13:38 +0100)]

Merge pull request #3244 from Rachid-Koucha/master

Adaptation to latest busybox

commit | commitdiff | tree

Christian Brauner [Fri, 27 Dec 2019 11:08:26 +0000 (12:08 +0100)]

Merge pull request #3243 from Rachid-Koucha/patch-1

Word repetition in comment

commit | commitdiff | tree

Rachid Koucha [Fri, 27 Dec 2019 07:49:00 +0000 (08:49 +0100)]

Adaptation to latest busybox

In busybox 1.30, the help of udhcpc for "-s" option changed:
--> busybox v1.27.2: -s,--script PROG Run PROG at DHCP events (default /usr/share/udhcpc/default.script)
--> busybox v1.30.1: -s PROG Run PROG at DHCP events (default /etc/udhcpc/default.script)
So, I changed the command line which extracts the script name to make it work for both versions

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

commit | commitdiff | tree

Christian Brauner [Wed, 25 Dec 2019 17:50:53 +0000 (18:50 +0100)]

start: remove procfs pidfd support

We'll only rely on proper anon-inode based pidfd support in the future.
There's no good reason to use the procfs fallback. All the fancy features we
might want to use are only available with anon-inode pidfds.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Rachid Koucha [Thu, 26 Dec 2019 10:51:54 +0000 (11:51 +0100)]

Word repetition in comment

create_run_template(): Double "will mount" in a comment

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

commit | commitdiff | tree

Stéphane Graber [Wed, 25 Dec 2019 22:12:34 +0000 (17:12 -0500)]

Merge pull request #3238 from brauner/2019-12-23/travis

travis: enable -fsanitize=undefined

commit | commitdiff | tree

Christian Brauner [Mon, 23 Dec 2019 21:42:33 +0000 (22:42 +0100)]

Merge pull request #3239 from vikaig/fix-shebang

cmd: fix shebang

commit | commitdiff | tree

vikaig [Mon, 23 Dec 2019 21:31:53 +0000 (23:31 +0200)]

cmd: fix shebang

Signed-off-by: vikaig <vikaig99@gmail.com>

commit | commitdiff | tree

Christian Brauner [Mon, 23 Dec 2019 19:12:57 +0000 (20:12 +0100)]

travis: enable -fsanitize=undefined

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Mon, 23 Dec 2019 10:35:53 +0000 (11:35 +0100)]

Merge pull request #3235 from xinhua9569/master

fd: only add valid fd to mainloop

commit | commitdiff | tree

dongxinhua [Sat, 21 Dec 2019 09:44:40 +0000 (17:44 +0800)]

fd: only add valid fd to mainloop

Signed-off-by: dongxinhua <dongxinhua@huawei.com>

commit | commitdiff | tree

Christian Brauner [Tue, 17 Dec 2019 02:03:38 +0000 (03:03 +0100)]

Merge pull request #3233 from xinhua9569/master

seccomp: support s390 seccomp

commit | commitdiff | tree

Stéphane Graber [Tue, 17 Dec 2019 01:33:58 +0000 (20:33 -0500)]

Merge pull request #3232 from brauner/2019-12-17/cgroup2_api_extension

api_extensions: advertise cgroup2 support

commit | commitdiff | tree

dongxinhua [Tue, 17 Dec 2019 01:10:04 +0000 (09:10 +0800)]

seccomp: support s390 seccomp

Signed-off-by: dongxinhua <dongxinhua@huawei.com>

commit | commitdiff | tree

Christian Brauner [Mon, 16 Dec 2019 23:44:49 +0000 (00:44 +0100)]

api_extensions: advertise cgroup2 support

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Stéphane Graber [Thu, 12 Dec 2019 21:52:01 +0000 (16:52 -0500)]

Merge pull request #3229 from brauner/2019-12-12/cgroup_legacy_layout_regression

cgroups/cgfsng: do not prematurely close file descriptors

commit | commitdiff | tree

Christian Brauner [Thu, 12 Dec 2019 21:04:20 +0000 (22:04 +0100)]

cgroups/cgfsng: do not prematurely close file descriptors

When adding the new improved cgroup setup logic I didn't account for the fact
that we need the hierarchy fds up until chown. Add a dedicated cleanup method
to fix this:

lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )

Closes #3228.
Fixes: 1973b62aab41 ("cgroups/cgfsng: improve cgroup creation and removal")
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Stéphane Graber [Wed, 11 Dec 2019 13:59:36 +0000 (08:59 -0500)]

Merge pull request #3226 from brauner/cgroup_removal

cgroupfs: improve cgroup removal

commit | commitdiff | tree

Christian Brauner [Wed, 11 Dec 2019 06:37:36 +0000 (07:37 +0100)]

cgroups/cgfsng: improve cgroup creation and removal

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Stéphane Graber [Wed, 11 Dec 2019 02:46:06 +0000 (21:46 -0500)]

Merge pull request #3225 from brauner/cgroup_improvements

cgroups/cgfsng: rework legacy cpuset handling

commit | commitdiff | tree

Christian Brauner [Tue, 10 Dec 2019 20:00:59 +0000 (21:00 +0100)]

cgroups/cgfsng: rework cgroup removal

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Tue, 10 Dec 2019 17:15:30 +0000 (18:15 +0100)]

cgroups/cgfsng: rework legacy cpuset handling

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Tue, 10 Dec 2019 17:07:47 +0000 (18:07 +0100)]

cgroupfs/cgfsng: pass cgroup to cg_legacy_handle_cpuset_hierarchy() as const char *

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Stéphane Graber [Tue, 10 Dec 2019 14:51:02 +0000 (09:51 -0500)]

Merge pull request #3223 from brauner/flatten_cgroup_hierarchy

cgroups: flatten hierarchy

commit | commitdiff | tree

Christian Brauner [Tue, 10 Dec 2019 11:27:33 +0000 (12:27 +0100)]

cgroups: use explicit unsigned type for bitfield

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Mon, 9 Dec 2019 22:14:37 +0000 (23:14 +0100)]

cgroups: flatten hierarchy

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Stéphane Graber [Mon, 9 Dec 2019 15:37:53 +0000 (10:37 -0500)]

Merge pull request #3222 from brauner/security

file_utils: use O_NOCTTY | O_NOFOLLOW

commit | commitdiff | tree

Christian Brauner [Mon, 9 Dec 2019 10:20:29 +0000 (11:20 +0100)]

file_utils: use O_NOCTTY | O_NOFOLLOW

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Stéphane Graber [Sun, 8 Dec 2019 03:31:39 +0000 (22:31 -0500)]

Merge pull request #3218 from brauner/bpf_devices_devpath

cgroups/devices: enable devpath semantics for cgroup2 device controller

commit | commitdiff | tree

Christian Brauner [Sun, 8 Dec 2019 00:58:24 +0000 (01:58 +0100)]

cgroups/devices: enable devpath semantics for cgroup2 device controller

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Stéphane Graber [Sun, 8 Dec 2019 00:39:55 +0000 (19:39 -0500)]

Merge pull request #3217 from brauner/rework_cgroups

cgroups, logging: fixes and improvements

commit | commitdiff | tree

Christian Brauner [Sun, 8 Dec 2019 00:17:33 +0000 (01:17 +0100)]

cgroups/cgfsng: replace lxc_write_file()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 23:43:40 +0000 (00:43 +0100)]

cgroups/cgfsng: cgfsng_devices_activate()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 23:41:36 +0000 (00:41 +0100)]

cgroups/cgfsng: rework cgfsng_nrtasks()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 23:40:29 +0000 (00:40 +0100)]

cgroups/cgfsng: rework cgfsng_mount()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 23:38:16 +0000 (00:38 +0100)]

cgroups/cgfsng: rework cgfsng_chown()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 23:35:19 +0000 (00:35 +0100)]

cgroups/cgfsng: rework cgfsng_attach()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 23:33:24 +0000 (00:33 +0100)]

cgroups/cgfsng: rework cgfsng_setup_limits()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 23:27:22 +0000 (00:27 +0100)]

cgroups/cgfsng: rework cgfsng_setup_limits_legacy()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 23:24:20 +0000 (00:24 +0100)]

cgroups/cgfsng: rework cgfsng_{get,set}()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 23:20:02 +0000 (00:20 +0100)]

cgroups/cgfsng: rework cgfsng_unfreeze()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 23:18:52 +0000 (00:18 +0100)]

cgroups/cgfsng: rework cgfsng_get_hierarchies()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 23:17:58 +0000 (00:17 +0100)]

cgroups/cgfsng: rework cgfsng_num_hierarchies()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 23:16:59 +0000 (00:16 +0100)]

cgroups/cgfsng: rework cgfsng_escape()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 23:13:14 +0000 (00:13 +0100)]

cgroups/cgfsng: rework cgfsng_payload_enter()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 23:06:59 +0000 (00:06 +0100)]

cgroups/cgfsng: rework cgfsng_payload_create()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 22:47:16 +0000 (23:47 +0100)]

tree-wide: s/__unused/__lxc_unused/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 21:19:20 +0000 (22:19 +0100)]

cgroups/cgfsng: rework cgroup attach

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 21:12:00 +0000 (22:12 +0100)]

cgroups/cgfsng: don't dereference NULL-pointer

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 21:04:04 +0000 (22:04 +0100)]

cgroups/cgfsng: log chown_cgroup_wrapper()

It's becoming more important on cgroup2 to properly delegate cgroups.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 20:51:58 +0000 (21:51 +0100)]

cgroups/cgfsng: rework cgroup2 unprivileged delegation

We accidently checked files to delegate for privileged container and not for
unprivileged containers in the pure unified case. Fix that and clean up the
delegation file parsing.

Closes #3206.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 17:17:48 +0000 (18:17 +0100)]

cgroups/cgfsng: rework cgfsng_{monitor,payload}_delegate_controllers()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 17:13:54 +0000 (18:13 +0100)]

cgroups/cgfsng: rework cgfsng_monitor_enter()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 17:12:30 +0000 (18:12 +0100)]

cgroups/cgfsng: rework cgfsng_monitor_create()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 17:08:25 +0000 (18:08 +0100)]

cgroups/cgfsng: rework cgfsng_monitor_destroy()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 17:04:17 +0000 (18:04 +0100)]

cgroups/cgfsng: rework cgfsng_payload_destroy()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 16:40:32 +0000 (17:40 +0100)]

log: remove unused compiler attribute

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 16:40:05 +0000 (17:40 +0100)]

start: replace compiler attributes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 16:39:49 +0000 (17:39 +0100)]

log: replace compiler attributes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 16:39:03 +0000 (17:39 +0100)]

attach: replace closing helpers

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 16:38:42 +0000 (17:38 +0100)]

compiler: add __unused attribute

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 16:31:50 +0000 (17:31 +0100)]

{log, macro}: remove unused logging functions

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 16:31:36 +0000 (17:31 +0100)]

lxccontainer: replace logging functions

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 16:31:21 +0000 (17:31 +0100)]

confile_utils: replace logging functions

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 16:30:57 +0000 (17:30 +0100)]

cgroups: rework return values of some functions

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 16:30:07 +0000 (17:30 +0100)]

cgroups/cgroup2_devices: replace logging functions

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 16:29:12 +0000 (17:29 +0100)]

cgroups/cgroup: replace logging functions

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 16:28:06 +0000 (17:28 +0100)]

cgroups/cgfsng: replace logging functions

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 16:25:28 +0000 (17:25 +0100)]

confile: replace logging helpers

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 16:24:29 +0000 (17:24 +0100)]

network: replace logging helpers

s/error_log_errno(/log_error_errno(-1, /g
s/minus_one_set_errno(/ret_set_errno(-1, /g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 16:23:24 +0000 (17:23 +0100)]

commands: replace logging helpers

s/error_log_errno(/log_error_errno(-1, /g
s/minus_one_set_errno(/ret_set_errno(-1, /g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 16:22:53 +0000 (17:22 +0100)]

attach: s/minus_one_set_errno(/ret_set_errno(-1, /g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 16:22:14 +0000 (17:22 +0100)]

af_unix: s/minus_one_set_errno(/ret_set_errno(-1, /g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 16:21:53 +0000 (17:21 +0100)]

macro: add ret_errno()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 7 Dec 2019 16:21:18 +0000 (17:21 +0100)]

log: rearrange

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

LXC mirror