git.proxmox.com Git - mirror

]> git.proxmox.com Git - mirror_lxc.git/log

Christian Brauner [Sun, 12 Apr 2020 08:19:40 +0000 (10:19 +0200)]

cgroups: ignore legacy limits on pure cgroup2 systems

Link: https://github.com/lxc/lxc/issues/3183#issuecomment-612462322
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Fri, 10 Apr 2020 19:09:51 +0000 (21:09 +0200)]

Merge pull request #3370 from stgraber/master

lxc-update-config: Fix bad handling of lxc.logfile

commit | commitdiff | tree

Stéphane Graber [Fri, 10 Apr 2020 18:43:35 +0000 (14:43 -0400)]

lxc-update-config: Fix bad handling of lxc.logfile

Closes #3369

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

commit | commitdiff | tree

Stéphane Graber [Thu, 9 Apr 2020 13:20:52 +0000 (09:20 -0400)]

Merge pull request #3368 from brauner/2020-04-09/fixes

fixes

commit | commitdiff | tree

Christian Brauner [Thu, 9 Apr 2020 12:30:31 +0000 (14:30 +0200)]

conf: move_ptr() in all cases in mapped_hostid_add()

Closes #3366.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Thu, 9 Apr 2020 12:13:06 +0000 (14:13 +0200)]

Merge pull request #3367 from tomponline/tp-nic-ipvlan

src/lxc/network: ipvlan comment and code style tweak

commit | commitdiff | tree

Christian Brauner [Thu, 9 Apr 2020 10:49:16 +0000 (12:49 +0200)]

conf: use macros all around in lxc_map_ids()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Thu, 9 Apr 2020 10:44:25 +0000 (12:44 +0200)]

conf: tweak get_minimal_idmap()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Thomas Parrott [Thu, 9 Apr 2020 10:35:48 +0000 (11:35 +0100)]

src/lxc/network: ipvlan comment and code style tweak

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

commit | commitdiff | tree

Christian Brauner [Thu, 9 Apr 2020 10:25:33 +0000 (12:25 +0200)]

Merge pull request #3365 from albatross0/ipvlan_l2

network: Make it possible to set the mode of IPVLAN to L2

commit | commitdiff | tree

KUWAZAWA Takuya [Thu, 9 Apr 2020 06:40:15 +0000 (15:40 +0900)]

network: Make it possible to set the mode of IPVLAN to L2

Signed-off-by: KUWAZAWA Takuya <albatross0@gmail.com>

commit | commitdiff | tree

Stéphane Graber [Wed, 8 Apr 2020 12:56:41 +0000 (08:56 -0400)]

Merge pull request #3362 from brauner/2020-04-07/fixes

lxc_user_nic: fixes

commit | commitdiff | tree

Christian Brauner [Wed, 8 Apr 2020 12:42:05 +0000 (14:42 +0200)]

seccomp: newer kernels require the buffer to be zeroed

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Wed, 8 Apr 2020 08:01:01 +0000 (10:01 +0200)]

cgroups: whitespace fixes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Tue, 7 Apr 2020 19:28:32 +0000 (21:28 +0200)]

lxc_user_nic: continue when we failed to find a group

Closes #3361.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Tue, 7 Apr 2020 19:28:17 +0000 (21:28 +0200)]

lxc_user_nic: simplify group retrieval

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Stéphane Graber [Tue, 7 Apr 2020 12:56:26 +0000 (08:56 -0400)]

Merge pull request #3360 from brauner/2020-04-07/fixes

start: ensure all file descriptors are closed during exec

commit | commitdiff | tree

Christian Brauner [Tue, 7 Apr 2020 10:59:59 +0000 (12:59 +0200)]

syscall_numbers: handle riscv

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Tue, 7 Apr 2020 08:36:23 +0000 (10:36 +0200)]

start: ensure all file descriptors are closed during exec

Closes https://github.com/checkpoint-restore/criu/issues/1011.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Tue, 7 Apr 2020 08:35:39 +0000 (10:35 +0200)]

Merge pull request #3359 from Blub/legacy-devices-isolation-change

cgroup isolation: handle devices cgroup early

commit | commitdiff | tree

Wolfgang Bumiller [Tue, 7 Apr 2020 07:57:09 +0000 (09:57 +0200)]

cgroup isolation: handle devices cgroup early

Otherwise we cannot use an 'a' entry in devices.deny/allow
as these are not permitted once a subdirectory was created.

Without isolation we initialize the devices cgroup
particularly late, so there are probably cases which cannot
work with isolation.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

commit | commitdiff | tree

Christian Brauner [Sun, 5 Apr 2020 15:08:49 +0000 (17:08 +0200)]

Merge pull request #3357 from Blub/cgroup-isolation-fixes

Cgroup isolation fixes

commit | commitdiff | tree

Wolfgang Bumiller [Sun, 5 Apr 2020 14:12:45 +0000 (16:12 +0200)]

get the right path in get_cgroup command

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

commit | commitdiff | tree

Wolfgang Bumiller [Sun, 5 Apr 2020 13:55:28 +0000 (15:55 +0200)]

confile: fix jump table order

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

commit | commitdiff | tree

Christian Brauner [Sun, 5 Apr 2020 12:46:22 +0000 (14:46 +0200)]

Merge pull request #3356 from tenforward/japanese

doc: Add lxc.cgroup.dir.{monitor,container,container.inner} to Japanese man

commit | commitdiff | tree

KATOH Yasufumi [Sun, 5 Apr 2020 12:18:59 +0000 (21:18 +0900)]

doc: Add lxc.cgroup.dir.{monitor,container,container.inner} to Japanese man

Update for commit a900cba

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

commit | commitdiff | tree

Stéphane Graber [Sat, 4 Apr 2020 14:38:01 +0000 (10:38 -0400)]

Merge pull request #3355 from brauner/2020-04-04/fixes

api-extensions: add and document cgroup_advanced_isolation

commit | commitdiff | tree

Christian Brauner [Sat, 4 Apr 2020 10:07:43 +0000 (12:07 +0200)]

api-extensions: add and document cgroup_advanced_isolation

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Fri, 3 Apr 2020 18:26:02 +0000 (20:26 +0200)]

Merge pull request #3353 from Blub/lxc.cgroup.dir-components

introduce lxc.cgroup.dir.{monitor,container,container.inner}

commit | commitdiff | tree

Christian Brauner [Fri, 3 Apr 2020 18:10:58 +0000 (20:10 +0200)]

confile: coding style fixes for set_config_cgroup_container_inner_dir()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Fri, 3 Apr 2020 18:08:41 +0000 (20:08 +0200)]

doc: s/lxc.cgroup.container.namespace/lxc.cgroup.container.inner/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Fri, 3 Apr 2020 18:07:41 +0000 (20:07 +0200)]

cgroups: remove unused variable

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Wolfgang Bumiller [Thu, 2 Apr 2020 08:01:37 +0000 (10:01 +0200)]

introduce lxc.cgroup.dir.{monitor,container,container.inner}

This is a new approach to #1302 with a container-side
configuration instead of a global boolean flag.

Contrary to the previous PR using an optional additional
parameter for the get-cgroup command, this introduces two
new additional commands to get the limiting cgroup path and
cgroup2 file descriptor. If the limiting option is not in
use, these behave identical to their full-path counterparts.

If these variables are used the payload will end up in the
concatenation of lxc.cgroup.dir.container and
lxc.cgroup.dir.container.inner (which may be empty), and the
monitor will end up in lxc.cgruop.dir.monitor. The
directories are fixed, no retry count logic is applied,
failing to create these directories will simply be a hard
error.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

commit | commitdiff | tree

Christian Brauner [Fri, 3 Apr 2020 08:28:37 +0000 (10:28 +0200)]

Merge pull request #3352 from Blub/readd-cgroup-ops-check

Revert "start: remove unnecessary check for valid cgroup_ops"

commit | commitdiff | tree

Wolfgang Bumiller [Fri, 3 Apr 2020 08:09:38 +0000 (10:09 +0200)]

Revert "start: remove unnecessary check for valid cgroup_ops"

This reverts commit 52520e4f793f73e5956c2d9de9c83f074622ce1d.

This can be NULL when there's a pre-start hook which fails.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

commit | commitdiff | tree

Stéphane Graber [Thu, 2 Apr 2020 16:21:34 +0000 (12:21 -0400)]

Merge pull request #3350 from brauner/2020-04-02/fixes

lxccontainer: poll takes millisecond not seconds

commit | commitdiff | tree

Christian Brauner [Thu, 2 Apr 2020 16:19:31 +0000 (18:19 +0200)]

lxccontainer: poll takes millisecond not seconds

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Thu, 2 Apr 2020 15:37:17 +0000 (17:37 +0200)]

Merge pull request #3349 from cyphar/cgfsng-uninitialised-2

cgroups: fix build warning on GCC 7

commit | commitdiff | tree

Aleksa Sarai [Thu, 2 Apr 2020 15:13:11 +0000 (02:13 +1100)]

cgroups: fix build warning on GCC 7

GCC 7 appears to be clever enough to detect that transient_len is
uninitialised but not that it won't be used despite [1]. Just initialise
it to zero to stop the complaining, and allow LXC to build on openSUSE
Leap.

[1]: 346830421a96 ("cgroups: fix "uninitialized transient_len" warning")

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>

commit | commitdiff | tree

Stéphane Graber [Thu, 2 Apr 2020 14:35:43 +0000 (10:35 -0400)]

Merge pull request #3348 from brauner/2020-04-02/fixes

fixes

commit | commitdiff | tree

Christian Brauner [Thu, 2 Apr 2020 09:51:13 +0000 (11:51 +0200)]

utils: use setres{u,g}id() in lxc_switch_uid_gid()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Thu, 2 Apr 2020 09:50:27 +0000 (11:50 +0200)]

utils: rework fix_stdio_permissions()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Thu, 2 Apr 2020 09:38:48 +0000 (11:38 +0200)]

Merge pull request #3344 from gaohuatao-1/master

fix non-root user cannot write /dev/stdout

commit | commitdiff | tree

Christian Brauner [Thu, 2 Apr 2020 08:46:45 +0000 (10:46 +0200)]

Merge pull request #3347 from cyphar/cgfsng-uninitialised

cgroups: fix "uninitialized transient_len" warning

commit | commitdiff | tree

Aleksa Sarai [Thu, 2 Apr 2020 08:15:11 +0000 (19:15 +1100)]

cgroups: fix "uninitialized transient_len" warning

Without this change, a build error is triggered if you compile with
-Werror=maybe-uninitialized.

cgroups/cgfsng.c: In function 'cgfsng_monitor_enter':
groups/cgfsng.c:1387:9: error: 'transient_len' may be used uninitialized in this function
ret = lxc_writeat(h->cgfd_mon, "cgroup.procs", transient, transient_len);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The issue is that if handler->transient_pid is 0, then transient_len is
uninitialised but lxc_writeat(..., transient_len) still gets called.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>

commit | commitdiff | tree

Christian Brauner [Wed, 1 Apr 2020 21:03:09 +0000 (23:03 +0200)]

Merge pull request #3346 from stgraber/master

systemd: Add Documentation key

commit | commitdiff | tree

Stéphane Graber [Wed, 1 Apr 2020 20:57:25 +0000 (16:57 -0400)]

Merge pull request #3345 from brauner/2020-03-30/fixes

fixes

commit | commitdiff | tree

Stéphane Graber [Wed, 1 Apr 2020 20:57:15 +0000 (16:57 -0400)]

systemd: Add Documentation key

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Wed, 1 Apr 2020 20:25:53 +0000 (22:25 +0200)]

autotools: don't install run-coccinelle.sh

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Wed, 1 Apr 2020 19:16:34 +0000 (21:16 +0200)]

Merge pull request #3343 from Blub/apparmor-mount-rule-generation

apparmor: generate ro,bind,remount rule list

commit | commitdiff | tree

Wolfgang Bumiller [Fri, 2 Aug 2019 10:57:42 +0000 (12:57 +0200)]

apparmor: generate ro,bind,remount rule list

and update to changes based on lxd

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

commit | commitdiff | tree

gaohuatao [Wed, 1 Apr 2020 13:36:44 +0000 (09:36 -0400)]

fix non-root user cannot write /dev/stdout

Signed-off-by: gaohuatao <gaohuatao@huawei.com>

commit | commitdiff | tree

Christian Brauner [Tue, 31 Mar 2020 18:23:38 +0000 (20:23 +0200)]

Merge pull request #3341 from Blub/upstream-exec-reload

init: add ExecReload to lxc.service to only reload profiles

commit | commitdiff | tree

Christian Brauner [Tue, 31 Mar 2020 18:22:48 +0000 (20:22 +0200)]

Merge pull request #3342 from Blub/upstream-monitord-service

allow running lxc-monitord as a system daemon

commit | commitdiff | tree

Wolfgang Bumiller [Tue, 31 Mar 2020 13:22:42 +0000 (15:22 +0200)]

allow running lxc-monitord as a system daemon

lxc-monitord instances are spawned on demand and, if this
happens from a service, the daemon is considered part of
it by systemd, as it is running in the same cgroups. This
can be avoided by leaving it running permanently.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

commit | commitdiff | tree

Wolfgang Bumiller [Tue, 31 Mar 2020 13:31:23 +0000 (15:31 +0200)]

init: add ExecReload to lxc.service to only reload profiles

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

commit | commitdiff | tree

Christian Brauner [Mon, 30 Mar 2020 20:26:10 +0000 (22:26 +0200)]

start: remove unnecessary check for valid cgroup_ops

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Stéphane Graber [Mon, 30 Mar 2020 18:12:59 +0000 (14:12 -0400)]

Merge pull request #3340 from brauner/2020-03-30/fixes

cgroups: handle older kernels (e.g. v4.9)

commit | commitdiff | tree

Christian Brauner [Mon, 30 Mar 2020 17:00:23 +0000 (19:00 +0200)]

cgroups: send two fds to attach to unified cgroup

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Mon, 30 Mar 2020 16:42:59 +0000 (18:42 +0200)]

cgroups: send two attach fds

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Mon, 30 Mar 2020 16:16:16 +0000 (18:16 +0200)]

start: log error when failing to create cgroup

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Mon, 30 Mar 2020 15:40:16 +0000 (17:40 +0200)]

cgroups: handle older kernels (e.g. v4.9)

On olders kernels the restrictions to move processes between cgroups are
different than they are on newer kernels. Specifically, we're running into the
following check:

if (!uid_eq(cred->euid, GLOBAL_ROOT_UID) &&
    !uid_eq(cred->euid, tcred->uid) &&
    !uid_eq(cred->euid, tcred->suid))
        ret = -EACCES;

which dictates that in order to move a process into a cgroup one either needs
to be global root (no restrictions apply) or the effective uid of the process
trying to move the process and the {saved}uid of the process that is supposed
to be moved need to be identical. The new attaching logic we did didn't
fulfill this criterion for because it's not present on new kernels.

Closes https://github.com/lxc/lxd/issues/7104.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Mon, 30 Mar 2020 14:40:36 +0000 (16:40 +0200)]

Merge pull request #3339 from Blub/cmd-get-cgroup-string-termination

verify cgroup controller name

commit | commitdiff | tree

Wolfgang Bumiller [Mon, 30 Mar 2020 14:01:07 +0000 (16:01 +0200)]

verify cgroup controller name

validate that a cgroup controller name is a valid
zero-terminated string before passing it to
`cgroup_ops->get_cgroup()`.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

commit | commitdiff | tree

Stéphane Graber [Sat, 28 Mar 2020 14:54:25 +0000 (10:54 -0400)]

Merge pull request #3338 from brauner/2020-03-28/fixes

tree-wide: fixes

commit | commitdiff | tree

Christian Brauner [Sat, 28 Mar 2020 14:03:51 +0000 (15:03 +0100)]

tree-wide: s/recursive_destroy/lxc_rm_rf/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 28 Mar 2020 14:01:58 +0000 (15:01 +0100)]

cgroups: better helper naming

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 28 Mar 2020 13:56:51 +0000 (14:56 +0100)]

cgroups: move check for valid monitor process up

Cc: cenxianlong <cenxianlong@huawei.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 28 Mar 2020 09:56:49 +0000 (10:56 +0100)]

Merge pull request #3337 from bale-cen/master

monitor process exited by signal SIGKILL, clean cgroup resource by th…

commit | commitdiff | tree

Stéphane Graber [Sat, 28 Mar 2020 01:48:18 +0000 (21:48 -0400)]

Merge pull request #3336 from brauner/2020-03-28/fixes

cgroups: please compilers

commit | commitdiff | tree

cenxianlong [Sat, 28 Mar 2020 00:52:26 +0000 (02:52 +0200)]

monitor process exited by signal SIGKILL, clean cgroup resource by third party

Writing the value 0 to a cgroup.procs file causes the
writing process to be moved to the corresponding cgroup

Signed-off-by: cenxianlong <cenxianlong@huawei.com>

commit | commitdiff | tree

Christian Brauner [Fri, 27 Mar 2020 23:27:00 +0000 (00:27 +0100)]

cgroups: please compilers

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Stéphane Graber [Fri, 27 Mar 2020 21:33:59 +0000 (17:33 -0400)]

Merge pull request #3335 from brauner/2020-03-27/fixes

cgroups: use hidden directory for attaching cgroup

commit | commitdiff | tree

Christian Brauner [Fri, 27 Mar 2020 21:22:05 +0000 (22:22 +0100)]

cgroups: use hidden directory for attaching cgroup

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Stéphane Graber [Fri, 27 Mar 2020 21:01:17 +0000 (17:01 -0400)]

Merge pull request #3333 from brauner/2020-03-27/fixes

conf: simplify userns_exec_minimal()

commit | commitdiff | tree

Christian Brauner [Fri, 27 Mar 2020 20:25:59 +0000 (21:25 +0100)]

conf: simplify userns_exec_minimal()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Stéphane Graber [Fri, 27 Mar 2020 19:37:00 +0000 (15:37 -0400)]

Merge pull request #3332 from brauner/2020-03-27/fixes

attach: fixes

commit | commitdiff | tree

Christian Brauner [Fri, 27 Mar 2020 19:11:41 +0000 (20:11 +0100)]

conf: introduce and use userns_exec_minimal()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Fri, 27 Mar 2020 18:46:10 +0000 (19:46 +0100)]

Revert "cgroups: fix unified cgroup attach"

This reverts commit ba7ca43b0be417275db7865336191681d915e97c.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Stéphane Graber [Fri, 27 Mar 2020 15:02:27 +0000 (11:02 -0400)]

Merge pull request #3331 from brauner/2020-03-27/fixes

tree-wide: fixes

commit | commitdiff | tree

Wolfgang Bumiller [Fri, 27 Mar 2020 13:15:12 +0000 (14:15 +0100)]

fixup i/o handler return values

Particularly important for lxc_cmd_handler() handles client
input and should not be capable of canceling the main loop,
some syscall return values leaked through overlapping with
LXC_MAINLOOP_ERROR, causing unauthorized clients connecting
to the command socket to shutdown the main loop.

In turn, signal_handler() receiving unexpected
`signalfd_siginfo` struct sizes seems like a reason to bail
(since it's a kernel interface).

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Fri, 27 Mar 2020 14:38:27 +0000 (15:38 +0100)]

cgroups: fix unified cgroup attach

There's a fundamental problem with futexes and setid calls and the go runtime.
POSIX requires that when one thread setids all threas must setids and it uses
futexes and signals to synchronize the state across threads. This causes
deadlocks which means we can't use the pretty solution I first implemented.
Instead we need to chown after we create the directory. I might come up with
something smarter later but for now this will do.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Stéphane Graber [Fri, 27 Mar 2020 12:52:30 +0000 (08:52 -0400)]

Merge pull request #3330 from brauner/2020-03-27/fixes

conf: rework and fix leak in userns_exec_1()

commit | commitdiff | tree

Christian Brauner [Fri, 27 Mar 2020 11:00:22 +0000 (12:00 +0100)]

cgroups: remove unused variable

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Fri, 27 Mar 2020 10:52:44 +0000 (11:52 +0100)]

attach: use close_prot_errno_disarm()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Fri, 27 Mar 2020 10:05:50 +0000 (11:05 +0100)]

cgroups: rework __cg_unified_attach()

We didn't account for cgroup_attach() succeeding and just tried to attach to
the same cgroup again which doesn't make sense.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Fri, 27 Mar 2020 10:05:11 +0000 (11:05 +0100)]

cgroups: move pointer dereference after check

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Fri, 27 Mar 2020 10:04:34 +0000 (11:04 +0100)]

commands: log actual errno when lxc_cmd_get_cgroup2_fd() fails

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Fri, 27 Mar 2020 08:37:48 +0000 (09:37 +0100)]

conf: rework and fix leak in userns_exec_1()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Stéphane Graber [Thu, 26 Mar 2020 19:11:50 +0000 (15:11 -0400)]

Merge pull request #3329 from brauner/2020-03-25/fixes

cgroups: fix attaching to the unified cgroup

commit | commitdiff | tree

Christian Brauner [Thu, 26 Mar 2020 18:27:07 +0000 (19:27 +0100)]

cgroups: fix attaching to the unified cgroup

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Stéphane Graber [Thu, 26 Mar 2020 15:22:34 +0000 (11:22 -0400)]

Merge pull request #3328 from brauner/2020-03-25/fixes

tree-wide: fixes

commit | commitdiff | tree

Christian Brauner [Thu, 26 Mar 2020 14:47:11 +0000 (15:47 +0100)]

dir: improve dir backend

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Thu, 26 Mar 2020 14:32:29 +0000 (15:32 +0100)]

dir: use cleanup macro in dir_mount()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Thu, 26 Mar 2020 11:51:31 +0000 (12:51 +0100)]

tree-wide: harden mount option parsing

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Stéphane Graber [Wed, 25 Mar 2020 17:31:45 +0000 (13:31 -0400)]

Merge pull request #3327 from P-EB/master

lxc.service: Starts after remote-fs.target

commit | commitdiff | tree

Pierre-Elliott Bécue [Wed, 25 Mar 2020 16:50:27 +0000 (17:50 +0100)]

[lxc.service] Starts after remote-fs.target to allow containers relying on remote FS to work

Signed-off-by: Pierre-Elliott Bécue <becue@crans.org>

commit | commitdiff | tree

Christian Brauner [Wed, 25 Mar 2020 11:53:13 +0000 (12:53 +0100)]

lxc_init: add missing O_CLOEXEC

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Wed, 25 Mar 2020 11:46:02 +0000 (12:46 +0100)]

lxc_init: move main() down

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Stéphane Graber [Tue, 24 Mar 2020 20:36:14 +0000 (16:36 -0400)]

configure.ac: Reset devel flag post-release

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

LXC mirror

RSS Atom