]>
git.proxmox.com Git - mirror_lxc.git/log
Christian Brauner [Sun, 12 Apr 2020 08:19:40 +0000 (10:19 +0200)]
cgroups: ignore legacy limits on pure cgroup2 systems
Link: https://github.com/lxc/lxc/issues/3183#issuecomment-612462322
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 10 Apr 2020 19:09:51 +0000 (21:09 +0200)]
Merge pull request #3370 from stgraber/master
lxc-update-config: Fix bad handling of lxc.logfile
Stéphane Graber [Fri, 10 Apr 2020 18:43:35 +0000 (14:43 -0400)]
lxc-update-config: Fix bad handling of lxc.logfile
Closes #3369
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Stéphane Graber [Thu, 9 Apr 2020 13:20:52 +0000 (09:20 -0400)]
Merge pull request #3368 from brauner/2020-04-09/fixes
fixes
Christian Brauner [Thu, 9 Apr 2020 12:30:31 +0000 (14:30 +0200)]
conf: move_ptr() in all cases in mapped_hostid_add()
Closes #3366.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 9 Apr 2020 12:13:06 +0000 (14:13 +0200)]
Merge pull request #3367 from tomponline/tp-nic-ipvlan
src/lxc/network: ipvlan comment and code style tweak
Christian Brauner [Thu, 9 Apr 2020 10:49:16 +0000 (12:49 +0200)]
conf: use macros all around in lxc_map_ids()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 9 Apr 2020 10:44:25 +0000 (12:44 +0200)]
conf: tweak get_minimal_idmap()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Thomas Parrott [Thu, 9 Apr 2020 10:35:48 +0000 (11:35 +0100)]
src/lxc/network: ipvlan comment and code style tweak
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
Christian Brauner [Thu, 9 Apr 2020 10:25:33 +0000 (12:25 +0200)]
Merge pull request #3365 from albatross0/ipvlan_l2
network: Make it possible to set the mode of IPVLAN to L2
KUWAZAWA Takuya [Thu, 9 Apr 2020 06:40:15 +0000 (15:40 +0900)]
network: Make it possible to set the mode of IPVLAN to L2
Signed-off-by: KUWAZAWA Takuya <albatross0@gmail.com>
Stéphane Graber [Wed, 8 Apr 2020 12:56:41 +0000 (08:56 -0400)]
Merge pull request #3362 from brauner/2020-04-07/fixes
lxc_user_nic: fixes
Christian Brauner [Wed, 8 Apr 2020 12:42:05 +0000 (14:42 +0200)]
seccomp: newer kernels require the buffer to be zeroed
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 8 Apr 2020 08:01:01 +0000 (10:01 +0200)]
cgroups: whitespace fixes
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 7 Apr 2020 19:28:32 +0000 (21:28 +0200)]
lxc_user_nic: continue when we failed to find a group
Closes #3361.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 7 Apr 2020 19:28:17 +0000 (21:28 +0200)]
lxc_user_nic: simplify group retrieval
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Tue, 7 Apr 2020 12:56:26 +0000 (08:56 -0400)]
Merge pull request #3360 from brauner/2020-04-07/fixes
start: ensure all file descriptors are closed during exec
Christian Brauner [Tue, 7 Apr 2020 10:59:59 +0000 (12:59 +0200)]
syscall_numbers: handle riscv
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 7 Apr 2020 08:36:23 +0000 (10:36 +0200)]
start: ensure all file descriptors are closed during exec
Closes https://github.com/checkpoint-restore/criu/issues/1011.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 7 Apr 2020 08:35:39 +0000 (10:35 +0200)]
Merge pull request #3359 from Blub/legacy-devices-isolation-change
cgroup isolation: handle devices cgroup early
Wolfgang Bumiller [Tue, 7 Apr 2020 07:57:09 +0000 (09:57 +0200)]
cgroup isolation: handle devices cgroup early
Otherwise we cannot use an 'a' entry in devices.deny/allow
as these are not permitted once a subdirectory was created.
Without isolation we initialize the devices cgroup
particularly late, so there are probably cases which cannot
work with isolation.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Christian Brauner [Sun, 5 Apr 2020 15:08:49 +0000 (17:08 +0200)]
Merge pull request #3357 from Blub/cgroup-isolation-fixes
Cgroup isolation fixes
Wolfgang Bumiller [Sun, 5 Apr 2020 14:12:45 +0000 (16:12 +0200)]
get the right path in get_cgroup command
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Sun, 5 Apr 2020 13:55:28 +0000 (15:55 +0200)]
confile: fix jump table order
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Christian Brauner [Sun, 5 Apr 2020 12:46:22 +0000 (14:46 +0200)]
Merge pull request #3356 from tenforward/japanese
doc: Add lxc.cgroup.dir.{monitor,container,container.inner} to Japanese man
KATOH Yasufumi [Sun, 5 Apr 2020 12:18:59 +0000 (21:18 +0900)]
doc: Add lxc.cgroup.dir.{monitor,container,container.inner} to Japanese man
Update for commit
a900cba
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Stéphane Graber [Sat, 4 Apr 2020 14:38:01 +0000 (10:38 -0400)]
Merge pull request #3355 from brauner/2020-04-04/fixes
api-extensions: add and document cgroup_advanced_isolation
Christian Brauner [Sat, 4 Apr 2020 10:07:43 +0000 (12:07 +0200)]
api-extensions: add and document cgroup_advanced_isolation
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 3 Apr 2020 18:26:02 +0000 (20:26 +0200)]
Merge pull request #3353 from Blub/lxc.cgroup.dir-components
introduce lxc.cgroup.dir.{monitor,container,container.inner}
Christian Brauner [Fri, 3 Apr 2020 18:10:58 +0000 (20:10 +0200)]
confile: coding style fixes for set_config_cgroup_container_inner_dir()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 3 Apr 2020 18:08:41 +0000 (20:08 +0200)]
doc: s/lxc.cgroup.container.namespace/lxc.cgroup.container.inner/g
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 3 Apr 2020 18:07:41 +0000 (20:07 +0200)]
cgroups: remove unused variable
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Wolfgang Bumiller [Thu, 2 Apr 2020 08:01:37 +0000 (10:01 +0200)]
introduce lxc.cgroup.dir.{monitor,container,container.inner}
This is a new approach to #1302 with a container-side
configuration instead of a global boolean flag.
Contrary to the previous PR using an optional additional
parameter for the get-cgroup command, this introduces two
new additional commands to get the limiting cgroup path and
cgroup2 file descriptor. If the limiting option is not in
use, these behave identical to their full-path counterparts.
If these variables are used the payload will end up in the
concatenation of lxc.cgroup.dir.container and
lxc.cgroup.dir.container.inner (which may be empty), and the
monitor will end up in lxc.cgruop.dir.monitor. The
directories are fixed, no retry count logic is applied,
failing to create these directories will simply be a hard
error.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Christian Brauner [Fri, 3 Apr 2020 08:28:37 +0000 (10:28 +0200)]
Merge pull request #3352 from Blub/readd-cgroup-ops-check
Revert "start: remove unnecessary check for valid cgroup_ops"
Wolfgang Bumiller [Fri, 3 Apr 2020 08:09:38 +0000 (10:09 +0200)]
Revert "start: remove unnecessary check for valid cgroup_ops"
This reverts commit
52520e4f793f73e5956c2d9de9c83f074622ce1d .
This can be NULL when there's a pre-start hook which fails.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Stéphane Graber [Thu, 2 Apr 2020 16:21:34 +0000 (12:21 -0400)]
Merge pull request #3350 from brauner/2020-04-02/fixes
lxccontainer: poll takes millisecond not seconds
Christian Brauner [Thu, 2 Apr 2020 16:19:31 +0000 (18:19 +0200)]
lxccontainer: poll takes millisecond not seconds
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 2 Apr 2020 15:37:17 +0000 (17:37 +0200)]
Merge pull request #3349 from cyphar/cgfsng-uninitialised-2
cgroups: fix build warning on GCC 7
Aleksa Sarai [Thu, 2 Apr 2020 15:13:11 +0000 (02:13 +1100)]
cgroups: fix build warning on GCC 7
GCC 7 appears to be clever enough to detect that transient_len is
uninitialised but not that it won't be used despite [1]. Just initialise
it to zero to stop the complaining, and allow LXC to build on openSUSE
Leap.
[1]:
346830421a96 ("cgroups: fix "uninitialized transient_len" warning")
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
Stéphane Graber [Thu, 2 Apr 2020 14:35:43 +0000 (10:35 -0400)]
Merge pull request #3348 from brauner/2020-04-02/fixes
fixes
Christian Brauner [Thu, 2 Apr 2020 09:51:13 +0000 (11:51 +0200)]
utils: use setres{u,g}id() in lxc_switch_uid_gid()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 2 Apr 2020 09:50:27 +0000 (11:50 +0200)]
utils: rework fix_stdio_permissions()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 2 Apr 2020 09:38:48 +0000 (11:38 +0200)]
Merge pull request #3344 from gaohuatao-1/master
fix non-root user cannot write /dev/stdout
Christian Brauner [Thu, 2 Apr 2020 08:46:45 +0000 (10:46 +0200)]
Merge pull request #3347 from cyphar/cgfsng-uninitialised
cgroups: fix "uninitialized transient_len" warning
Aleksa Sarai [Thu, 2 Apr 2020 08:15:11 +0000 (19:15 +1100)]
cgroups: fix "uninitialized transient_len" warning
Without this change, a build error is triggered if you compile with
-Werror=maybe-uninitialized.
cgroups/cgfsng.c: In function 'cgfsng_monitor_enter':
groups/cgfsng.c:1387:9: error: 'transient_len' may be used uninitialized in this function
ret = lxc_writeat(h->cgfd_mon, "cgroup.procs", transient, transient_len);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The issue is that if handler->transient_pid is 0, then transient_len is
uninitialised but lxc_writeat(..., transient_len) still gets called.
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
Christian Brauner [Wed, 1 Apr 2020 21:03:09 +0000 (23:03 +0200)]
Merge pull request #3346 from stgraber/master
systemd: Add Documentation key
Stéphane Graber [Wed, 1 Apr 2020 20:57:25 +0000 (16:57 -0400)]
Merge pull request #3345 from brauner/2020-03-30/fixes
fixes
Stéphane Graber [Wed, 1 Apr 2020 20:57:15 +0000 (16:57 -0400)]
systemd: Add Documentation key
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Christian Brauner [Wed, 1 Apr 2020 20:25:53 +0000 (22:25 +0200)]
autotools: don't install run-coccinelle.sh
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 1 Apr 2020 19:16:34 +0000 (21:16 +0200)]
Merge pull request #3343 from Blub/apparmor-mount-rule-generation
apparmor: generate ro,bind,remount rule list
Wolfgang Bumiller [Fri, 2 Aug 2019 10:57:42 +0000 (12:57 +0200)]
apparmor: generate ro,bind,remount rule list
and update to changes based on lxd
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
gaohuatao [Wed, 1 Apr 2020 13:36:44 +0000 (09:36 -0400)]
fix non-root user cannot write /dev/stdout
Signed-off-by: gaohuatao <gaohuatao@huawei.com>
Christian Brauner [Tue, 31 Mar 2020 18:23:38 +0000 (20:23 +0200)]
Merge pull request #3341 from Blub/upstream-exec-reload
init: add ExecReload to lxc.service to only reload profiles
Christian Brauner [Tue, 31 Mar 2020 18:22:48 +0000 (20:22 +0200)]
Merge pull request #3342 from Blub/upstream-monitord-service
allow running lxc-monitord as a system daemon
Wolfgang Bumiller [Tue, 31 Mar 2020 13:22:42 +0000 (15:22 +0200)]
allow running lxc-monitord as a system daemon
lxc-monitord instances are spawned on demand and, if this
happens from a service, the daemon is considered part of
it by systemd, as it is running in the same cgroups. This
can be avoided by leaving it running permanently.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Tue, 31 Mar 2020 13:31:23 +0000 (15:31 +0200)]
init: add ExecReload to lxc.service to only reload profiles
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Christian Brauner [Mon, 30 Mar 2020 20:26:10 +0000 (22:26 +0200)]
start: remove unnecessary check for valid cgroup_ops
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Mon, 30 Mar 2020 18:12:59 +0000 (14:12 -0400)]
Merge pull request #3340 from brauner/2020-03-30/fixes
cgroups: handle older kernels (e.g. v4.9)
Christian Brauner [Mon, 30 Mar 2020 17:00:23 +0000 (19:00 +0200)]
cgroups: send two fds to attach to unified cgroup
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 30 Mar 2020 16:42:59 +0000 (18:42 +0200)]
cgroups: send two attach fds
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 30 Mar 2020 16:16:16 +0000 (18:16 +0200)]
start: log error when failing to create cgroup
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 30 Mar 2020 15:40:16 +0000 (17:40 +0200)]
cgroups: handle older kernels (e.g. v4.9)
On olders kernels the restrictions to move processes between cgroups are
different than they are on newer kernels. Specifically, we're running into the
following check:
if (!uid_eq(cred->euid, GLOBAL_ROOT_UID) &&
!uid_eq(cred->euid, tcred->uid) &&
!uid_eq(cred->euid, tcred->suid))
ret = -EACCES;
which dictates that in order to move a process into a cgroup one either needs
to be global root (no restrictions apply) or the effective uid of the process
trying to move the process and the {saved}uid of the process that is supposed
to be moved need to be identical. The new attaching logic we did didn't
fulfill this criterion for because it's not present on new kernels.
Closes https://github.com/lxc/lxd/issues/7104.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 30 Mar 2020 14:40:36 +0000 (16:40 +0200)]
Merge pull request #3339 from Blub/cmd-get-cgroup-string-termination
verify cgroup controller name
Wolfgang Bumiller [Mon, 30 Mar 2020 14:01:07 +0000 (16:01 +0200)]
verify cgroup controller name
validate that a cgroup controller name is a valid
zero-terminated string before passing it to
`cgroup_ops->get_cgroup()`.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Stéphane Graber [Sat, 28 Mar 2020 14:54:25 +0000 (10:54 -0400)]
Merge pull request #3338 from brauner/2020-03-28/fixes
tree-wide: fixes
Christian Brauner [Sat, 28 Mar 2020 14:03:51 +0000 (15:03 +0100)]
tree-wide: s/recursive_destroy/lxc_rm_rf/g
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 28 Mar 2020 14:01:58 +0000 (15:01 +0100)]
cgroups: better helper naming
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 28 Mar 2020 13:56:51 +0000 (14:56 +0100)]
cgroups: move check for valid monitor process up
Cc: cenxianlong <cenxianlong@huawei.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 28 Mar 2020 09:56:49 +0000 (10:56 +0100)]
Merge pull request #3337 from bale-cen/master
monitor process exited by signal SIGKILL, clean cgroup resource by th…
Stéphane Graber [Sat, 28 Mar 2020 01:48:18 +0000 (21:48 -0400)]
Merge pull request #3336 from brauner/2020-03-28/fixes
cgroups: please compilers
cenxianlong [Sat, 28 Mar 2020 00:52:26 +0000 (02:52 +0200)]
monitor process exited by signal SIGKILL, clean cgroup resource by third party
Writing the value 0 to a cgroup.procs file causes the
writing process to be moved to the corresponding cgroup
Signed-off-by: cenxianlong <cenxianlong@huawei.com>
Christian Brauner [Fri, 27 Mar 2020 23:27:00 +0000 (00:27 +0100)]
cgroups: please compilers
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Fri, 27 Mar 2020 21:33:59 +0000 (17:33 -0400)]
Merge pull request #3335 from brauner/2020-03-27/fixes
cgroups: use hidden directory for attaching cgroup
Christian Brauner [Fri, 27 Mar 2020 21:22:05 +0000 (22:22 +0100)]
cgroups: use hidden directory for attaching cgroup
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Fri, 27 Mar 2020 21:01:17 +0000 (17:01 -0400)]
Merge pull request #3333 from brauner/2020-03-27/fixes
conf: simplify userns_exec_minimal()
Christian Brauner [Fri, 27 Mar 2020 20:25:59 +0000 (21:25 +0100)]
conf: simplify userns_exec_minimal()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Fri, 27 Mar 2020 19:37:00 +0000 (15:37 -0400)]
Merge pull request #3332 from brauner/2020-03-27/fixes
attach: fixes
Christian Brauner [Fri, 27 Mar 2020 19:11:41 +0000 (20:11 +0100)]
conf: introduce and use userns_exec_minimal()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 27 Mar 2020 18:46:10 +0000 (19:46 +0100)]
Revert "cgroups: fix unified cgroup attach"
This reverts commit
ba7ca43b0be417275db7865336191681d915e97c .
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Fri, 27 Mar 2020 15:02:27 +0000 (11:02 -0400)]
Merge pull request #3331 from brauner/2020-03-27/fixes
tree-wide: fixes
Wolfgang Bumiller [Fri, 27 Mar 2020 13:15:12 +0000 (14:15 +0100)]
fixup i/o handler return values
Particularly important for lxc_cmd_handler() handles client
input and should not be capable of canceling the main loop,
some syscall return values leaked through overlapping with
LXC_MAINLOOP_ERROR, causing unauthorized clients connecting
to the command socket to shutdown the main loop.
In turn, signal_handler() receiving unexpected
`signalfd_siginfo` struct sizes seems like a reason to bail
(since it's a kernel interface).
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 27 Mar 2020 14:38:27 +0000 (15:38 +0100)]
cgroups: fix unified cgroup attach
There's a fundamental problem with futexes and setid calls and the go runtime.
POSIX requires that when one thread setids all threas must setids and it uses
futexes and signals to synchronize the state across threads. This causes
deadlocks which means we can't use the pretty solution I first implemented.
Instead we need to chown after we create the directory. I might come up with
something smarter later but for now this will do.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Fri, 27 Mar 2020 12:52:30 +0000 (08:52 -0400)]
Merge pull request #3330 from brauner/2020-03-27/fixes
conf: rework and fix leak in userns_exec_1()
Christian Brauner [Fri, 27 Mar 2020 11:00:22 +0000 (12:00 +0100)]
cgroups: remove unused variable
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 27 Mar 2020 10:52:44 +0000 (11:52 +0100)]
attach: use close_prot_errno_disarm()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 27 Mar 2020 10:05:50 +0000 (11:05 +0100)]
cgroups: rework __cg_unified_attach()
We didn't account for cgroup_attach() succeeding and just tried to attach to
the same cgroup again which doesn't make sense.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 27 Mar 2020 10:05:11 +0000 (11:05 +0100)]
cgroups: move pointer dereference after check
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 27 Mar 2020 10:04:34 +0000 (11:04 +0100)]
commands: log actual errno when lxc_cmd_get_cgroup2_fd() fails
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 27 Mar 2020 08:37:48 +0000 (09:37 +0100)]
conf: rework and fix leak in userns_exec_1()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Thu, 26 Mar 2020 19:11:50 +0000 (15:11 -0400)]
Merge pull request #3329 from brauner/2020-03-25/fixes
cgroups: fix attaching to the unified cgroup
Christian Brauner [Thu, 26 Mar 2020 18:27:07 +0000 (19:27 +0100)]
cgroups: fix attaching to the unified cgroup
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Thu, 26 Mar 2020 15:22:34 +0000 (11:22 -0400)]
Merge pull request #3328 from brauner/2020-03-25/fixes
tree-wide: fixes
Christian Brauner [Thu, 26 Mar 2020 14:47:11 +0000 (15:47 +0100)]
dir: improve dir backend
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 26 Mar 2020 14:32:29 +0000 (15:32 +0100)]
dir: use cleanup macro in dir_mount()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 26 Mar 2020 11:51:31 +0000 (12:51 +0100)]
tree-wide: harden mount option parsing
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Wed, 25 Mar 2020 17:31:45 +0000 (13:31 -0400)]
Merge pull request #3327 from P-EB/master
lxc.service: Starts after remote-fs.target
Pierre-Elliott Bécue [Wed, 25 Mar 2020 16:50:27 +0000 (17:50 +0100)]
[lxc.service] Starts after remote-fs.target to allow containers relying on remote FS to work
Signed-off-by: Pierre-Elliott Bécue <becue@crans.org>
Christian Brauner [Wed, 25 Mar 2020 11:53:13 +0000 (12:53 +0100)]
lxc_init: add missing O_CLOEXEC
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 25 Mar 2020 11:46:02 +0000 (12:46 +0100)]
lxc_init: move main() down
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Tue, 24 Mar 2020 20:36:14 +0000 (16:36 -0400)]
configure.ac: Reset devel flag post-release
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>