]>
git.proxmox.com Git - mirror_lxc.git/log
Stéphane Graber [Wed, 10 Oct 2018 15:04:42 +0000 (11:04 -0400)]
Merge pull request #2687 from brauner/2018-10-10/fix_verify_start_hooks
conf: verify_start_hooks() after lxc.mount.entry
Christian Brauner [Wed, 10 Oct 2018 11:06:21 +0000 (13:06 +0200)]
conf: verify_start_hooks() after lxc.mount.entry
Fixes: https://discuss.linuxcontainers.org/t/are-lxc-mount-entry-available-when-lxc-hook-start-is-validated/2906/3
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Wed, 10 Oct 2018 14:34:58 +0000 (10:34 -0400)]
Merge pull request #2688 from brauner/2018-10-10/cgfsng_fix_monitor_cpuset_deletion
cgfsng: ensure initialized cpuset controller
Stéphane Graber [Wed, 10 Oct 2018 14:34:35 +0000 (10:34 -0400)]
Merge pull request #2689 from brauner/2018-10-10/log_prlimit
conf: log prlimit setup
Christian Brauner [Wed, 10 Oct 2018 11:53:00 +0000 (13:53 +0200)]
conf: log prlimit setup
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 10 Oct 2018 11:43:10 +0000 (13:43 +0200)]
Merge pull request #2686 from 2xsec/rpm
fix rpm packaging error for static library
Christian Brauner [Wed, 10 Oct 2018 11:27:45 +0000 (13:27 +0200)]
cgfsng: ensure initialized cpuset controller
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2xsec [Wed, 10 Oct 2018 09:51:26 +0000 (18:51 +0900)]
fix post section script error for rpm install
Signed-off-by: 2xsec <dh48.jeong@samsung.com>
2xsec [Wed, 10 Oct 2018 09:21:41 +0000 (18:21 +0900)]
fix rpm packaging error for static library
Signed-off-by: 2xsec <dh48.jeong@samsung.com>
2xsec [Wed, 10 Oct 2018 06:00:45 +0000 (15:00 +0900)]
parse: fix uninitialized pointer access
Signed-off-by: 2xsec <dh48.jeong@samsung.com>
2xsec [Wed, 10 Oct 2018 05:50:32 +0000 (14:50 +0900)]
confile: remove unused variable
Signed-off-by: 2xsec <dh48.jeong@samsung.com>
Stéphane Graber [Tue, 9 Oct 2018 23:23:55 +0000 (19:23 -0400)]
Merge pull request #2684 from brauner/2018-10-10/cgfsng_improve_logging
cgfsng: improve deletion and logging
Christian Brauner [Tue, 9 Oct 2018 22:03:13 +0000 (00:03 +0200)]
cgfsng: improve loggin on monitor cgroup destroy
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 9 Oct 2018 22:02:46 +0000 (00:02 +0200)]
cgfsng: fix lxc.pivot directory creation
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Mon, 8 Oct 2018 21:06:58 +0000 (17:06 -0400)]
Merge pull request #2681 from brauner/2018-10-08/adapt_netns_ifaddrs_to_new_kernel
netns_ifaddrs: support NETLINK_DUMP_STRICT_CHK
Stéphane Graber [Mon, 8 Oct 2018 21:05:43 +0000 (17:05 -0400)]
Merge pull request #2682 from brauner/2018-10-08/fix_config_parsing
parse: do not mask failed parse
Christian Brauner [Mon, 8 Oct 2018 20:53:16 +0000 (22:53 +0200)]
test: test invalid config keys
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 8 Oct 2018 20:49:57 +0000 (22:49 +0200)]
parse: do not mask failed parse
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 8 Oct 2018 19:08:10 +0000 (21:08 +0200)]
netns_ifaddrs: check for NETLINK_DUMP_STRICT_CHK
Make use of the new socket option, NETLINK_DUMP_STRICT_CHK, that
userspace can use via setsockopt to request strict checking of headers
and attributes on dump requests.
To get dump features such as kernel side filtering based on data in
the header or attributes appended to the dump request, userspace
must call setsockopt() for NETLINK_DUMP_STRICT_CHK and a non-zero
value. This is necessary to make use of the IFA_TARGET_NETNSID property.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 8 Oct 2018 19:10:29 +0000 (21:10 +0200)]
macro: add SOL_NETLINK
This allows to set netlink socket properties.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 8 Oct 2018 18:55:55 +0000 (20:55 +0200)]
macro: add NETLINK_DUMP_STRICT_CHK
This adds support for the new socket option, NETLINK_DUMP_STRICT_CHK,
that userspace can use via setsockopt to request strict checking of
headers and attributes on dump requests.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Mon, 8 Oct 2018 15:42:13 +0000 (11:42 -0400)]
Merge pull request #2680 from brauner/2018-10-08/fix_android
attach: fix missing pthread.h include
Christian Brauner [Mon, 8 Oct 2018 15:20:08 +0000 (17:20 +0200)]
attach: fix missing pthread.h include
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 8 Oct 2018 08:35:02 +0000 (10:35 +0200)]
Merge pull request #2679 from 2xsec/bugfix
start: change log level
2xsec [Mon, 8 Oct 2018 07:37:40 +0000 (16:37 +0900)]
file_utils: fix too wide or inconsistent non-owner permissions
Signed-off-by: 2xsec <dh48.jeong@samsung.com>
2xsec [Mon, 8 Oct 2018 07:24:53 +0000 (16:24 +0900)]
start: change log level
Signed-off-by: 2xsec <dh48.jeong@samsung.com>
Stéphane Graber [Sun, 7 Oct 2018 20:22:08 +0000 (16:22 -0400)]
Merge pull request #2674 from brauner/2018-10-07/protect_errno
parse: tweak config parsing
Stéphane Graber [Sun, 7 Oct 2018 20:21:26 +0000 (16:21 -0400)]
Merge pull request #2677 from brauner/2018-10-07/attach_reset_signal_mask
attach: reset signal mask
Christian Brauner [Sun, 7 Oct 2018 09:21:06 +0000 (11:21 +0200)]
attach: reset signal mask
Since we introduced clean exit from the mainloop when SIGTERM is sent we
changed the signal mask of the parent process but we never reset the
signal mask for the actual attached process.
Closes #399.
Fixes: 1349e92e4d23 ("console: exit mainloop on SIGTERM")
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 7 Oct 2018 09:48:24 +0000 (11:48 +0200)]
Merge pull request #2676 from 2xsec/bugfix
doc: Add -u and -g args to Korean lxc-attach(1) and lxc-execute(1)
Wolfgang Bumiller [Sun, 7 Oct 2018 08:43:08 +0000 (10:43 +0200)]
Merge pull request #2675 from brauner/2018-10-07/path_max
tree-wide: s/MAXPATHLEN/PATH_MAX/g
2xsec [Sun, 7 Oct 2018 08:37:43 +0000 (17:37 +0900)]
doc: Add -u and -g args to Korean lxc-attach(1) and lxc-execute(1)
Signed-off-by: 2xsec <dh48.jeong@samsung.com>
Christian Brauner [Sun, 7 Oct 2018 08:09:00 +0000 (10:09 +0200)]
tools: s/MAXPATHLEN/PATH_MAX/g
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 7 Oct 2018 08:06:52 +0000 (10:06 +0200)]
storage: s/MAXPATHLEN/PATH_MAX/g
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 7 Oct 2018 08:04:15 +0000 (10:04 +0200)]
utils: s/MAXPATHLEN/PATH_MAX/g
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 7 Oct 2018 08:03:55 +0000 (10:03 +0200)]
terminal: s/MAXPATHLEN/PATH_MAX/g
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 7 Oct 2018 08:02:53 +0000 (10:02 +0200)]
start: s/MAXPATHLEN/PATH_MAX/g
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 7 Oct 2018 08:02:39 +0000 (10:02 +0200)]
pam: s/MAXPATHLEN/PATH_MAX/g
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 7 Oct 2018 08:02:14 +0000 (10:02 +0200)]
network: s/MAXPATHLEN/PATH_MAX/g
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 7 Oct 2018 08:01:59 +0000 (10:01 +0200)]
macro: s/MAXPATHLEN/PATH_MAX/g
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 7 Oct 2018 08:01:30 +0000 (10:01 +0200)]
lxccontainer: s/MAXPATHLEN/PATH_MAX/g
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 7 Oct 2018 08:01:13 +0000 (10:01 +0200)]
lsm: s/MAXPATHLEN/PATH_MAX/g
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2xsec [Sun, 7 Oct 2018 08:00:50 +0000 (17:00 +0900)]
doc: fix indent
Signed-off-by: 2xsec <dh48.jeong@samsung.com>
Christian Brauner [Sun, 7 Oct 2018 08:00:50 +0000 (10:00 +0200)]
log: s/MAXPATHLEN/PATH_MAX/g
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 7 Oct 2018 07:59:16 +0000 (09:59 +0200)]
confile: s/MAXPATHLEN/PATH_MAX/g
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 7 Oct 2018 07:58:56 +0000 (09:58 +0200)]
conf: s/MAXPATHLEN/PATH_MAX/g
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 7 Oct 2018 07:53:46 +0000 (09:53 +0200)]
cmd: s/MAXPATHLEN/PATH_MAX/g
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 7 Oct 2018 07:53:30 +0000 (09:53 +0200)]
macro: add PATH_MAX
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 6 Oct 2018 22:50:52 +0000 (00:50 +0200)]
parse: report errors when failing config parsing
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 6 Oct 2018 22:42:44 +0000 (00:42 +0200)]
parse: remove access() check
We can just fail on open() and not waste an additional syscall.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 6 Oct 2018 13:30:12 +0000 (15:30 +0200)]
Merge pull request #2672 from 2xsec/bugfix
remove unused argument
Christian Brauner [Sat, 6 Oct 2018 10:58:43 +0000 (12:58 +0200)]
Merge pull request #2673 from Blub/2018-10-06/cgfsng-alloc-cleanup
cgfsng: use realloc instead of malloc+copy+free
Wolfgang Bumiller [Sat, 6 Oct 2018 09:12:08 +0000 (11:12 +0200)]
cgfsng: use realloc instead of malloc+copy+free
Signed-off-by: Wolfgang Bumiller <w.bumiller@errno.eu>
2xsec [Fri, 5 Oct 2018 02:08:41 +0000 (11:08 +0900)]
tools: lxc-unshare: remove unnecessary initialization
Signed-off-by: 2xsec <dh48.jeong@samsung.com>
2xsec [Fri, 5 Oct 2018 02:07:02 +0000 (11:07 +0900)]
tools: lxc-start: remove unused argument
Signed-off-by: 2xsec <dh48.jeong@samsung.com>
Wolfgang Bumiller [Wed, 3 Oct 2018 12:13:57 +0000 (14:13 +0200)]
Merge pull request #2671 from brauner/2018-10-03/syscall_wrappers
syscalls: move wrappers and raw syscalls to appropriate files
Wolfgang Bumiller [Wed, 3 Oct 2018 12:11:57 +0000 (14:11 +0200)]
Merge pull request #2670 from brauner/2018-10-03/cgfsng_fix_race
cgfsng: close tiny race window
Christian Brauner [Wed, 3 Oct 2018 11:10:55 +0000 (13:10 +0200)]
raw_syscalls: move lxc_raw_gettid()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 3 Oct 2018 11:08:51 +0000 (13:08 +0200)]
syscall_wrappers: move signalfd()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 3 Oct 2018 11:03:30 +0000 (13:03 +0200)]
syscall_wrappers: move unshare()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 3 Oct 2018 10:59:32 +0000 (12:59 +0200)]
syscall_wrappers: move sethostname()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 3 Oct 2018 10:57:32 +0000 (12:57 +0200)]
syscall_wrappers: move setns()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 3 Oct 2018 10:49:46 +0000 (12:49 +0200)]
syscall_wrappers: move memfd_create()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 3 Oct 2018 10:23:36 +0000 (12:23 +0200)]
cgfsng: handle v1 cpuset hierarchy first
If the value of cgroup.clone_children in our immediate ancestor cgroup
is 0 then the cpuset of any cgroups we create in subtrees will be empty
and hence we'll copy an empty cpuset at which point we cannot enter the
cpuset cgroup.
Avoid this problem by initializing cgroup.clone_children to 1 an copying
the initialized cpuset of our immediate ancestor. Note, that the cpuset
of our immediate ancestor must be initialized and ours as well otherwise
we couldn't be located in this cgroup.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 3 Oct 2018 10:20:49 +0000 (12:20 +0200)]
Revert "Revert "cgfsng: avoid tiny race window""
This reverts commit
c5e7a7acbf23f0c267179b3318af41423b39493a .
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Tue, 2 Oct 2018 22:02:41 +0000 (18:02 -0400)]
Revert "cgfsng: avoid tiny race window"
This reverts commit
17e55991744576bca20e370a6d829da99c3fc801 .
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Stéphane Graber [Tue, 2 Oct 2018 19:28:24 +0000 (15:28 -0400)]
Merge pull request #2669 from brauner/2018-10-02/bugfixes
utils: fix lxc_set_death_signal()
Christian Brauner [Tue, 2 Oct 2018 18:59:34 +0000 (20:59 +0200)]
utils: fix lxc_set_death_signal()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Tue, 2 Oct 2018 18:40:55 +0000 (14:40 -0400)]
Merge pull request #2668 from brauner/2018-10-02/cgroups_monitor_fixes
cgfsng: do not reuse another monitor's cgroup
Christian Brauner [Tue, 2 Oct 2018 15:40:25 +0000 (17:40 +0200)]
cgfsng: avoid tiny race window
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 2 Oct 2018 15:27:55 +0000 (17:27 +0200)]
cgfsng: do not reuse another monitor's cgroup
Otherwise we will create a race.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Tue, 2 Oct 2018 15:28:28 +0000 (11:28 -0400)]
Merge pull request #2667 from brauner/2018-10-02/prefault_mmaped_config_file
parse: prefault config file with MAP_POPULATE
Christian Brauner [Tue, 2 Oct 2018 14:40:13 +0000 (16:40 +0200)]
parse: prefault config file with MAP_POPULATE
When we call lxc_file_for_each_line_mmap() we will always parse the
whole config file. Prefault it in case it is really long to optimize
performance.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 2 Oct 2018 10:50:51 +0000 (12:50 +0200)]
Merge pull request #2666 from 2xsec/bugfix
cgroups: remove unnecessary line
2xsec [Tue, 2 Oct 2018 09:55:33 +0000 (18:55 +0900)]
netns_iaddrs: remove unused functions
Signed-off-by: 2xsec <dh48.jeong@samsung.com>
2xsec [Tue, 2 Oct 2018 09:49:16 +0000 (18:49 +0900)]
cgroups: remove unnecessary line
Signed-off-by: 2xsec <dh48.jeong@samsung.com>
Stéphane Graber [Sun, 30 Sep 2018 21:02:55 +0000 (17:02 -0400)]
Merge pull request #2664 from brauner/2018-09-30/syscall_wrappers
syscalls: add wrappers and explicit raw syscalls
Stéphane Graber [Sun, 30 Sep 2018 21:01:08 +0000 (17:01 -0400)]
Merge pull request #2665 from brauner/2018-09-30/netns_ifaddrs
netns_ifaddrs: only use struct rtnl_link_stats64
Christian Brauner [Sun, 30 Sep 2018 18:58:06 +0000 (20:58 +0200)]
netns_ifaddrs: only use struct rtnl_link_stats64
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 30 Sep 2018 18:23:54 +0000 (20:23 +0200)]
tests: add missing build dependencies
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 30 Sep 2018 18:13:02 +0000 (20:13 +0200)]
autotools: fix lxc-usernsexec build
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 30 Sep 2018 18:10:36 +0000 (20:10 +0200)]
autotools: fix lxc-user-nic build
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 30 Sep 2018 18:08:46 +0000 (20:08 +0200)]
autotools: fix lxc-monitord build
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 30 Sep 2018 18:07:02 +0000 (20:07 +0200)]
autotools: fix lxc init build
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 30 Sep 2018 18:05:17 +0000 (20:05 +0200)]
raw_syscalls: add lxc_raw_getpid()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 30 Sep 2018 17:47:58 +0000 (19:47 +0200)]
raw_syscalls: add lxc_raw_clone{_cb}()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Sun, 30 Sep 2018 18:01:06 +0000 (14:01 -0400)]
Merge pull request #2663 from brauner/2018-09-30/netns_ifaddrs
netns_ifaddrs: handle IFLA_STATS{64} correctly
Christian Brauner [Sun, 30 Sep 2018 10:43:15 +0000 (12:43 +0200)]
raw_syscalls: add lxc_raw_execveat()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 30 Sep 2018 10:41:34 +0000 (12:41 +0200)]
syscall_wrappers: add pivot_root()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 30 Sep 2018 10:25:27 +0000 (12:25 +0200)]
netns_ifaddrs: handle IFLA_STATS{64} correctly
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Fri, 28 Sep 2018 23:15:11 +0000 (01:15 +0200)]
Merge pull request #2661 from brauner/2018-09-28/relro_bind_now
autotools: support -z relro and -z now
Christian Brauner [Fri, 28 Sep 2018 20:58:20 +0000 (22:58 +0200)]
autotools: support -z relro and -z now
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Fri, 28 Sep 2018 12:13:47 +0000 (14:13 +0200)]
Merge pull request #2658 from brauner/2018-09-28/keyctl
utils: add lxc_setup_keyring()
Christian Brauner [Fri, 28 Sep 2018 11:14:25 +0000 (13:14 +0200)]
utils: add lxc_setup_keyring()
Allocate a new keyring if we can to prevent information leak.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 28 Sep 2018 11:29:58 +0000 (13:29 +0200)]
configure: fix -Wimplicit-fallthrough check
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Fri, 28 Sep 2018 10:32:02 +0000 (12:32 +0200)]
Merge pull request #2657 from ssup2/master
oci-template: Add logic for no /etc/passwd, group
Jungsub Shin [Fri, 28 Sep 2018 10:21:08 +0000 (19:21 +0900)]
oci-template: Add logic for no /etc/passwd, group
OCI image spec dosen't specify action when there is
no /etc/passwd or /etc/group. So if there is no
/etc/passwd with string user info, set uid to 0. If there
is no /etc/group with string group info, set gid to 0.
Signed-off-by: Jungsub Shin jungsub_shin@tmax.co.kr
Stéphane Graber [Fri, 28 Sep 2018 10:13:39 +0000 (12:13 +0200)]
Merge pull request #2656 from brauner/2018-09-28/fix_btrfs_regression
btrfs: fix btrfs containers
Christian Brauner [Fri, 28 Sep 2018 09:24:46 +0000 (11:24 +0200)]
btrfs: fix btrfs containers
Closes #2612.
Closes #2655.
Fixes: 9de31d5a1394 ("tree-wide: s/strncpy()/strlcpy()/g")
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Fri, 28 Sep 2018 08:35:51 +0000 (10:35 +0200)]
Merge pull request #2629 from ssup2/master
template: oci template supports for char user info