]>
git.proxmox.com Git - mirror_lxc.git/log
Christian Brauner [Thu, 15 Oct 2020 08:00:44 +0000 (10:00 +0200)]
seccomp: improve default notification sending
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 15 Oct 2020 07:19:23 +0000 (09:19 +0200)]
seccomp: log invalid seccomp notify ids
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 13 Oct 2020 20:12:29 +0000 (22:12 +0200)]
Merge pull request #3548 from Drachenfels-GmbH/master
seccomp: Check if syscall is supported on compat architecture.
Ruben Jenster [Tue, 13 Oct 2020 14:51:55 +0000 (16:51 +0200)]
seccomp: Check if syscall is supported on compat architecture.
Signed-off-by: Ruben Jenster <r.jenster@drachenfels.de>
Stéphane Graber [Wed, 23 Sep 2020 12:01:11 +0000 (08:01 -0400)]
Merge pull request #3541 from Mingli-Yu/master
Remove obsolete setting regarding the Standard Output
Mingli Yu [Wed, 23 Sep 2020 07:03:02 +0000 (07:03 +0000)]
Remove obsolete setting regarding the Standard Output
The Standard output type "syslog" is obsolete, causing a warning since systemd
version 246 [1].
Please consider using "journal" or "journal+console"
[1] https://github.com/systemd/systemd/blob/master/NEWS#L202
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Stéphane Graber [Thu, 17 Sep 2020 17:11:20 +0000 (13:11 -0400)]
Merge pull request #3540 from brauner/2020-09-17/fixes_2
lxc-usernsexec: setgroups() similar to other places shouldn't fail on…
Christian Brauner [Thu, 17 Sep 2020 15:44:26 +0000 (17:44 +0200)]
lxc-usernsexec: setgroups() similar to other places shouldn't fail on EPERM
FAIL: lxc-tests: lxc-test-usernsexec (1s)
---
as test-userns executing /tmp/autopkgtest.waGEXj/build.Hm3/src/src/tests/lxc-test-usernsexec
uid=1001 gid=1001 name=test-userns subuid=165536 subgid=165536 ver=1:4.0.4-0ubuntu3
lxc-utils=1:4.0.4-0ubuntu3 kver=5.8.0-19-generic
USERNSEXEC=lxc-usernsexec
nouidgid: PASS
myuidgid: FAIL - runtest failed 1
$ lxc-usernsexec -mu:0:1001:1 -mg:0:1001:1 -- /tmp/autopkgtest.waGEXj/build.Hm3/src/src/tests/lxc-test-usernsexec inside f0
lxc
20200914222824 .562 ERROR utils - utils.c:lxc_setgroups:1363 - Operation not permitted - Failed to setgroups()
kid 73112 is gone 1
subuidgid: PASS
bothsets: PASS
mismatch: PASS
ERRORS: myuidgid
---
Reported-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Thu, 17 Sep 2020 15:30:14 +0000 (11:30 -0400)]
Merge pull request #3539 from brauner/2020-09-17/fixes
commands: don't fail if unfreeze fails
Christian Brauner [Thu, 17 Sep 2020 09:11:44 +0000 (11:11 +0200)]
commands: don't fail if unfreeze fails
We can e.g. fail the unfreeze because the freezer cgroup is not available and
then we erronously report that stopping the container failed.
Closes: #3471.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 3 Sep 2020 08:11:41 +0000 (10:11 +0200)]
Merge pull request #3532 from alliedtelesis/fix_lxc_attach_crash
avoid a NULL pointer dereference in lxc-attach
Christian Brauner [Wed, 2 Sep 2020 07:28:32 +0000 (09:28 +0200)]
attach: use lxc_terminal_signal_sigmask_safe_blocked()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 2 Sep 2020 07:28:12 +0000 (09:28 +0200)]
terminal: introduce lxc_terminal_signal_sigmask_safe_blocked()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Scott Parlane [Wed, 2 Sep 2020 05:01:11 +0000 (17:01 +1200)]
avoid a NULL pointer dereference in lxc-attach
Seems to appear when stderr is a terminal and not stdin or stdout.
Signed-off-by: Scott Parlane <scott.parlane@alliedtelesis.co.nz>
Christian Brauner [Fri, 28 Aug 2020 10:12:56 +0000 (12:12 +0200)]
Merge pull request #3531 from JingWoo/cleancode
remove useless parameters
wujing [Fri, 28 Aug 2020 08:46:48 +0000 (16:46 +0800)]
remove useless parameters
Signed-off-by: wujing <Jing.Woo@outlook.com>
Stéphane Graber [Tue, 25 Aug 2020 12:45:14 +0000 (08:45 -0400)]
Merge pull request #3530 from brauner/2020-08-25/fixes
cgroups: fix armhf builds
Christian Brauner [Tue, 25 Aug 2020 10:30:37 +0000 (12:30 +0200)]
Merge pull request #3529 from pranaysrivastava/fixup_rootfs_detection
Check only rootfs as filesystem type
Christian Brauner [Tue, 25 Aug 2020 10:27:10 +0000 (12:27 +0200)]
Pranay Kr. Srivastava [Mon, 24 Aug 2020 08:10:02 +0000 (13:40 +0530)]
Check only rootfs as filesystem type
When detecting if rootfs is on ramfs instead of checking "- rootfs
rootfs" which is the " - <file_system> <device>" information only check
the file system type. This is due to a change introduced in kernel where
ramfs file system doesn't set the device to "rootfs" but instead mark it
as "none". By making sure we only check for "rootfs" as the file system
name we also offer backward compatibility with earlier kernels as well.
The kernel commit that introduced this change was
commit
f32356261d44d580649a7abce1156d15d49cf20f
Author: David Howells <dhowells@redhat.com>
Date: Mon Mar 25 16:38:31 2019 +0000
vfs: Convert ramfs, shmem, tmpfs, devtmpfs, rootfs to use the new
mount API
Signed-off-by: Pranay Kr. Srivastava <pranay.srivastava@pantacor.com>
Stéphane Graber [Fri, 21 Aug 2020 16:10:50 +0000 (12:10 -0400)]
Merge pull request #3528 from graysky2/master
remove deprecated options in lxc.service fixes #3527
Stéphane Graber [Fri, 21 Aug 2020 16:10:29 +0000 (12:10 -0400)]
Merge pull request #3526 from brauner/2020-08-21/fixes
cgfsng: fix cgroup attach cgroup creation
graysky [Fri, 21 Aug 2020 10:33:49 +0000 (06:33 -0400)]
remove deprecated options in lxc.service fixes #3527
Signed-off-by: graysky <graysky@archlinux.us>
Christian Brauner [Fri, 21 Aug 2020 07:59:18 +0000 (09:59 +0200)]
cgfsng: fix cgroup attach cgroup creation
\e [01m
\e [Kcgroups/cgfsng.c:
\e [m
\e [K In function ‘
\e [01m
\e [Kcgroup_attach_leaf.constprop
\e [m
\e [K’:
\e [01m
\e [Kcgroups/cgfsng.c:2221:10:
\e [m
\e [K
\e [01;31m
\e [Kerror:
\e [m
\e [Kwriting 1 byte into a region of size 0 [
\e [01;31m
\e [K-Werror=stringop-overflow=
\e [m
\e [K]
2221 |
\e [01;31m
\e [K*slash = '\0'
\e [m
\e [K;
|
\e [01;31m
\e [K~~~~~~~^~~~~~
\e [m
\e [K
\e [01m
\e [Kcgroups/cgfsng.c:2213:8:
\e [m
\e [K
\e [01;36m
\e [Knote:
\e [m
\e [Kat offset -13 to object ‘
\e [01m
\e [Kattach_cgroup
\e [m
\e [K’ with size 23 declared here
2213 | char
\e [01;36m
\e [Kattach_cgroup
\e [m
\e [K[STRLITERALLEN(".lxc-1000/cgroup.procs") + 1];
|
\e [01;36m
\e [K^~~~~~~~~~~~~
\e [m
\e [K
\e [01m
\e [Kcgroups/cgfsng.c:2229:10:
\e [m
\e [K
\e [01;31m
\e [Kerror:
\e [m
\e [Kwriting 1 byte into a region of size 0 [
\e [01;31m
\e [K-Werror=stringop-overflow=
\e [m
\e [K]
2229 |
\e [01;31m
\e [K*slash = '/'
\e [m
\e [K;
|
\e [01;31m
\e [K~~~~~~~^~~~~
\e [m
\e [K
\e [01m
\e [Kcgroups/cgfsng.c:2213:8:
\e [m
\e [K
\e [01;36m
\e [Knote:
\e [m
\e [Kat offset -13 to object ‘
\e [01m
\e [Kattach_cgroup
\e [m
\e [K’ with size 23 declared here
2213 | char
\e [01;36m
\e [Kattach_cgroup
\e [m
\e [K[STRLITERALLEN(".lxc-1000/cgroup.procs") + 1];
|
\e [01;36m
\e [K^~~~~~~~~~~~~
\e [m
\e [K
\e [01m
\e [Kcgroups/cgfsng.c:2229:10:
\e [m
\e [K
\e [01;31m
\e [Kerror:
\e [m
\e [Kwriting 1 byte into a region of size 0 [
\e [01;31m
\e [K-Werror=stringop-overflow=
\e [m
\e [K]
2229 |
\e [01;31m
\e [K*slash = '/'
\e [m
\e [K;
|
\e [01;31m
\e [K~~~~~~~^~~~~
\e [m
\e [K
\e [01m
\e [Kcgroups/cgfsng.c:2213:8:
\e [m
\e [K
\e [01;36m
\e [Knote:
\e [m
\e [Kat offset -13 to object ‘
\e [01m
\e [Kattach_cgroup
\e [m
\e [K’ with size 23 declared here
2213 | char
\e [01;36m
\e [Kattach_cgroup
\e [m
\e [K[STRLITERALLEN(".lxc-1000/cgroup.procs") + 1];
|
\e [01;36m
\e [K^~~~~~~~~~~~~
\e [m
\e [K
Link: https://launchpadlibrarian.net/494354168/buildlog_ubuntu-groovy-armhf.lxc_1%3A4.0.4-0ubuntu1_BUILDING.txt.gz
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Mon, 17 Aug 2020 04:04:30 +0000 (00:04 -0400)]
Merge pull request #3522 from avr1254/master
Updated documentation to reflect lack of support for pure cgroupv2
Arjun Ramachandrula [Sat, 15 Aug 2020 20:16:03 +0000 (16:16 -0400)]
Updated documentation to reflect lack of support for pure cgroupv2
Signed-off-by: Arjun Ramachandrula <arjun.ramachandrula@gmail.com>
Stéphane Graber [Wed, 12 Aug 2020 21:31:08 +0000 (17:31 -0400)]
Merge pull request #3518 from brauner/2020-08-12/fixes
lsm: remove the need for atomic operations
Christian Brauner [Wed, 12 Aug 2020 13:26:22 +0000 (15:26 +0200)]
lsm: remove the need for atomic operations
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Tue, 11 Aug 2020 12:28:19 +0000 (08:28 -0400)]
Merge pull request #3517 from brauner/2020-08-10/fixes_2
lsm: rewrite
Christian Brauner [Tue, 11 Aug 2020 08:32:01 +0000 (10:32 +0200)]
lsm: use atomic in ase we're used multi-threaded
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 10 Aug 2020 21:55:13 +0000 (23:55 +0200)]
lsm: rework lsm handling
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Mon, 10 Aug 2020 18:41:00 +0000 (14:41 -0400)]
Merge pull request #3514 from brauner/2020-08-10/fixes
conf: terminal and /dev hardening
Christian Brauner [Mon, 10 Aug 2020 09:13:53 +0000 (11:13 +0200)]
terminal: harden terminal allocation
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 10 Aug 2020 09:01:42 +0000 (11:01 +0200)]
conf: move /dev setup to be file descriptor based
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Mon, 10 Aug 2020 02:39:45 +0000 (22:39 -0400)]
Merge pull request #3513 from brauner/2020-08-09/openat2
openat2() and safe mounting
Christian Brauner [Sun, 9 Aug 2020 17:35:33 +0000 (19:35 +0200)]
conf: harden lxc_fill_autodev() via save_mount_beneath_at()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 9 Aug 2020 17:33:23 +0000 (19:33 +0200)]
file_utils: add exists_dir_at()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 9 Aug 2020 16:55:52 +0000 (18:55 +0200)]
conf: make use of stashed container mountpoint fd in mount_autodev()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 9 Aug 2020 16:55:25 +0000 (18:55 +0200)]
conf: stash file descriptor to root mountpoint in struct lxc_rootfs
This way we only need to open it _once_ per container startup.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 9 Aug 2020 16:37:57 +0000 (18:37 +0200)]
utils: introduce safe_mount_beneath_at()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 9 Aug 2020 13:48:35 +0000 (15:48 +0200)]
cgfsng: use safe_mount_beneath()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 9 Aug 2020 13:37:31 +0000 (15:37 +0200)]
conf: switch mount_autodev() to new safe_mount_beneath() helper
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 9 Aug 2020 13:24:26 +0000 (15:24 +0200)]
utils: add safe_mount_beneath() based on openat2()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 9 Aug 2020 10:48:02 +0000 (12:48 +0200)]
syscalls: add openat2()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 7 Aug 2020 19:40:56 +0000 (21:40 +0200)]
Merge pull request #3512 from stgraber/master
lxc-download fixes
Stéphane Graber [Fri, 7 Aug 2020 19:10:22 +0000 (15:10 -0400)]
lxc-download: Fix retry loop
Closes #3511
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Stéphane Graber [Fri, 7 Aug 2020 19:09:01 +0000 (15:09 -0400)]
Revert "templates/lxc-download.in: use GPG option --receive-keys instead of --recv-keys"
This reverts commit
409040e702f814a167aed5a0e833f4d5c67fd29d .
Testing of both options show identical behavior but receive-keys does
not exist on older releases, so let's revert this.
Closes #3510
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Stéphane Graber [Thu, 6 Aug 2020 15:51:32 +0000 (11:51 -0400)]
Merge pull request #3509 from brauner/2020-08-06/fixes
api-extension: add missing seccomp_proxy_send_notify_fd extension
Christian Brauner [Thu, 6 Aug 2020 15:33:09 +0000 (17:33 +0200)]
api-extension: add missing seccomp_proxy_send_notify_fd extension
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Thu, 6 Aug 2020 13:27:31 +0000 (09:27 -0400)]
Merge pull request #3508 from brauner/2020-08-06/fixes
seccomp: add seccomp_notify_fd_active api extension
Christian Brauner [Thu, 6 Aug 2020 13:08:09 +0000 (15:08 +0200)]
seccomp: send notify fd as part of the message
Since we haven't made this official api yet: YOLO
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 6 Aug 2020 12:38:07 +0000 (14:38 +0200)]
seccomp: add seccomp_notify_fd_active api extension
which allows to retrieve an active seccomp notifier fd from a running
container.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Thu, 6 Aug 2020 12:38:06 +0000 (08:38 -0400)]
Merge pull request #3507 from brauner/2020-08-06/fixes
seccomp: don't close the mainloop, simply remove the handler
Christian Brauner [Thu, 6 Aug 2020 12:14:10 +0000 (14:14 +0200)]
seccomp: don't close the mainloop, simply remove the handler
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Wed, 5 Aug 2020 19:14:28 +0000 (15:14 -0400)]
Merge pull request #3506 from brauner/2020-08-05/safe_native_terminal_allocation
macro: define TIOCGPTPEER if missing
Christian Brauner [Wed, 5 Aug 2020 18:50:27 +0000 (20:50 +0200)]
conf: use openat() instead of open_tree()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 5 Aug 2020 14:44:53 +0000 (16:44 +0200)]
macro: define TIOCGPTPEER if missing
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Wed, 5 Aug 2020 14:10:52 +0000 (10:10 -0400)]
Merge pull request #3505 from brauner/2020-08-05/safe_native_terminal_allocation
terminal: safely allocate pts devices from inside the container
Christian Brauner [Wed, 5 Aug 2020 10:03:41 +0000 (12:03 +0200)]
terminal: safely allocate pts devices from inside the container
This was a year long journey which seems to finally have come to an end.
Closes: #1620.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Tue, 4 Aug 2020 00:53:01 +0000 (20:53 -0400)]
Merge pull request #3504 from brauner/2020-08-04/fixes
conf: ensure that the idmap pointer itself is freed
Christian Brauner [Mon, 3 Aug 2020 22:05:05 +0000 (00:05 +0200)]
conf: ensure that the idmap pointer itself is freed
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 28 Jul 2020 11:25:48 +0000 (13:25 +0200)]
Merge pull request #3501 from ffontaine/master
syscall: don't fail if __NR_signalfd is not defined
Fabrice Fontaine [Tue, 28 Jul 2020 10:31:31 +0000 (12:31 +0200)]
syscall: don't fail if __NR_signalfd is not defined
lxc fails to build if __NR_signalfd is not defined since version 4.0.0
and
https://github.com/lxc/lxc/commit/
bed09c9cc0bec7bbd2442fcce4a2a0f03994cb09
However, some architectures don't define __NR_signalfd but only
__NR_signalfd4. This is the case for example for nios2 or csky:
https://github.com/bminor/glibc/blob/
f9ac84f92f151e07586c55e14ed628d493a5929d /sysdeps/unix/sysv/linux/nios2/arch-syscall.h
https://github.com/bminor/glibc/blob/
f9ac84f92f151e07586c55e14ed628d493a5929d /sysdeps/unix/sysv/linux/csky/arch-syscall.h
Fixes:
- http://autobuild.buildroot.org/results/
75096a48d2dbda57459523db3ed0952e63f93535
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Stéphane Graber [Mon, 27 Jul 2020 16:02:48 +0000 (12:02 -0400)]
Merge pull request #3500 from brauner/2020-07-27/seccomp_notify_cleanup
seccomp: add missing header
Christian Brauner [Mon, 27 Jul 2020 15:26:42 +0000 (17:26 +0200)]
seccomp: add missing header
Fixes: https://launchpadlibrarian.net/490341075/buildlog_snap_ubuntu_bionic_amd64_lxd-latest-edge_BUILDING.txt.gz
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Mon, 27 Jul 2020 12:16:30 +0000 (08:16 -0400)]
Merge pull request #3499 from brauner/2020-07-27/seccomp_notify_cleanup
seccomp: remove seccomp fd from event loop after task exited
Christian Brauner [Mon, 27 Jul 2020 08:12:16 +0000 (10:12 +0200)]
seccomp: remove seccomp fd from event loop after task exited
Linux v5.8 will land my patch where seccomp notifies when a filter goes unused,
i.e. when the last task using a given seccomp filter has exited. This wasn't
possible before and so we accumulated file descriptors in the container's event
loop whenever we attached to the container.
I'm not sure whether the task exiting before we could handle its syscall should
cause us to report and error or not. For now, let's simply close the event loop
and not report an error.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Sat, 25 Jul 2020 16:49:14 +0000 (12:49 -0400)]
Merge pull request #3498 from brauner/master
selinux: remove security_context_t usage as it's deprecated
Christian Brauner [Sat, 25 Jul 2020 09:36:46 +0000 (11:36 +0200)]
selinux: remove security_context_t usage as it's deprecated
Link: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1888705
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Thu, 23 Jul 2020 16:52:37 +0000 (12:52 -0400)]
Merge pull request #3497 from brauner/2020-07-23/fix_snap_compilation
autotools: fix Makefile
Stéphane Graber [Thu, 23 Jul 2020 14:34:36 +0000 (10:34 -0400)]
Merge pull request #3496 from brauner/2020-07-18/mount_pid
new mount api support: basics
Christian Brauner [Thu, 23 Jul 2020 08:33:33 +0000 (10:33 +0200)]
Makefile: fix Makefile
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 22 Jul 2020 10:04:52 +0000 (12:04 +0200)]
log: don't break logging by hiding symbols
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 22 Jul 2020 09:47:21 +0000 (11:47 +0200)]
attach: use new mount api
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 22 Jul 2020 09:45:15 +0000 (11:45 +0200)]
mount_utils: add mount_filesystem() helper
that translates between the two mount apis.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 22 Jul 2020 09:32:28 +0000 (11:32 +0200)]
mount_utils: add mount utils
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 22 Jul 2020 09:02:33 +0000 (11:02 +0200)]
syscalls: add fsmount()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 22 Jul 2020 08:59:49 +0000 (10:59 +0200)]
syscalls: add fsconfig()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 22 Jul 2020 08:54:12 +0000 (10:54 +0200)]
syscalls: add fspick()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 22 Jul 2020 08:50:20 +0000 (10:50 +0200)]
syscalls: add fsopen()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Wed, 22 Jul 2020 18:39:53 +0000 (14:39 -0400)]
Merge pull request #3492 from brauner/2020-07-18/visibility_hidden
tree-wide: hide unnecessary symbols
Stéphane Graber [Wed, 22 Jul 2020 17:05:49 +0000 (13:05 -0400)]
Merge pull request #3495 from siv0/boot_id_remount_apparmor_fix
apparmor: Allow ro remount of boot_id
Stoiko Ivanov [Wed, 22 Jul 2020 10:17:24 +0000 (12:17 +0200)]
apparmor: Allow ro remount of boot_id
The rule added in
863845075d3f77d27c91bd9f47d2f8ddc4867bd5 did not cover all
necessary mount calls for /proc/sys/kernel/random/boot_id
(in src/lxc/conf.c: lxc_setup_boot_id) - the ro remount is missing.
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Christian Brauner [Wed, 22 Jul 2020 08:46:05 +0000 (10:46 +0200)]
start: simplify gotos
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 21 Jul 2020 12:50:38 +0000 (14:50 +0200)]
tree-wide: hide further unnecessary symbols
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 21 Jul 2020 11:57:16 +0000 (13:57 +0200)]
storage: hide unnecessary symbols
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 21 Jul 2020 11:45:37 +0000 (13:45 +0200)]
arguments: hide unnecessary symbols
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 21 Jul 2020 11:40:57 +0000 (13:40 +0200)]
lsm: hide unnecessary symbols
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 21 Jul 2020 11:28:08 +0000 (13:28 +0200)]
cgroups: hide unnecessary symbols
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 21 Jul 2020 11:19:03 +0000 (13:19 +0200)]
uuid: hide unnecessary symbols
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 21 Jul 2020 11:15:25 +0000 (13:15 +0200)]
utils: hide unnecessary symbols
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 21 Jul 2020 10:44:09 +0000 (12:44 +0200)]
terminal: hide unnecessary symbols
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 21 Jul 2020 10:37:28 +0000 (12:37 +0200)]
sync: hide unnecessary symbols
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 21 Jul 2020 10:30:53 +0000 (12:30 +0200)]
state: hide unnecessary symbols
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 21 Jul 2020 10:24:45 +0000 (12:24 +0200)]
start: hide unnecessary symbols
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 20 Jul 2020 16:49:55 +0000 (18:49 +0200)]
ringbuf: hide unnecessary symbols
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 20 Jul 2020 16:46:13 +0000 (18:46 +0200)]
rexec: hide unnecessary symbols
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 20 Jul 2020 16:45:02 +0000 (18:45 +0200)]
process_utils: hide unnecessary symbols
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 20 Jul 2020 16:38:05 +0000 (18:38 +0200)]
parse: hide unnecessary symbols
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 20 Jul 2020 16:25:57 +0000 (18:25 +0200)]
network: hide unnecessary symbols
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>