]>
git.proxmox.com Git - mirror_lxc.git/log
Christian Brauner [Sun, 23 Apr 2017 13:06:10 +0000 (15:06 +0200)]
cgroups: improve cgfsng debugging
In a lot of cases we need a list of the writeable cgroup controllers detected
by the cgfsng driver.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Sun, 23 Apr 2017 01:10:10 +0000 (21:10 -0400)]
Merge pull request #1520 from brauner/2017-04-22/improve_loop
utils: use loop device helpers from LXD
Stéphane Graber [Sun, 23 Apr 2017 01:09:44 +0000 (21:09 -0400)]
Merge pull request #1522 from brauner/2017-04-22/lxc_issue_template
create ISSUE_TEMPLATE.md
Christian Brauner [Sat, 22 Apr 2017 16:38:44 +0000 (18:38 +0200)]
create ISSUE_TEMPLATE.md
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 22 Apr 2017 12:01:59 +0000 (14:01 +0200)]
utils: use loop device helpers from LXD
Use the loop device helpers I wrote for LXD in LXC as well. They should be more
efficient.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 22 Apr 2017 11:22:16 +0000 (13:22 +0200)]
conf: non-functional changes
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Sat, 22 Apr 2017 01:12:43 +0000 (21:12 -0400)]
Merge pull request #1519 from brauner/2017-04-21/setup_pts
conf: use bind-mount for /dev/ptmx
Christian Brauner [Fri, 21 Apr 2017 22:14:15 +0000 (00:14 +0200)]
conf: use bind-mount for /dev/ptmx
AppArmor will refuse on /dev/ptmx being a symlink.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 21 Apr 2017 20:37:27 +0000 (22:37 +0200)]
conf: non-functional changes to setup_pts()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Serge Hallyn [Wed, 19 Apr 2017 00:36:38 +0000 (19:36 -0500)]
Merge pull request #1514 from brauner/2017-04-18/autoconf_cap_get_file
autotools: check for cap_get_file
Christian Brauner [Tue, 18 Apr 2017 22:58:46 +0000 (00:58 +0200)]
caps: return false if caps are not supported
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 18 Apr 2017 22:05:24 +0000 (00:05 +0200)]
autotools: check for cap_get_file
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Tue, 18 Apr 2017 20:00:19 +0000 (16:00 -0400)]
Merge pull request #1513 from brauner/2017-04-17/skip_cap_get_file_on_android
caps: skip file capability checks on android
Christian Brauner [Mon, 17 Apr 2017 21:23:26 +0000 (23:23 +0200)]
caps: skip file capability checks on android
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 17 Apr 2017 15:09:06 +0000 (17:09 +0200)]
Merge pull request #1512 from 0x0916/fix-comment
attach|unshare: fix the wrong comment
0x0916 [Mon, 17 Apr 2017 14:57:41 +0000 (22:57 +0800)]
attach|unshare: fix the wrong comment
Signed-off-by: 0x0916 <w@laoqinren.net>
Christian Brauner [Mon, 17 Apr 2017 08:21:12 +0000 (10:21 +0200)]
Merge pull request #1511 from evgeni/typo
fix typo introduced in #1509
Evgeni Golov [Mon, 17 Apr 2017 08:04:57 +0000 (10:04 +0200)]
fix typo introduced in #1509
Signed-off-by: Evgeni Golov <evgeni@debian.org>
Serge Hallyn [Sun, 16 Apr 2017 15:20:50 +0000 (10:20 -0500)]
Merge pull request #1509 from brauner/2017-04-15/improve_lxc_id_map
idmap improvements
Christian Brauner [Sun, 16 Apr 2017 12:51:28 +0000 (14:51 +0200)]
Merge pull request #1510 from 0x0916/fix-ls
ls: simplify the judgment condition when list active containers
0x0916 [Sun, 16 Apr 2017 02:34:08 +0000 (10:34 +0800)]
ls: simplify the judgment condition when list active containers
Signed-off-by: 0x0916 <w@laoqinren.net>
Christian Brauner [Sat, 15 Apr 2017 16:16:31 +0000 (18:16 +0200)]
conf: improve log when mounting rootfs
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 15 Apr 2017 11:50:27 +0000 (13:50 +0200)]
conf: check for {filecaps,setuid} on new{g,u}idmap
The new{g,u}idmap binaries where a source of trouble for users when they lacked
sufficient privileges. This commit adds code to check for sufficient privilege.
It checks whether new{g,u}idmap is root owned and has the setuid bit set and if
it doesn't it checks whether new{g,u}idmap is root owned and has CAP_SETUID in
its CAP_PERMITTED and CAP_EFFECTIVE set.
Closes #296.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 15 Apr 2017 13:00:14 +0000 (15:00 +0200)]
caps: add lxc_{proc,file}_cap_is_set()
Add two new helpers that allow to determine whether a given proc or file has a
capability in the given set and move lxc_cap_is_set() to static function that
both call internally.
Closes #296.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 15 Apr 2017 11:25:59 +0000 (13:25 +0200)]
conf: lxc_map_ids() non-functional changes
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Fri, 14 Apr 2017 22:47:15 +0000 (18:47 -0400)]
Merge pull request #1508 from brauner/2017-04-14/add_prlimit_implementation_for_bionic
android: add prlimit implementation for 32bit
Christian Brauner [Fri, 14 Apr 2017 21:25:11 +0000 (23:25 +0200)]
android: add prlimit implementation for 32bit
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 11 Apr 2017 15:10:57 +0000 (17:10 +0200)]
Merge pull request #1504 from Blub/limits-fixup
start: fix error handling when limits fail to apply
Wolfgang Bumiller [Tue, 11 Apr 2017 14:42:01 +0000 (16:42 +0200)]
start: fix error handling when limits fail to apply
(The code was moved here from the child side of the startup
without adapting the error case.)
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Christian Brauner [Tue, 11 Apr 2017 14:35:06 +0000 (16:35 +0200)]
Merge pull request #1276 from Blub/limits
Resource Limits
Wolfgang Bumiller [Fri, 23 Dec 2016 12:10:01 +0000 (13:10 +0100)]
conf: less error prone pointer access
These functions define pointer to their key shifted by a
number and guard access to it later via another variable.
Let's make this more explicit (and additionally have the
pointer be NULL in the case where it is not supposed to be
used).
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Fri, 4 Nov 2016 10:45:47 +0000 (11:45 +0100)]
test: resource limit config entries
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Fri, 4 Nov 2016 11:03:28 +0000 (12:03 +0100)]
doc: add lxc.limit to lxc.container.conf
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Fri, 4 Nov 2016 09:19:07 +0000 (10:19 +0100)]
conf: implement resource limits
This adds lxc.limit.<name> options consisting of one or two
colon separated numerical values (soft and optional hard
limit). If only one number is specified it'll be used for
both soft and hard limit. Additionally the word 'unlimited'
can be used instead of numbers.
Eg.
lxc.limit.nofile = 30000:32768
lxc.limit.stack = unlimited
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Christian Brauner [Sat, 8 Apr 2017 04:18:43 +0000 (06:18 +0200)]
Merge pull request #1501 from jgillich/patch-1
remove obsolete note about api stability
Jakob Gillich [Sat, 8 Apr 2017 01:05:40 +0000 (03:05 +0200)]
remove obsolete note about api stability
Signed-off-by: Jakob Gillich <jakob@gillich.me>
Stéphane Graber [Fri, 7 Apr 2017 16:09:54 +0000 (12:09 -0400)]
Merge pull request #1500 from BegBlev/1498
make Alpine template more POSIX shell friendly #1498
Vincent Catros [Fri, 7 Apr 2017 15:14:44 +0000 (17:14 +0200)]
avoid assigning to a variable which is not POSIX shell proof (bug #1498)
Signed-off-by: Vincent Catros <vincent.catros@laposte.net>
Stéphane Graber [Thu, 30 Mar 2017 16:26:27 +0000 (12:26 -0400)]
Merge pull request #1494 from d4s/lxcinfo
Increased buffer length in print_stats()
Stéphane Graber [Thu, 30 Mar 2017 16:11:19 +0000 (12:11 -0400)]
Merge pull request #1493 from t-fohrer/t-fohrer-patch-4
Avoid waiting for bridge interface on bootup
Denis Pynkin [Thu, 30 Mar 2017 15:31:48 +0000 (18:31 +0300)]
Increased buffer length in print_stats()
Some "/sys" entries exceeds buffer size.
This results to some statistics loss ('BlkIO' in particular):
wc -c /sys/fs/cgroup/blkio/lxc/alt/blkio.throttle.io_service_bytes
318 /sys/fs/cgroup/blkio/lxc/alt/blkio.throttle.io_service_bytes
Signed-off-by: Denis Pynkin <dans@altlinux.org>
Torsten Fohrer [Thu, 30 Mar 2017 09:55:28 +0000 (11:55 +0200)]
Avoid waiting for bridge interface if disabled in sysconfig/lxc | lxc-net via USE_LXC_BRIDGE
Signed-off-by: Torsten Fohrer <tfohrer@googlemail.com>
Stéphane Graber [Thu, 23 Mar 2017 21:49:56 +0000 (17:49 -0400)]
Merge pull request #1432 from brauner/2017-02-15/fix_lxc_execute_return_code
tools: exit with return code of lxc_execute()
Christian Brauner [Thu, 23 Mar 2017 21:22:10 +0000 (22:22 +0100)]
Makefile: fix static clang init.lxc build
Signed-off-by: Serge Hallyn <serge@hallyn.com>
Stéphane Graber [Thu, 23 Mar 2017 15:43:58 +0000 (11:43 -0400)]
Merge pull request #1487 from t-fohrer/t-fohrer-patch-3
Keep veth.pair.name on network shutdown
Torsten Fohrer [Thu, 23 Mar 2017 13:58:33 +0000 (14:58 +0100)]
Keep veth.pair.name on network shutdown
In case of a container that is rebooting, freeing veth.pair.name here results in losing given veth.pair name
(Only if given lxc_netdev is reused).
Signed-off-by: Torsten Fohrer <tfohrer@googlemail.com>
Christian Brauner [Wed, 22 Mar 2017 21:30:36 +0000 (22:30 +0100)]
Merge pull request #1486 from stgraber/master
fedora: Fix i386 handling
Stéphane Graber [Wed, 22 Mar 2017 21:18:47 +0000 (17:18 -0400)]
fedora: Fix i386 handling
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Stéphane Graber [Wed, 22 Mar 2017 04:38:34 +0000 (00:38 -0400)]
Merge pull request #1483 from johnchen902/patch-1
Fix opening wrong file in suggest_default_idmap
John Chen [Wed, 22 Mar 2017 03:03:59 +0000 (11:03 +0800)]
Fix opening wrong file in suggest_default_idmap
Fixing the typo making `suggest_default_idmap` open `subuidfile`
instead of `subgidfile` to read subgid information.
Signed-off-by: Pochang Chen <johnchen902@gmail.com>
Stéphane Graber [Tue, 21 Mar 2017 23:19:50 +0000 (19:19 -0400)]
Merge pull request #1479 from brauner/2017-03-20/sysmacro
tree-wide: include <sys/sysmacros.h> directly
Christian Brauner [Tue, 21 Mar 2017 21:18:16 +0000 (22:18 +0100)]
Merge pull request #1482 from stgraber/master
tests: Support running on IPv6 networks
Stéphane Graber [Tue, 21 Mar 2017 20:35:44 +0000 (16:35 -0400)]
tests: Kill containers (don't wait for shutdown)
We waste a lot of time waiting for Ubuntu containers to cleanly stop
right before we destroy them anyway.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Stéphane Graber [Tue, 21 Mar 2017 20:23:27 +0000 (16:23 -0400)]
tests: Support running on IPv6 networks
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Christian Brauner [Tue, 21 Mar 2017 11:03:16 +0000 (12:03 +0100)]
tree-wide: include <sys/sysmacros.h> directly
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Mon, 20 Mar 2017 15:10:57 +0000 (11:10 -0400)]
Merge pull request #1476 from brauner/2017-03-20/sysmacro
tree-wide: include <sys/sysmacros.h> directly
Christian Brauner [Mon, 20 Mar 2017 14:42:50 +0000 (15:42 +0100)]
tree-wide: include <sys/sysmacros.h> directly
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Sun, 19 Mar 2017 19:01:21 +0000 (15:01 -0400)]
Merge pull request #1474 from evgeni/no-default-passwords
don't set a default password for altlinux, gentoo, openmandriva and pld
Stéphane Graber [Sun, 19 Mar 2017 19:00:03 +0000 (15:00 -0400)]
Merge pull request #1473 from taikedz/keyservfix
Allow setting the key server as an environment variable
Evgeni Golov [Sun, 19 Mar 2017 17:47:17 +0000 (18:47 +0100)]
don't set a default password for altlinux, gentoo, openmandriva and pld
Refs: #1158
Signed-off-by: Evgeni Golov <evgeni@debian.org>
Tai Kedzierski [Sun, 19 Mar 2017 17:28:26 +0000 (17:28 +0000)]
Change variable check to match existing style
Signed-off-by: Tai Kedzierski <dch.tai@gmail.com>
Tai Kedzierski [Sun, 19 Mar 2017 09:27:42 +0000 (09:27 +0000)]
lxc-download.in / Document keyserver change in help
Signed-off-by: Tai Kedzierski <dch.tai@gmail.com>
Tai Kedzierski [Sun, 19 Mar 2017 09:21:29 +0000 (09:21 +0000)]
lxc-download.in / allow setting keyserver from env
Checks if DOWNLOAD_KEYSERVER has already been set in the environment before setting a value
Signed-off-by: Tai Kedzierski <dch.tai@gmail.com>
Christian Brauner [Fri, 17 Mar 2017 09:45:10 +0000 (10:45 +0100)]
Merge pull request #1468 from stgraber/master
python3: Deal with potential NULL char*
Stéphane Graber [Fri, 17 Mar 2017 08:52:41 +0000 (09:52 +0100)]
python3: Deal with potential NULL char*
Closes #1466
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Stéphane Graber [Wed, 15 Mar 2017 23:41:13 +0000 (19:41 -0400)]
Merge pull request #1433 from rjmccabe3701/bugfix/run-within-docker
Added 'mkdir -p' functionality in create_or_remove_cgroup
Stéphane Graber [Wed, 15 Mar 2017 23:10:36 +0000 (19:10 -0400)]
Merge pull request #1465 from geaaru/lxc-sabayon-unpriv
[lxc-sabayon] Disable _unprivileged_shift_owner for create unprivileg…
Geaaru [Tue, 14 Mar 2017 14:57:50 +0000 (15:57 +0100)]
[lxc-sabayon] Disable _unprivileged_shift_owner for create unprivileged container images for lxd and lxc-download.
Signed-off-by: Geaaru <geaaru@gmail.com>
Stéphane Graber [Wed, 15 Mar 2017 00:47:21 +0000 (20:47 -0400)]
Merge pull request #1463 from armchair-philosophy/up_templates_arch
[templates] archlinux: resolve conflicting files
otofune [Wed, 15 Mar 2017 00:36:57 +0000 (09:36 +0900)]
[templates] archlinux: noneed default_timezone variable
Signed-off-by: otofune <otofune@gmail.com>
otofune [Wed, 15 Mar 2017 00:09:17 +0000 (09:09 +0900)]
[templates] archlinux: resolve conflicting files
- already found /etc/localtime
- duplicate creation /etc/resolv.conf
Signed-off-by: otofune <otofune@gmail.com>
Christian Brauner [Tue, 14 Mar 2017 19:41:25 +0000 (20:41 +0100)]
Merge pull request #1462 from hallyn/2017-03-14/checknewuidmap
lxc-checkconfig: verify new[ug]idmap are setuid-root
Serge Hallyn [Tue, 14 Mar 2017 18:16:48 +0000 (13:16 -0500)]
lxc-checkconfig: verify new[ug]idmap are setuid-root
Signed-off-by: Serge Hallyn <serge@hallyn.com>
Christian Brauner [Tue, 14 Mar 2017 18:01:08 +0000 (19:01 +0100)]
Merge pull request #1461 from jirutka/alpine
lxc-alpine: few modifications
Jakub Jirutka [Tue, 14 Mar 2017 16:35:46 +0000 (17:35 +0100)]
lxc-alpine: use dl-cdn.a.o as default mirror instead of random one
Some mirrors from the mirrors list are not very reliable and it seems
that no one really wants to use some random mirror as the default
option.
Signed-off-by: Jakub Jirutka <jakub@jirutka.cz>
Jakub Jirutka [Tue, 14 Mar 2017 16:28:47 +0000 (17:28 +0100)]
lxc-alpine: add community repository to default repositories
Signed-off-by: Jakub Jirutka <jakub@jirutka.cz>
Christian Brauner [Tue, 14 Mar 2017 13:36:02 +0000 (14:36 +0100)]
Merge pull request #1460 from stgraber/master
Patch from Harald Dunkel + tweak
Stéphane Graber [Tue, 14 Mar 2017 12:44:35 +0000 (12:44 +0000)]
Fix mixed tab/spaces in previous patch
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Harald Dunkel [Tue, 14 Mar 2017 12:42:15 +0000 (12:42 +0000)]
Fix lxc-containers to support multiple bridges
Signed-off-by: Harald Dunkel <harald.dunkel@aixigo.de>
Serge Hallyn [Sun, 12 Mar 2017 21:18:06 +0000 (16:18 -0500)]
Merge pull request #1458 from brauner/2017-01-28/lxc_user_nic_ensure_target_netns_is_caller_owned
lxc-user-nic: improvements
Christian Brauner [Sat, 11 Mar 2017 12:12:52 +0000 (13:12 +0100)]
conf: only try to delete veth when privileged
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 11 Mar 2017 11:11:40 +0000 (12:11 +0100)]
lxc-user-nic: delete link on failure
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 29 Jan 2017 15:34:22 +0000 (16:34 +0100)]
lxc-user-nic: improve + bugfix
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 29 Jan 2017 14:34:42 +0000 (15:34 +0100)]
lxc-user-nic: re-order #includes
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 28 Jan 2017 12:02:34 +0000 (13:02 +0100)]
CVE-2017-5985: Ensure target netns is caller-owned
Before this commit, lxc-user-nic could potentially have been tricked into
operating on a network namespace over which the caller did not hold privilege.
This commit ensures that the caller is privileged over the network namespace by
temporarily dropping privilege.
Launchpad: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/
1654676
Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 6 Mar 2017 21:43:06 +0000 (22:43 +0100)]
Merge pull request #1453 from hallyn/2017-03-06/seccomp
seccomp: set SCMP_FLTATR_ATL_TSKIP if available
Serge Hallyn [Mon, 6 Mar 2017 19:36:19 +0000 (13:36 -0600)]
seccomp: set SCMP_FLTATR_ATL_TSKIP if available
Newer libseccomp has a flag called SCMP_FLTATR_ATL_TSKIP which
allows syscall '-1' (nop) to be executed. Without that flag,
debuggers cannot skip system calls inside containers. For reference,
see the seccomp(2) manpage, which says:
The tracer can skip the system call by changing the system call number to -1.
and see the seccomp issue #80
Signed-off-by: Serge Hallyn <serge@hallyn.com>
Serge Hallyn [Fri, 3 Mar 2017 00:16:16 +0000 (18:16 -0600)]
Merge pull request #1449 from brauner/2017-03-03/fix_trim
cgfsng: make trim() safer
Christian Brauner [Thu, 2 Mar 2017 23:33:40 +0000 (00:33 +0100)]
cgfsng: make trim() safer
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Mon, 27 Feb 2017 16:50:21 +0000 (11:50 -0500)]
Merge pull request #1447 from brauner/2017-02-27/fix_logging_timestamps
log: fix lxc_unix_epoch_to_utc()
Christian Brauner [Mon, 27 Feb 2017 15:02:24 +0000 (16:02 +0100)]
log: fix lxc_unix_epoch_to_utc()
The conversion algorithm used uses a clever trick by letting a year start at 1
March. So we need to add 1 for January and February.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Sun, 26 Feb 2017 16:12:43 +0000 (11:12 -0500)]
Merge pull request #1445 from brauner/2017-02-26/dumb_down_invalid_sigchld_warning
start: dumb down SIGCHLD from WARN() to NOTICE()
Christian Brauner [Sun, 26 Feb 2017 11:51:30 +0000 (12:51 +0100)]
start: dumb down SIGCHLD from WARN() to NOTICE()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 25 Feb 2017 02:02:41 +0000 (03:02 +0100)]
Merge pull request #1417 from zorun/master
debian template: Allow to embed a SSH public key in the new container
Christian Brauner [Thu, 23 Feb 2017 21:16:32 +0000 (22:16 +0100)]
Merge pull request #1444 from evgeni/kill-squeeze
squeeze is not a supported release anymore, drop the key
Evgeni Golov [Thu, 23 Feb 2017 21:03:40 +0000 (22:03 +0100)]
squeeze is not a supported release anymore, drop the key
Signed-off-by: Evgeni Golov <evgeni@debian.org>
Stéphane Graber [Thu, 23 Feb 2017 17:47:10 +0000 (12:47 -0500)]
Merge pull request #1442 from mkeeler/master
Fix issue with the clonehostname hook not working for overlayfs snapshot clones
Matt Keeler [Wed, 22 Feb 2017 20:57:59 +0000 (15:57 -0500)]
Use LXC_ROOTFS_MOUNT in clonehostname hook
Previously this hook did not work when cloning containers using an overlayfs snapshot as the LXC_ROOTFS_PATH didn't point to the actual filesystem that the container would see. LXC_ROOTFS_MOUNT should be used instead and in fact lxc.container.conf man page says that you usually would want to use the _MOUNT variant.
Signed-off-by: Matt Keeler <mjkeeler7@gmail.com>
Christian Brauner [Wed, 22 Feb 2017 17:29:41 +0000 (18:29 +0100)]
Merge pull request #1441 from tych0/only-do-bind-mounts
c/r: only supply --ext-mount-map for bind mounts
Christian Brauner [Sun, 19 Feb 2017 22:13:31 +0000 (23:13 +0100)]
Merge pull request #1438 from stgraber/master
lxc-download: Bump compat level to 4