]>
2021-02-02 | Christian Brauner | cgroups: switch controller delegation to fd-only operations Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-02-02 | Christian Brauner | cgroups: add unified_cgroup_fd() helper Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-02-02 | Christian Brauner | file_utils: harden lxc_writeat() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-02-02 | Christian Brauner | file_utils: harden lxc_open_dirfd() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-02-02 | Christian Brauner | syscall_wrappers: add PROTECT_OPEN_W_* variants Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-02-02 | Christian Brauner | memory_utils: add close_prot_errno_mov() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-02-02 | Christian Brauner | attach: move loading seccomp as late as possible Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-02-02 | Christian Brauner | attach: move file descriptor closing into attach_context_con... Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-02-02 | Christian Brauner | attach: stricter lookup semantics for fdopen_at() calls Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-02-01 | Christian Brauner | confile_utils: use lxc_log_trace() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-02-01 | Christian Brauner | conf: use lxc_log_trace() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-02-01 | Christian Brauner | commands_utils: don't leak memory Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-02-01 | Christian Brauner | attach: use correct put method Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-02-01 | Christian Brauner | attach: prevent UAF Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-02-01 | Christian Brauner | attach: file descriptor based fdinfo handling Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-02-01 | Christian Brauner | file_utils: remove O_NOFOLLOW from open_at() defaults Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-02-01 | Christian Brauner | lsm: harden read_file_at() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-02-01 | Christian Brauner | tree-wide: extend read_file_at() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-02-01 | Christian Brauner | attach: harden open calls Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-02-01 | Christian Brauner | syscall_wrappers: add PROTECT_LOOKUP, PROTECT_OPEN... Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-02-01 | Christian Brauner | file_utils: add open_at() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-02-01 | Christian Brauner | cgroups: initialize variable Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-02-01 | Christian Brauner | cgroups: remove pointless NULL checks Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-02-01 | Christian Brauner | attach: stash host uid and host gid in attach_context Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-02-01 | Christian Brauner | attach: fix error checking for dup2() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-02-01 | Christian Brauner | attach: fix logging for stdfd replacement Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-02-01 | Christian Brauner | attach: log failues to dup2() with SYSDEBUG() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-02-01 | Christian Brauner | utils: use SYSTRACE() when logging stdio permission... Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-02-01 | Christian Brauner | attach: document attach_context Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-02-01 | Christian Brauner | attach: simplify opening of /proc/self Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-02-01 | Christian Brauner | attach: move uid and gid handling to get_attach_context() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-02-01 | Christian Brauner | attach: initialize init_pid field to -ESRCH Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-02-01 | Christian Brauner | attach: unifiy /proc/<init-pid>/status parsing Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-02-01 | Christian Brauner | file_utils: add fdopenat() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-31 | Christian Brauner | lsm/apparmor: cleanup apparmor_process_label_set() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-31 | Christian Brauner | attach: hardening through use of pidfds Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-31 | Christian Brauner | attach: file descriptors based LSM handling Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-31 | Christian Brauner | cgroups: align methods Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-30 | Christian Brauner | cgroups: use PTR_TO_U64() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-30 | Christian Brauner | attach: don't needless check for NULL Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-30 | Christian Brauner | log: add lxc_log_trace() helper Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-30 | Christian Brauner | cgroups: use bpf log when logging at trace level Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-30 | Christian Brauner | seccomp: use lxc_log_get_level() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-30 | Christian Brauner | log: rework lxc_log_get_level() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-30 | Christian Brauner | cgroups: use cleanup macro for consistency Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-30 | Christian Brauner | cgroups: vet parameters more strictly Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-30 | Christian Brauner | seccomp: use lxc_log_get_fd() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-30 | Christian Brauner | log: add lxc_log_get_fd() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-30 | Christian Brauner | log: remove pointless inline Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-30 | Christian Brauner | cgroups: tweak cgroup initialization Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-30 | Christian Brauner | cgroups: use zalloc Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-30 | Christian Brauner | cgroups: ensure all memory is zeroed Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-30 | Christian Brauner | cgroups: don't initiliaze NULL log Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-30 | Christian Brauner | cgroups: coding style fixes Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-30 | Christian Brauner | croups: improve __do_bpf_program_free Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-30 | Christian Brauner | cgroups: bpf fixes Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-29 | Christian Brauner | attach: init file descriptors to -EBADF Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-29 | Christian Brauner | attach: move to file descriptor only namespace interactions Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-29 | Christian Brauner | attach: move to file descriptor-only interactions Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-29 | Christian Brauner | attach: rework attaching to namespace fds Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-29 | Christian Brauner | attach: remove unneeded assignment Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-29 | Christian Brauner | attach: use STDIN_FILENO instead of hard-coding 0 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-29 | Christian Brauner | attach: move new_cwd into tighter scope Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-29 | Christian Brauner | attach: use dummy macros to make it easier to follow... Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-29 | Christian Brauner | attach: introduce sync_wait_fd() and sync_wake_fd() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-29 | Christian Brauner | sync: make all sync helpers return bool Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-29 | Christian Brauner | attach: introduce sync_wait_pid() and sync_wake_pid() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-29 | Christian Brauner | attach: use sync_wait()/sync_wake() where applicable Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-29 | Christian Brauner | sync: rename startup synchronization macros Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-29 | Christian Brauner | sync: export sync_wait() and sync_wake() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-29 | Christian Brauner | attach: coding style fixes Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-29 | Christian Brauner | attach: rename attach_clone_payload to attach_payload Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-29 | Christian Brauner | attach: move attach_clone_payload into tighter scope Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-29 | Christian Brauner | attach: s/close/close_prot_errno_disarm/g Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-29 | Christian Brauner | configure: fix static builds with clang-12 and LTO Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-29 | Christian Brauner | attach: move getcwd() into tighter scope Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-29 | Christian Brauner | attach: remove obsolete namespace check Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-29 | Christian Brauner | attach: fix personality handling Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-29 | Christian Brauner | lsm: s/lsm_init/lsm_init_static/g Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-28 | Christian Brauner | attach: s/lxc_attach_drop_privs/drop_capabilities/g Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-28 | Christian Brauner | attach: s/lxc_proc_close_ns_fd/close_nsfds/g Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-28 | Christian Brauner | attach: add get_attach_context_nsfds() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-28 | Christian Brauner | attach: move config init into get_attach_context() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-28 | Christian Brauner | attach: move get_personality() into get_attach_context() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-28 | Christian Brauner | attach: move lxc_cmd_get_init_pid() int get_attach_context() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-28 | Christian Brauner | attach: split attach_context into allocation and initialization Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-28 | Christian Brauner | attach: s/calloc/zalloc/g Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-28 | Christian Brauner | attach: rename attach_context helpers Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-28 | Christian Brauner | attach: s/lxc_proc_context_info/attach_context/g Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-28 | Christian Brauner | attach: move lxc_proc_context_info to file local scope Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-28 | Christian Brauner | attach: order variables correctly Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-28 | Christian Brauner | attach: coding style fixes Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-27 | Christian Brauner | attach: add some DEBUG() logging to stdfd dpulication Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-27 | Christian Brauner | attach: use close_prot_errno_disarm() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-27 | Christian Brauner | attach: make do_attach() void Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-27 | Christian Brauner | attach: mark do_attach() as __noreturn Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-27 | Christian Brauner | attach: s/attach_child_main/do_attach/g Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-27 | Christian Brauner | attach: use free_disarm() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-27 | Christian Brauner | attach: coding style fixes Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
2021-01-27 | Christian Brauner | attach: use __do_close for labelfd Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
commit | commitdiff | tree |
next |