]>
git.proxmox.com Git - mirror_lxc.git/log
Stéphane Graber [Fri, 28 Sep 2018 12:13:47 +0000 (14:13 +0200)]
Merge pull request #2658 from brauner/2018-09-28/keyctl
utils: add lxc_setup_keyring()
Christian Brauner [Fri, 28 Sep 2018 11:14:25 +0000 (13:14 +0200)]
utils: add lxc_setup_keyring()
Allocate a new keyring if we can to prevent information leak.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 28 Sep 2018 11:29:58 +0000 (13:29 +0200)]
configure: fix -Wimplicit-fallthrough check
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Fri, 28 Sep 2018 10:32:02 +0000 (12:32 +0200)]
Merge pull request #2657 from ssup2/master
oci-template: Add logic for no /etc/passwd, group
Jungsub Shin [Fri, 28 Sep 2018 10:21:08 +0000 (19:21 +0900)]
oci-template: Add logic for no /etc/passwd, group
OCI image spec dosen't specify action when there is
no /etc/passwd or /etc/group. So if there is no
/etc/passwd with string user info, set uid to 0. If there
is no /etc/group with string group info, set gid to 0.
Signed-off-by: Jungsub Shin jungsub_shin@tmax.co.kr
Stéphane Graber [Fri, 28 Sep 2018 10:13:39 +0000 (12:13 +0200)]
Merge pull request #2656 from brauner/2018-09-28/fix_btrfs_regression
btrfs: fix btrfs containers
Christian Brauner [Fri, 28 Sep 2018 09:24:46 +0000 (11:24 +0200)]
btrfs: fix btrfs containers
Closes #2612.
Closes #2655.
Fixes: 9de31d5a1394 ("tree-wide: s/strncpy()/strlcpy()/g")
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Fri, 28 Sep 2018 08:35:51 +0000 (10:35 +0200)]
Merge pull request #2629 from ssup2/master
template: oci template supports for char user info
Jungsub Shin [Fri, 21 Sep 2018 06:29:37 +0000 (15:29 +0900)]
template: oci template supports for char user info
oci template changes character user info to uid, gid
according to OCI image spec.
Signed-off-by: Jungsub Shin jungsub_shin@tmax.co.kr
Stéphane Graber [Thu, 27 Sep 2018 12:30:57 +0000 (14:30 +0200)]
Merge pull request #2653 from brauner/2018-09-27/minor_tweaks
cgroups: tweaks
Christian Brauner [Thu, 27 Sep 2018 11:36:17 +0000 (13:36 +0200)]
cgroup: make monitor_pattern const
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 27 Sep 2018 11:35:34 +0000 (13:35 +0200)]
cgfsng: log cgroup names for monitor and container
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Wolfgang Bumiller [Thu, 27 Sep 2018 11:12:56 +0000 (13:12 +0200)]
Merge pull request #2643 from brauner/2018-09-23/cgroup_scoping_fixes
cgroups: implement monitor cgroup deletion
Stéphane Graber [Thu, 27 Sep 2018 07:51:48 +0000 (03:51 -0400)]
Merge pull request #2652 from brauner/lxc/master
tree-wide: fix includes to fix bionic builds
Christian Brauner [Wed, 26 Sep 2018 22:51:59 +0000 (00:51 +0200)]
tree-wide: fix includes to fix bionic builds
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Wed, 26 Sep 2018 17:17:19 +0000 (13:17 -0400)]
Merge pull request #2649 from brauner/lxc/master
netns_ifaddrs: fix missing include
Christian Brauner [Wed, 26 Sep 2018 16:30:31 +0000 (18:30 +0200)]
Merge pull request #2650 from tenforward/japanese
doc: Add -u and -g args to Japanese lxc-attach(1) and lxc-execute(1)
KATOH Yasufumi [Wed, 26 Sep 2018 16:17:04 +0000 (01:17 +0900)]
doc: Add -u and -g args to Japanese lxc-attach(1) and lxc-execute(1)
Update for commit
ddd51fd and
0840104
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Christian Brauner [Wed, 26 Sep 2018 16:14:46 +0000 (18:14 +0200)]
netns_ifaddrs: fix missing include
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Wed, 26 Sep 2018 14:44:51 +0000 (10:44 -0400)]
Merge pull request #2648 from brauner/2018-09-26/compiler_attributes
compiler: add __hot attribute
Stéphane Graber [Wed, 26 Sep 2018 14:44:36 +0000 (10:44 -0400)]
Merge pull request #2647 from brauner/2018-09-23/noreturn_android
compiler: fix __noreturn on bionic
Christian Brauner [Wed, 26 Sep 2018 12:52:27 +0000 (14:52 +0200)]
compiler: add __hot attribute
This instructs the compiler to better optimize the config parsing code.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 26 Sep 2018 12:38:41 +0000 (14:38 +0200)]
compiler: fix __noreturn on bionic
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 26 Sep 2018 12:16:10 +0000 (14:16 +0200)]
cgfsng: do not go into infinite loop
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 26 Sep 2018 12:13:05 +0000 (14:13 +0200)]
cgfsng: s/25/INTTYPE_TO_STRLEN(pid_t)/g
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 24 Sep 2018 09:04:04 +0000 (11:04 +0200)]
cgfsng: ensure no-reuse in cgfsng_monitor_create()
The same way we need to ensure that no existing cgroups are reused for
the payload in cgfsng_payload_create() we need to ensure that no
existing cgroups are reused for the monitor. Technially this is less of
an issue since there currently is no logic for the monitor to apply
limits to its cgroup but it is still the proper way to do it.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 23 Sep 2018 22:14:22 +0000 (00:14 +0200)]
cgroups: introduce helper macros
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 23 Sep 2018 18:11:56 +0000 (20:11 +0200)]
cgfsng: add cgfsng_monitor_destroy()
Since we switched to the new cgroup scoping scheme that places the
container payload into lxc.payload/<container-name> and
lxc.monitor/<container-name> deletion becomes slightly more complicated.
The monitor will be able to rm_rf(lxc.payload/<container-name>) but will
not be able to rm_rf(lxc.monitor/<container-name>) since it will be
located in that cgroup and it will thus be populated.
My current solution to this is to create a lxc.pivot cgroup that only
exists so that the monitor process on container stop can pivot into it,
call rm_rf(lxc.monitor/<container-name>) and can then exit. This group
has not function whatsoever apart from this and can thus be shared by
all monitor processes.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 23 Sep 2018 15:55:27 +0000 (17:55 +0200)]
cgfsng: s/cgfsng_destroy/cgfsng_payload_destroy/g
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Tue, 25 Sep 2018 18:46:21 +0000 (14:46 -0400)]
Merge pull request #2618 from CameronNemo/lxcmountroot
apparmor: account for specified rootfs path (closes #2617)
Stéphane Graber [Mon, 24 Sep 2018 21:35:03 +0000 (23:35 +0200)]
Merge pull request #2646 from brauner/2018-09-24/cgroup_tweaks
cgfsng: set errno to ENOENT on get_hierarchy()
Christian Brauner [Mon, 24 Sep 2018 20:58:45 +0000 (22:58 +0200)]
cgfsng: set errno to ENOENT on get_hierarchy()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 24 Sep 2018 20:07:34 +0000 (22:07 +0200)]
doc: tweak documentation a little
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 24 Sep 2018 19:35:15 +0000 (21:35 +0200)]
Merge pull request #2645 from stgraber/master
stop: Only freeze if freezer is available
Stéphane Graber [Mon, 24 Sep 2018 18:41:37 +0000 (14:41 -0400)]
stop: Only freeze if freezer is available
Closes #2644
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Stéphane Graber [Sun, 23 Sep 2018 22:35:21 +0000 (00:35 +0200)]
Merge pull request #2640 from brauner/2018-09-23/netns_getifaddrs
network: add netns_getifaddrs() implementation
Christian Brauner [Sun, 23 Sep 2018 19:00:28 +0000 (21:00 +0200)]
autotools: fix lxc_user_nic build
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 23 Sep 2018 18:50:54 +0000 (20:50 +0200)]
netns_ifaddrs: mark casts as safe
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 23 Sep 2018 13:40:20 +0000 (15:40 +0200)]
tree_wide: switch to netns_getifaddrs()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 23 Sep 2018 13:29:22 +0000 (15:29 +0200)]
network: add netns_getifaddrs() implementation
This commit introduces my concept of a network namespace aware
getifaddrs(), i.e. netns_getifaddrs(). This presupposes a kernel that
carries my IF{L}A_TARGET_NETNSID patches:
struct netns_ifaddrs {
struct netns_ifaddrs *ifa_next;
/* Can - but shouldn't be - NULL. */
char *ifa_name;
/* This field is not present struct ifaddrs. */
int ifa_ifindex;
unsigned ifa_flags;
/* This field is not present struct ifaddrs. */
int ifa_mtu;
/* This field is not present struct ifaddrs. */
int ifa_prefixlen;
struct sockaddr *ifa_addr;
struct sockaddr *ifa_netmask;
union {
struct sockaddr *ifu_broadaddr;
struct sockaddr *ifu_dstaddr;
} ifa_ifu;
/* If you don't know what this is for don't touch it. */
void *ifa_data;
};
which is a superset of struct ifaddrs. It contains additional
information such as the mtu, ifindex of the interface and the prefix
length of the address.
Note that the field ordering is different. So don't get any ideas of
using memcpy() to copy from an old struct ifaddrs into a struct
netns_ifaddrs.
int netns_getifaddrs(struct netns_ifaddrs **ifap, __s32 netns_id, bool *netnsid_aware)
takes a network namespace identifier as argument which identifies the
target network namespace.
If successfull, i.e. netns_getifaddrs() returns 0, callers should check
the bool *netnsid_aware return argument. If it is true then
RTM_GET{ADDR,LINK} requests are fully netnsid aware. If it is false then
they are not and the information returned in struct netns_ifaddrs does
*not* contain correct information about the target network namespace
identified by netnsid.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Sun, 23 Sep 2018 18:43:56 +0000 (20:43 +0200)]
Merge pull request #2639 from brauner/2018-09-23/compiler_based_hardening
compiler: compiler based hardening
Stéphane Graber [Sun, 23 Sep 2018 18:43:46 +0000 (20:43 +0200)]
Merge pull request #2642 from brauner/2018-09-23/android
compiler: __attribute__((noreturn)) on bionic
Christian Brauner [Sun, 23 Sep 2018 11:19:55 +0000 (13:19 +0200)]
autotools: support -Wstrict-prototypes
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 23 Sep 2018 11:16:52 +0000 (13:16 +0200)]
autotools: support -Wcast-align
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 23 Sep 2018 18:16:12 +0000 (20:16 +0200)]
compiler: __attribute__((noreturn)) on bionic
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Sun, 23 Sep 2018 17:31:05 +0000 (19:31 +0200)]
Merge pull request #2637 from brauner/2018-09-22/bugfixes
macro: add STRLITERALLEN() and STRARRAYLEN()
Stéphane Graber [Sun, 23 Sep 2018 17:30:21 +0000 (19:30 +0200)]
Merge pull request #2641 from brauner/2018-09-23/cgroup_scoping_fixes
cgfsng: copy parent's cpu settings for monitor too
Christian Brauner [Sun, 23 Sep 2018 14:26:31 +0000 (16:26 +0200)]
cgfsng: copy parent's cpu settings for monitor too
Closes https://github.com/lxc/lxd/issues/5060.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 22 Sep 2018 09:21:04 +0000 (11:21 +0200)]
tree-wide: replace sizeof() with SIZEOF2STRLEN()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 22 Sep 2018 09:14:08 +0000 (11:14 +0200)]
macro: add STRLITERALLEN() and STRARRAYLEN()
sizeof() implementation for string literals and string arrays that makes
it behave like strlen() for strings.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 23 Sep 2018 10:35:44 +0000 (12:35 +0200)]
cgfsng: s/__cgfsng_ops__/__cgfsng_ops/g
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 22 Sep 2018 08:56:09 +0000 (10:56 +0200)]
compiler: s/__noreturn__/__noreturn/g
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 22 Sep 2018 08:53:52 +0000 (10:53 +0200)]
compiler: s/__fallthrough__/__fallthrough/g
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Sat, 22 Sep 2018 23:04:51 +0000 (01:04 +0200)]
Merge pull request #2636 from brauner/2018-09-21/fix_implicit_fallthrough
autotools: fix check for -Wimplicit-fallthrough
Christian Brauner [Sat, 22 Sep 2018 09:36:16 +0000 (11:36 +0200)]
Merge pull request #2627 from 2xsec/bugfix
conf: realpath() uses null as second parameter to prevent buffer overflow
Christian Brauner [Fri, 21 Sep 2018 21:45:33 +0000 (23:45 +0200)]
autotools: fix wrong AX_CHECK_COMPILE_FLAG test
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Serge Hallyn [Fri, 21 Sep 2018 14:54:25 +0000 (09:54 -0500)]
Merge pull request #2606 from brauner/2018-09-09/cgroup_escape
cgroups: scoping for cgroup v2
Christian Brauner [Fri, 21 Sep 2018 14:50:24 +0000 (16:50 +0200)]
cgfsng: add missing __cgfsng_ops__ attributes
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 11 Sep 2018 09:37:36 +0000 (11:37 +0200)]
tests: adapt cgroup tests to new layout
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 10 Sep 2018 14:40:18 +0000 (16:40 +0200)]
cgfsng: cgfsng_monitor_enter()
brauner@wittgenstein|~
> sudo systemctl status lxc@c1
● lxc@c1.service - LXC Container: c1
Loaded: loaded (/lib/systemd/system/lxc@.service; disabled; vendor preset: enabled)
Active: active (running) since Tue 2018-09-11 10:42:22 CEST; 38s ago
Docs: man:lxc-start
man:lxc
Process: 29855 ExecStart=/usr/bin/lxc-start -n c1 -p /run/lxc/c1.pid (code=exited, status=0/SUCCESS)
Tasks: 18 (limit: 4915)
Memory: 32.1M
CGroup: /system.slice/system-lxc.slice/lxc@c1.service
├─lxc.monitor
│ └─c1
│ └─29870 [lxc monitor] /var/lib/lxc c1
└─lxc.payload
└─c1
├─init.scope
│ └─29878 /sbin/init
└─system.slice
├─console-getty.service
│ └─30028 /sbin/agetty -o -p -- \u --noclear --keep-baud console 115200,38400,9600 linux
├─cron.service
│ └─30019 /usr/sbin/cron -f
├─dbus.service
│ └─30020 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
├─networkd-dispatcher.service
│ └─30016 /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
├─rsyslog.service
│ └─30017 /usr/sbin/rsyslogd -n
├─system-container\x2dgetty.slice
│ ├─container-getty@0.service
│ │ └─30027 /sbin/agetty -o -p -- \u --noclear --keep-baud pts/0 115200,38400,9600 vt220
│ ├─container-getty@1.service
│ │ └─30030 /sbin/agetty -o -p -- \u --noclear --keep-baud pts/1 115200,38400,9600 vt220
│ ├─container-getty@2.service
│ │ └─30026 /sbin/agetty -o -p -- \u --noclear --keep-baud pts/2 115200,38400,9600 vt220
│ └─container-getty@3.service
│ └─30029 /sbin/agetty -o -p -- \u --noclear --keep-baud pts/3 115200,38400,9600 vt220
├─systemd-journald.service
│ └─29976 /lib/systemd/systemd-journald
├─systemd-logind.service
│ └─30018 /lib/systemd/systemd-logind
├─systemd-networkd.service
│ └─29996 /lib/systemd/systemd-networkd
├─systemd-resolved.service
│ └─30014 /lib/systemd/systemd-resolved
└─systemd-udevd.service
└─29986 /lib/systemd/systemd-udevd
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 10 Sep 2018 14:28:13 +0000 (16:28 +0200)]
cgroups: add monitor_enter()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 10 Sep 2018 14:27:35 +0000 (16:27 +0200)]
cgfsng: add cgfsng_monitor_create()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 10 Sep 2018 14:27:18 +0000 (16:27 +0200)]
cgroups: add monitor_create()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 10 Sep 2018 13:51:38 +0000 (15:51 +0200)]
cgroups: add monitor_full_path member
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 10 Sep 2018 13:42:51 +0000 (15:42 +0200)]
cgroups: add monitor_cgroup member
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 10 Sep 2018 13:47:59 +0000 (15:47 +0200)]
cgroups: s/base_cgroup/container_base_path/g
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 10 Sep 2018 13:42:02 +0000 (15:42 +0200)]
cgroups: add missing string.h include
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 10 Sep 2018 13:41:11 +0000 (15:41 +0200)]
cgroups: s/fullcgpath/container_full_path/g
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 10 Sep 2018 13:24:21 +0000 (15:24 +0200)]
cgroups: switch to lxc.payload as default pattern
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 10 Sep 2018 13:12:35 +0000 (15:12 +0200)]
cgroup: rename container specific cgroup functions
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Fri, 21 Sep 2018 13:54:32 +0000 (15:54 +0200)]
Merge pull request #2635 from brauner/2018-09-21/Wimplicit-fallthrough
autotools: add -Wimplicit-fallthrough
Stéphane Graber [Fri, 21 Sep 2018 13:50:35 +0000 (15:50 +0200)]
Merge pull request #2630 from brauner/2018-09-20/remove_locking
api_extensions: introduce lxc_has_api_extension()
Christian Brauner [Fri, 21 Sep 2018 12:54:06 +0000 (14:54 +0200)]
autotools: add -Wimplicit-fallthrough
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 21 Sep 2018 08:28:34 +0000 (10:28 +0200)]
api_extensions: introduce lxc_has_api_extension()
This is modeled after LXD's API extension checks. This allows API users
to query the given LXC instance whether a given API extension is
supported.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Fri, 21 Sep 2018 13:13:16 +0000 (15:13 +0200)]
Merge pull request #2633 from brauner/2018-09-21/cgfsng_ops_attribute
cgfsng: mark ops with __cgfsng_ops__ attribute
Stéphane Graber [Fri, 21 Sep 2018 13:13:03 +0000 (15:13 +0200)]
Merge pull request #2634 from brauner/2018-09-21/cgroup_relative
confile: s/lxc.cgroup.keep/lxc.cgroup.relative/g
Stéphane Graber [Fri, 21 Sep 2018 11:46:00 +0000 (13:46 +0200)]
Merge pull request #2607 from brauner/2018-09-11/sysfs_mixed
conf: remove extra MS_BIND with sysfs:mixed
Christian Brauner [Fri, 21 Sep 2018 11:25:12 +0000 (13:25 +0200)]
cgfsng: mark ops with __cgfsng_ops__ attribute
Helps to easily tell the cgfsng ops functions from helpers.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 21 Sep 2018 08:41:38 +0000 (10:41 +0200)]
confile: s/lxc.cgroup.keep/lxc.cgroup.relative/g
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Fri, 21 Sep 2018 11:44:34 +0000 (13:44 +0200)]
Merge pull request #2608 from brauner/2018-09-11/netns_get_nsid
network: add lxc_netns_get_nsid()
Stéphane Graber [Fri, 21 Sep 2018 11:36:57 +0000 (13:36 +0200)]
Merge pull request #2631 from brauner/2018-09-20/rename_backgrounded
start: s/backgrounded/daemonize/g
Christian Brauner [Fri, 21 Sep 2018 10:24:24 +0000 (12:24 +0200)]
start: s/backgrounded/daemonize/g
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2xsec [Fri, 21 Sep 2018 02:09:54 +0000 (11:09 +0900)]
conf: realpath() uses null as second parameter to prevent buffer overflow
Signed-off-by: 2xsec <dh48.jeong@samsung.com>
Cameron Nemo [Thu, 20 Sep 2018 22:55:21 +0000 (15:55 -0700)]
apparmor: account for specified rootfs path (closes #2617)
Signed-off-by: Cameron Nemo <camerontnorman@gmail.com>
Stéphane Graber [Thu, 20 Sep 2018 22:11:43 +0000 (00:11 +0200)]
Merge pull request #2626 from brauner/2018-09-20/remove_locking
lxccontainer: remove cgroup locking
Christian Brauner [Thu, 20 Sep 2018 20:34:59 +0000 (22:34 +0200)]
lxccontainer: remove locks from get_cgroup_item()
The on-disk config file is not altered and the in-memory config isn't
altered so no need for locking.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 20 Sep 2018 20:34:10 +0000 (22:34 +0200)]
lxccontainer: remove locks from set_cgroup_item()
The on-disk config file is not altered and the in-memory config isn't
altered so no need for locking.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 20 Sep 2018 19:55:08 +0000 (21:55 +0200)]
Merge pull request #2624 from 2xsec/bugfix
af_unix: add function to remove duplicated codes for set sockaddr
2xsec [Wed, 19 Sep 2018 11:38:16 +0000 (20:38 +0900)]
af_unix: add function to remove duplicated codes for set sockaddr
Signed-off-by: 2xsec <dh48.jeong@samsung.com>
Stéphane Graber [Wed, 19 Sep 2018 09:49:02 +0000 (11:49 +0200)]
Merge pull request #2622 from brauner/2018-09-19/attach_exit_status
attach: report standard shell exit codes
Christian Brauner [Wed, 19 Sep 2018 07:15:36 +0000 (09:15 +0200)]
attach: report standard shell exit codes
POSIX mandates that on ENOEXEC 126 and on ENOENT 127 is supposed to be
reported.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 19 Sep 2018 07:11:36 +0000 (09:11 +0200)]
Merge pull request #2621 from 2xsec/bugfix
security: fix too wide or inconsistent non-owner permissions
2xsec [Wed, 19 Sep 2018 05:30:12 +0000 (14:30 +0900)]
security: fix too wide or inconsistent non-owner permissions
Signed-off-by: 2xsec <dh48.jeong@samsung.com>
Christian Brauner [Tue, 18 Sep 2018 15:24:46 +0000 (18:24 +0300)]
Merge pull request #2619 from smibarber/attach-shutdown
attach: don't shutdown ipc socket in child
Stephen Barber [Tue, 18 Sep 2018 00:31:22 +0000 (17:31 -0700)]
attach: don't shutdown ipc socket in child
shutdown() affects sockets even across forked processes. The
attached child process doesn't have any interest in using the
IPC socket, so just close it in the child process and let the
intermediate process handle shutting it down.
This fixes a bug seen with lxc exec in crbug.com/884244
Signed-off-by: Stephen Barber <smbarber@chromium.org>
Christian Brauner [Mon, 17 Sep 2018 06:25:34 +0000 (09:25 +0300)]
Merge pull request #2611 from 2xsec/bugfix
add compile flags for dlog
2xsec [Fri, 14 Sep 2018 09:28:44 +0000 (18:28 +0900)]
log: add additional info of dlog
Signed-off-by: 2xsec <dh48.jeong@samsung.com>
2xsec [Fri, 14 Sep 2018 09:16:04 +0000 (18:16 +0900)]
log: add common functions
Signed-off-by: 2xsec <dh48.jeong@samsung.com>
2xsec [Thu, 13 Sep 2018 02:37:54 +0000 (11:37 +0900)]
add compile flags for dlog
Signed-off-by: 2xsec <dh48.jeong@samsung.com>
Christian Brauner [Wed, 12 Sep 2018 23:16:30 +0000 (01:16 +0200)]
network: minor tweaks
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>