]>
git.proxmox.com Git - mirror_lxc.git/log
Christian Brauner [Wed, 12 Jun 2019 12:15:39 +0000 (14:15 +0200)]
Merge pull request #3040 from Rachid-Koucha/patch-11
Centralize hook names
Rachid Koucha [Wed, 12 Jun 2019 06:36:40 +0000 (08:36 +0200)]
Centralize hook names
The hook string names must not be repeated in the source code to facilitate future changes
Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>
Stéphane Graber [Tue, 11 Jun 2019 22:11:32 +0000 (18:11 -0400)]
Merge pull request #3039 from brauner/master
seccomp: add ifdefine for SECCOMP_FILTER_FLAG_NEW_LISTENER
Christian Brauner [Tue, 11 Jun 2019 22:02:49 +0000 (00:02 +0200)]
seccomp: add ifdefine for SECCOMP_FILTER_FLAG_NEW_LISTENER
So that we can deal with older kernels.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Tue, 11 Jun 2019 21:53:05 +0000 (17:53 -0400)]
Merge pull request #3038 from brauner/master
seccomp: s/SCMP_FLTATR_NEW_LISTENER/SECCOMP_FILTER_FLAG_NEW_LISTENER/g
Christian Brauner [Tue, 11 Jun 2019 21:51:34 +0000 (23:51 +0200)]
seccomp: s/SCMP_FLTATR_NEW_LISTENER/SECCOMP_FILTER_FLAG_NEW_LISTENER/g
Align with upstream libseccomp.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Tue, 11 Jun 2019 21:43:10 +0000 (17:43 -0400)]
Merge pull request #3037 from brauner/master
seccomp: align with upstream libseccomp
Christian Brauner [Tue, 11 Jun 2019 21:36:56 +0000 (23:36 +0200)]
seccomp: s/HAVE_DECL_SECCOMP_NOTIF_GET_FD/HAVE_DECL_SECCOMP_NOTIFY_FD/g
Align with upstream libseccomp.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 11 Jun 2019 21:34:33 +0000 (23:34 +0200)]
seccomp: /sseccomp_notif_free/seccomp_notify_free/g
Align with upstream libseccomp.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 11 Jun 2019 21:33:22 +0000 (23:33 +0200)]
seccomp: s/seccomp_notif_alloc/seccomp_notify_alloc/g
Align with upstream libseccomp.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 11 Jun 2019 21:32:19 +0000 (23:32 +0200)]
seccomp: s/seccomp_notif_id_valid/seccomp_notify_id_valid/g
Align with upstream libseccomp.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 11 Jun 2019 21:31:12 +0000 (23:31 +0200)]
seccomp: s/seccomp_notif_send_resp/seccomp_notify_respond/g
Align with upstream libseccomp.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 11 Jun 2019 21:29:39 +0000 (23:29 +0200)]
seccomp: s/seccomp_notif_receive/seccomp_notify_receive/g
Align with upstream libseccomp.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 11 Jun 2019 21:27:33 +0000 (23:27 +0200)]
seccomp: s/seccomp_notif_get_fd/seccomp_notify_fd/g
Align with upstream libseccomp.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 11 Jun 2019 21:25:44 +0000 (23:25 +0200)]
seccomp: s/SCMP_ACT_USER_NOTIF/SCMP_ACT_NOTIFY/g
Align with upstream libseccomp.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 7 Jun 2019 00:35:39 +0000 (02:35 +0200)]
Merge pull request #3032 from promlow/lxcbasename_fix
proposed fix for #2892 - fix lxcbasename in lxc/lxccontainer.c
Stéphane Graber [Thu, 6 Jun 2019 10:57:11 +0000 (12:57 +0200)]
Merge pull request #3034 from brauner/2019-06-05/boot_id
start: generate new boot id on container start
Christian Brauner [Wed, 5 Jun 2019 21:43:53 +0000 (23:43 +0200)]
start: generate new boot id on container start
Closes #3027.
BugLink: https://bugs.launchpad.net/bugs/1831258
Cc: Dimitri John Ledkov <xnox@ubuntu.com>
Cc: Scott Moser <smoser@ubuntu.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Paul Romlow [Wed, 5 Jun 2019 18:28:21 +0000 (13:28 -0500)]
proposed fix for #2892 - fix lxcbasename in lxc/lxccontainer.c
Signed-off-by: Paul Romlow <paul@romlow.com>
Stéphane Graber [Wed, 5 Jun 2019 11:09:42 +0000 (13:09 +0200)]
Merge pull request #3029 from brauner/2019-06-05/fix_offline_cpus
cgroups: prevent segfault
Christian Brauner [Wed, 5 Jun 2019 11:08:39 +0000 (13:08 +0200)]
Merge pull request #3031 from Rachid-Koucha/patch-11
Make /tmp accessible to any user
Rachid Koucha [Wed, 5 Jun 2019 11:04:11 +0000 (13:04 +0200)]
Make /tmp accessible to any user
/tmp created with "rwxrwxrwt" mode
Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>
Christian Brauner [Wed, 5 Jun 2019 07:27:45 +0000 (09:27 +0200)]
cgroups: prevent segfault
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 5 Jun 2019 04:56:17 +0000 (06:56 +0200)]
Merge pull request #3028 from lifeng68/fix_memory_leak
start: fix handler memory leak at lxc_init failed
LiFeng [Wed, 5 Jun 2019 04:44:17 +0000 (00:44 -0400)]
start: fix handler memory leak at lxc_init failed
Signed-off-by: LiFeng <lifeng68@huawei.com>
Christian Brauner [Tue, 4 Jun 2019 14:11:42 +0000 (16:11 +0200)]
Merge pull request #3026 from xmcqueen/master
lxc_usernsexec: continuing after unshare fails leads to confusing and…
Brian McQueen [Tue, 4 Jun 2019 13:46:37 +0000 (06:46 -0700)]
lxc_usernsexec: continuing after unshare fails leads to confusing and misleading error messages
Signed-off-by: Brian McQueen <bmcqueen@linkedin.com>
Stéphane Graber [Tue, 4 Jun 2019 11:52:07 +0000 (13:52 +0200)]
Merge pull request #3014 from brauner/2019-05-24/cgroups_handle_offline_cpus
cgroups: handle offline cpus in v1 hierarchy
Christian Brauner [Tue, 4 Jun 2019 08:49:57 +0000 (10:49 +0200)]
Merge pull request #3024 from avkvl/fix_groups_with_a_lot_of_members
lxc-user-net: Failed to convert string " Failed to get group name" to integer
Alexander Kriventsov [Mon, 3 Jun 2019 15:11:56 +0000 (18:11 +0300)]
getgrgid_r fails with ERANGE if buffer is too small. Retry with a larger buffer.
Signed-off-by: Alexander Kriventsov <akriventsov@nic.ru>
Christian Brauner [Wed, 29 May 2019 15:38:23 +0000 (17:38 +0200)]
Merge pull request #3018 from tych0/comment-stack-size
lxc_clone: add a comment about stack size
Tycho Andersen [Wed, 29 May 2019 15:36:51 +0000 (09:36 -0600)]
lxc_clone: add a comment about stack size
Signed-off-by: Tycho Andersen <tycho@tycho.ws>
Christian Brauner [Wed, 29 May 2019 15:14:00 +0000 (17:14 +0200)]
Merge pull request #2987 from tych0/pass-zero-to-clone
Pass zero to clone
Tycho Andersen [Wed, 29 May 2019 14:47:35 +0000 (08:47 -0600)]
lxc_clone: bump stack size to 8MB
This is the default thread size for glibc, so it is reasonable to match
that when we clone().
Mostly this is a science experiment suggested by brauner, and who doesn't
love science?
Signed-off-by: Tycho Andersen <tycho@tycho.ws>
Christian Brauner [Tue, 28 May 2019 14:45:36 +0000 (16:45 +0200)]
Merge pull request #3015 from avkvl/issue-2765
fix issue 2765
Alexander Kriventsov [Tue, 28 May 2019 12:58:51 +0000 (15:58 +0300)]
fix issue 2765
Signed-off-by: Alexander Kriventsov <akriventsov@nic.ru>
Christian Brauner [Fri, 24 May 2019 13:59:57 +0000 (15:59 +0200)]
cgroups: handle offline cpus in v1 hierarchy
Handle offline cpus in v1 hierarchy.
In addition to isolated cpus we also need to account for offline cpus when our
ancestor cgroup is the root cgroup and we have not been initialized yet.
Closes #2953.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Tue, 21 May 2019 14:15:08 +0000 (10:15 -0400)]
Merge pull request #3011 from brauner/2019-05-21/android_the_bane_of_my_existence
configure: remove additional comma
Christian Brauner [Tue, 21 May 2019 13:58:03 +0000 (15:58 +0200)]
configure: remove additional comma
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Fri, 17 May 2019 07:10:47 +0000 (09:10 +0200)]
Merge pull request #3010 from brauner/2019-05-17/bugfixes
lxccontainer: cleanup attach functions
Christian Brauner [Fri, 17 May 2019 05:50:45 +0000 (07:50 +0200)]
lxccontainer: cleanup attach functions
Specifically, refloat function arguments and remove useless comments.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Thu, 16 May 2019 17:33:41 +0000 (19:33 +0200)]
Merge pull request #3009 from brauner/2019-05-16/rework_attach
attach: do not reload container
Christian Brauner [Thu, 16 May 2019 13:29:41 +0000 (15:29 +0200)]
attach: do not reload container
Let lxc_attach() reuse the already initialized container.
Closes https://github.com/lxc/lxd/issues/5755.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 16 May 2019 08:11:42 +0000 (10:11 +0200)]
Merge pull request #3006 from tomponline/tp-phys-downhook
network: Fixes bug that stopped down hook from running for phys netdevs
Thomas Parrott [Wed, 15 May 2019 16:09:47 +0000 (17:09 +0100)]
network: Fixes bug that stopped down hook from running for phys netdevs
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
Christian Brauner [Wed, 15 May 2019 15:40:52 +0000 (17:40 +0200)]
Merge pull request #3005 from tomponline/tp-phys-ns-restore
network: move phys netdevs back to monitor's net ns rather than pid 1's
Thomas Parrott [Wed, 15 May 2019 14:54:12 +0000 (15:54 +0100)]
network: move phys netdevs back to monitor's net ns rather than pid 1's
Updates lxc_restore_phys_nics_to_netns() to move phys netdevs back to the monitor's network namespace rather than the previously hardcoded PID 1 net ns.
This is to fix instances where LXC is started inside a net ns different from PID 1 and physical devices are moved back to a different net ns when the container is shutdown than the net ns than where the container was started from.
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
Stéphane Graber [Wed, 15 May 2019 14:19:19 +0000 (16:19 +0200)]
Merge pull request #3004 from brauner/master
configure: handle checks when cross-compiling
Tycho Andersen [Thu, 9 May 2019 18:18:10 +0000 (14:18 -0400)]
lxc_clone: get rid of some indirection
We have a do_clone(), which just calls a void f(void *) that it gets
passed. We build up a struct consisting of two args that are just the
actual arg and actual function. Let's just have the syscall do this for us.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>
Tycho Andersen [Thu, 9 May 2019 18:13:40 +0000 (14:13 -0400)]
doc: add a little note about shared ns + LSMs
We should add a little not about the race in the previous patch.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>
Tycho Andersen [Thu, 9 May 2019 17:52:30 +0000 (13:52 -0400)]
lxc_clone: pass non-stack allocated stack to clone
There are two problems with this code:
1. The math is wrong. We allocate a char *foo[__LXC_STACK_SIZE]; which
means it's really sizeof(char *) * __LXC_STACK_SIZE, instead of just
__LXC_STACK SIZE.
2. We can't actually allocate it on our stack. When we use CLONE_VM (which
we do in the shared ns case) that means that the new thread is just
running one page lower on the stack, but anything that allocates a page
on the stack may clobber data. This is a pretty short race window since
we just do the shared ns stuff and then do a clone without CLONE_VM.
However, it does point out an interesting possible privilege escalation if
things aren't configured correctly: do_share_ns() sets up namespaces while
it shares the address space of the task that spawned it; once it enters the
pid ns of the thing it's sharing with, the thing it's sharing with can
ptrace it and write stuff into the host's address space. Since the function
that does the clone() is lxc_spawn(), it has a struct cgroup_ops* on the
stack, which itself has function pointers called later in the function, so
it's possible to allocate shellcode in the address space of the host and
run it fairly easily.
ASLR doesn't mitigate this since we know exactly the stack offsets; however
this patch has the kernel allocate a new stack, which will help. Of course,
the attacker could just check /proc/pid/maps to find the location of the
stack, but they'd still have to guess where to write stuff in.
The thing that does prevent this is the default configuration of apparmor.
Since the apparmor profile is set in the second clone, and apparmor
prevents ptracing things under a different profile, attackers confined by
apparmor can't do this. However, if users are using a custom configuration
with shared namespaces, care must be taken to avoid this race.
Shared namespaces aren't widely used now, so perhaps this isn't a problem,
but with the advent of crio-lxc for k8s, this functionality will be used
more.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>
Christian Brauner [Wed, 15 May 2019 13:44:36 +0000 (15:44 +0200)]
configure: handle checks when cross-compiling
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 13 May 2019 13:57:29 +0000 (15:57 +0200)]
Merge pull request #3001 from Rachid-Koucha/patch-11
Use %m instead of strerror() when available
Rachid Koucha [Mon, 13 May 2019 12:57:02 +0000 (14:57 +0200)]
Error prone semicolon
Suppressed error prone semicolon in SYSTRACE() macro.
Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>
Rachid Koucha [Mon, 13 May 2019 11:21:14 +0000 (13:21 +0200)]
Use %m instead of strerror() when available
Use %m under HAVE_M_FORMAT instead of strerror()
Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>
Christian Brauner [Mon, 13 May 2019 11:19:55 +0000 (13:19 +0200)]
Merge pull request #2999 from rikardfalkeborn/fix-realloc-memleak-proctitle
initutils: Fix memleak on realloc failure
Christian Brauner [Mon, 13 May 2019 11:19:22 +0000 (13:19 +0200)]
Merge pull request #2998 from rikardfalkeborn/fix-returning-non-bool
Fix returning -1 in functions with return type bool
Christian Brauner [Mon, 13 May 2019 11:18:54 +0000 (13:18 +0200)]
Merge pull request #3000 from Rachid-Koucha/patch-11
Config: check for %m availability
Rachid Koucha [Mon, 13 May 2019 11:13:18 +0000 (13:13 +0200)]
Config: check for %m availability
GLIBC supports %m to avoid calling strerror(). Using it saves some code space.
==> This check will define HAVE_M_FORMAT to be use wherever possible (e.g. log.h)
Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>
Rikard Falkeborn [Sun, 12 May 2019 00:22:15 +0000 (02:22 +0200)]
initutils: Fix memleak on realloc failure
Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com>
Rikard Falkeborn [Sat, 11 May 2019 23:47:56 +0000 (01:47 +0200)]
zfs: Fix return value on zfs_snapshot error
Returning -1 in a function with return type bool is the same as
returning true. Change to return false to indicate error properly.
Detected with cppcheck.
Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com>
Rikard Falkeborn [Sat, 11 May 2019 23:46:27 +0000 (01:46 +0200)]
lvm: Fix return value if lvm_create_clone fails
Returning -1 in a function with return type bool is the same as
returning true. Change to return false to indicate error properly.
Detected with cppcheck.
Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com>
Rikard Falkeborn [Sat, 11 May 2019 23:39:51 +0000 (01:39 +0200)]
criu: Remove unnecessary return after _exit()
Since _exit() will terminate, the return statement is dead code. Also,
returning -1 from a function with bool as return type is confusing.
Detected with cppcheck.
Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com>
Christian Brauner [Fri, 10 May 2019 21:47:28 +0000 (23:47 +0200)]
Merge pull request #2997 from rst0git/criu-v-option
criu: Use -v4 instead of -vvvvvv
Radostin Stoyanov [Fri, 10 May 2019 21:25:54 +0000 (22:25 +0100)]
criu: Use -v4 instead of -vvvvvv
CRIU has only 4 levels of verbosity (errors, warnings, info, debug).
Thus, using `-v4` is more appropriate.
https://criu.org/Logging
Signed-off-by: Radostin Stoyanov <rstoyanov1@gmail.com>
Christian Brauner [Fri, 10 May 2019 19:35:56 +0000 (21:35 +0200)]
Merge pull request #2993 from Rachid-Koucha/patch-9
New --bbpath option and unecessary --rootfs checks
Rachid Koucha [Fri, 10 May 2019 19:28:35 +0000 (21:28 +0200)]
Option --busybox-path instead of --bbpath
As suggested during the review.
Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>
Christian Brauner [Fri, 10 May 2019 19:20:20 +0000 (21:20 +0200)]
Merge pull request #2996 from brauner/Rachid-Koucha-patch-10
lxccontainer: do not display if missing privileges
Rachid Koucha [Fri, 10 May 2019 16:56:12 +0000 (18:56 +0200)]
lxccontainer: do not display if missing privileges
lxc-ls without root privileges on privileged containers should not display
information. In lxc_container_new(), ongoing_create()'s result is not checked
for all possible returned values. Hence, an unprivileged user can send command
messages to the container's monitor. For example:
$ lxc-ls -P /.../tests -f
NAME STATE AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED
ctr - 0 - - - false
$ sudo lxc-ls -P /.../tests -f
NAME STATE AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED
ctr RUNNING 0 - 10.0.3.51 - false
After this change:
$ lxc-ls -P /.../tests -f <-------- No more display without root privileges
$ sudo lxc-ls -P /.../tests -f
NAME STATE AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED
ctr RUNNING 0 - 10.0.3.37 - false
$
Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Rachid Koucha [Fri, 10 May 2019 15:01:13 +0000 (17:01 +0200)]
New --bbpath option and unecessary --rootfs checks
. Add the "--bbpath" option to pass an alternate busybox pathname instead of the one found from ${PATH}.
. Take this opportunity to add some formatting in the usage display
. As a try is done to pick rootfs from the config file and set it to ${path}/rootfs, it is unnecessary to make it mandatory
Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>
Stéphane Graber [Fri, 10 May 2019 12:36:56 +0000 (08:36 -0400)]
Merge pull request #2992 from brauner/2019-05-10/coding_style_update
coding style: update
Christian Brauner [Fri, 10 May 2019 11:15:25 +0000 (13:15 +0200)]
coding style: update
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 10 May 2019 07:30:35 +0000 (09:30 +0200)]
Merge pull request #2985 from tomponline/tp-mtu
network: Adds mtu support for phys and macvlan types
Christian Brauner [Fri, 10 May 2019 06:48:59 +0000 (08:48 +0200)]
Merge pull request #2989 from Rachid-Koucha/patch-8
Redirect error messages to stderr
Rachid Koucha [Fri, 10 May 2019 05:39:03 +0000 (07:39 +0200)]
Redirect error messages to stderr
Some error messages were not redirected to stderr.
Moreover, do "exit 0" instead of "exit 1" when "help" option is passed.
Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>
Stéphane Graber [Thu, 9 May 2019 19:19:58 +0000 (15:19 -0400)]
Merge pull request #2986 from brauner/2019-05-09/clone_pidfd
start: use CLONE_PIDFD
Christian Brauner [Thu, 9 May 2019 17:40:23 +0000 (19:40 +0200)]
start: use CLONE_PIDFD
Use CLONE_PIDFD when possible.
Note the clone() syscall ignores unknown flags which is usually a design
mistake. However, for us this bug is a feature since we can just pass the flag
along and see whether the kernel has given us a pidfd.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Thomas Parrott [Thu, 9 May 2019 15:47:42 +0000 (16:47 +0100)]
api: Adds the network_phys_macvlan_mtu extension
This will allow LXD to check for custom MTU support for phys and macvlan devices.
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
Thomas Parrott [Thu, 9 May 2019 15:40:08 +0000 (16:40 +0100)]
network: Restores phys device MTU on container shutdown
The phys devices will now have their original MTUs recorded at start and restored at shutdown.
This is to protect the original phys device from having any container level MTU customisation being applied to the device once it is restored to the host.
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
Christian Brauner [Thu, 9 May 2019 15:09:51 +0000 (17:09 +0200)]
namespace: support CLONE_PIDFD with lxc_clone()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Thomas Parrott [Thu, 9 May 2019 14:34:20 +0000 (15:34 +0100)]
network: Adds mtu support for phys and macvlan types
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
Stéphane Graber [Thu, 9 May 2019 13:37:51 +0000 (09:37 -0400)]
Merge pull request #2984 from brauner/2019-05-09/clone_pidfd
clone: add infrastructure for CLONE_PIDFD
Christian Brauner [Thu, 9 May 2019 13:01:27 +0000 (15:01 +0200)]
clone: add infrastructure for CLONE_PIDFD
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=
eac7078a0fff1e72cf2b641721e3f55ec7e5e21e
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 9 May 2019 13:00:32 +0000 (15:00 +0200)]
raw_syscalls: simplify assembly
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Co-developed-by: David Howells <dhowells@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Stéphane Graber [Thu, 9 May 2019 12:47:34 +0000 (08:47 -0400)]
Merge pull request #2906 from brauner/2019-03-12/namespace_switching
utils: improve switch_to_ns()
Christian Brauner [Tue, 12 Mar 2019 16:51:50 +0000 (17:51 +0100)]
utils: improve switch_to_ns()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 9 May 2019 09:09:45 +0000 (11:09 +0200)]
Merge pull request #2983 from tenforward/japanese
Update Japanese lxc.container.conf(5)
KATOH Yasufumi [Thu, 9 May 2019 06:24:18 +0000 (15:24 +0900)]
doc: Fix and improve Japanese translation
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Reviewed-by: Hiroaki Nakamura <hnakamur@gmail.com>
KATOH Yasufumi [Wed, 8 May 2019 12:42:16 +0000 (21:42 +0900)]
doc: Update Japanese lxc.container.conf(5)
This is the translation for the following description:
- lxc.seccomp.notify.proxy (commit
8a64375 )
- host side veth device static routes (commit
d4a7da4 )
- IPVLAN (commit
c9f5238 )
- Layer 2 proxy mode (commit
6509154 )
- gateway device route mode (commit
a2f9a67 )
and fix typo in English man page.
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Christian Brauner [Tue, 7 May 2019 14:14:51 +0000 (16:14 +0200)]
Merge pull request #2982 from Rachid-Koucha/patch-5
Devices created in rootfs instead of rootfs/dev
Rachid Koucha [Tue, 7 May 2019 14:03:02 +0000 (16:03 +0200)]
Devices created in rootfs instead of rootfs/dev
Added /dev in the mknod commands.
Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>
Christian Brauner [Tue, 7 May 2019 13:50:43 +0000 (15:50 +0200)]
Merge pull request #2981 from tomponline/tp-veth-gateway
network: Re-works veth gateway logic
tomponline [Tue, 7 May 2019 13:23:24 +0000 (14:23 +0100)]
network: Re-works veth gateway logic
Handles more errors and gives better error messages.
Signed-off-by: tomponline <thomas.parrott@canonical.com>
Christian Brauner [Tue, 7 May 2019 12:03:52 +0000 (14:03 +0200)]
Merge pull request #2979 from tomponline/tp-vlan-mtu
network: Makes vlan network interfaces set mtu before upscript called
Christian Brauner [Tue, 7 May 2019 11:37:38 +0000 (13:37 +0200)]
Merge pull request #2978 from tomponline/tp-ipvlan-mtu
network: Adds custom mtu support for ipvlan interfaces
tomponline [Tue, 7 May 2019 11:34:34 +0000 (12:34 +0100)]
network: Makes vlan network interfaces set mtu before upscript called
This is consistent with veth and ipvlan types.
Also makes the debug message for success occur after up script has run.
Also makes device clean up on error more thorough and consistent.
Signed-off-by: tomponline <thomas.parrott@canonical.com>
tomponline [Tue, 7 May 2019 11:13:46 +0000 (12:13 +0100)]
network: Adds custom mtu support for ipvlan interfaces
Signed-off-by: tomponline <thomas.parrott@canonical.com>
Stéphane Graber [Mon, 6 May 2019 19:10:20 +0000 (15:10 -0400)]
Merge pull request #2976 from brauner/2019-05-06/bugfixes
seccomp: document path calculation
Stéphane Graber [Mon, 6 May 2019 18:36:50 +0000 (14:36 -0400)]
Merge pull request #2977 from brauner/2019-05-06/pidfd_send_signal
raw_syscalls: add initial support for pidfd_send_signal()
Christian Brauner [Mon, 6 May 2019 08:49:31 +0000 (10:49 +0200)]
raw_syscalls: add initial support for pidfd_send_signal()
Well, I added this syscall so we better use it. :)
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>