]>
git.proxmox.com Git - mirror_lxc.git/log
Christian Brauner [Sun, 29 Apr 2018 14:42:44 +0000 (16:42 +0200)]
lxccontainer: use thread-safe open() + write()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 29 Apr 2018 13:08:46 +0000 (15:08 +0200)]
lxccontainer: non-functional changes
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 29 Apr 2018 12:53:12 +0000 (14:53 +0200)]
lxccontainer: do_lxcapi_unfreeze()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 29 Apr 2018 12:52:40 +0000 (14:52 +0200)]
lxccontainer: do_lxcapi_freeze()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 29 Apr 2018 12:49:36 +0000 (14:49 +0200)]
lxccontainer: do_lxcapi_is_running()
There's no need to do string comparisons.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 29 Apr 2018 12:48:08 +0000 (14:48 +0200)]
lxccontainer: non-functional changes
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 29 Apr 2018 11:39:28 +0000 (13:39 +0200)]
lxccontainer: use thread-safe *_OFD_* locks
If they aren't available fallback to BSD flock()s.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 29 Apr 2018 11:32:42 +0000 (13:32 +0200)]
lxccontainer: non-functional changes
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 28 Apr 2018 22:53:12 +0000 (00:53 +0200)]
coverity: #
1426734
Argument cannot be negative
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 28 Apr 2018 22:50:50 +0000 (00:50 +0200)]
coverity: #
1435198
Unchecked return value
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 28 Apr 2018 22:49:30 +0000 (00:49 +0200)]
coverity: #
1435200
Resource leak
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 28 Apr 2018 22:43:34 +0000 (00:43 +0200)]
coverity: #
1435203
Resource leak
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 28 Apr 2018 22:38:29 +0000 (00:38 +0200)]
coverity: #
1435205
Unchecked return value
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 28 Apr 2018 22:32:42 +0000 (00:32 +0200)]
coverity: #
1435206
Time of check time of use
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 28 Apr 2018 22:22:54 +0000 (00:22 +0200)]
coverity: #
1435207
Unchecked return value
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 28 Apr 2018 22:21:33 +0000 (00:21 +0200)]
coverity: #
1435208
Unused value
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 28 Apr 2018 22:16:05 +0000 (00:16 +0200)]
coverity: #
1435210
Logically dead code
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 28 Apr 2018 21:23:27 +0000 (23:23 +0200)]
Merge pull request #2279 from kunkku/create-umask
do_lxcapi_create: set umask
Christian Brauner [Thu, 26 Apr 2018 16:36:46 +0000 (18:36 +0200)]
Merge pull request #2293 from pkun/master
Fix tool_utils.c build when HAVE_SETNS is unset
Serj Kalichev [Thu, 26 Apr 2018 13:20:30 +0000 (16:20 +0300)]
Fix tool_utils.c build when HAVE_SETNS is unset
Add inline setns() function to tool_utils.h. Without it
tool_utils.c can't be build when HAVE_SETNS is unset.
Signed-off-by: Serj Kalichev <serj.kalichev@gmail.com>
Christian Brauner [Tue, 24 Apr 2018 13:14:25 +0000 (15:14 +0200)]
Merge pull request #2289 from lifeng68/Fix_mem_leak_list_active_containers
Fix memory leak in list_active_containers
LiFeng [Tue, 24 Apr 2018 19:10:15 +0000 (15:10 -0400)]
Fix memory leak in list_active_containers
Signed-off-by: LiFeng <lifeng68@huawei.com>
LiFeng [Tue, 24 Apr 2018 16:53:57 +0000 (12:53 -0400)]
Fix the memory leak in cgfsng_attach
Signed-off-by: LiFeng <lifeng68@huawei.com>
Christian Brauner [Tue, 24 Apr 2018 08:40:22 +0000 (10:40 +0200)]
Merge pull request #2288 from lifeng68/Fix_mem_leak_cgfsng_attach
Fix the memory leak in cgfsng_attach
Christian Brauner [Tue, 24 Apr 2018 08:16:04 +0000 (10:16 +0200)]
Merge pull request #2287 from thyth/master
Also pass action scripts to CRIU on checkpointing
Daniel Selifonov [Sun, 15 Apr 2018 06:26:00 +0000 (23:26 -0700)]
Also pass action scripts to CRIU on checkpointing
Signed-off-by: Daniel Selifonov <ds@thyth.com>
Christian Brauner [Mon, 23 Apr 2018 21:09:39 +0000 (23:09 +0200)]
Merge pull request #2284 from 3XX0/pamcgfs-ignore-umask
pam-cgfs: ignore the system umask when creating the cgroup hierarchy
Jonathan Calmels [Mon, 16 Apr 2018 19:30:33 +0000 (12:30 -0700)]
pam-cgfs: ignore the system umask when creating the cgroup hierarchy
Fixes: #2277
Signed-off-by: Jonathan Calmels <jcalmels@nvidia.com>
Christian Brauner [Fri, 20 Apr 2018 11:00:07 +0000 (13:00 +0200)]
Merge pull request #2285 from tpetazzoni/offsetof-stddef-fix
lxc/tools/lxc_monitor: include missing <stddef.h>
Thomas Petazzoni [Fri, 20 Apr 2018 10:26:33 +0000 (12:26 +0200)]
lxc/tools/lxc_monitor: include missing <stddef.h>
lxc_monitor.c uses offsetof(), so it should include
<stddef.h>. Otherwise the build fails with the musl C library:
tools/lxc_monitor.c: In function ‘lxc_abstract_unix_connect’:
tools/lxc_monitor.c:324:9: warning: implicit declaration of function ‘offsetof’ [-Wimplicit-function-declaration]
offsetof(struct sockaddr_un, sun_path) + len + 1);
^~~~~~~~
tools/lxc_monitor.c:324:18: error: expected expression before ‘struct’
offsetof(struct sockaddr_un, sun_path) + len + 1);
^~~~~~
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Christian Brauner [Thu, 19 Apr 2018 13:07:05 +0000 (15:07 +0200)]
Merge pull request #2283 from flx42/lxc-oci-mkdir-download-directory
lxc-oci: mkdir the download directory
Felix Abecassis [Wed, 18 Apr 2018 21:12:55 +0000 (14:12 -0700)]
lxc-oci: mkdir the download directory
Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>
Serge Hallyn [Wed, 18 Apr 2018 16:35:11 +0000 (11:35 -0500)]
Merge pull request #2281 from brauner/2018-04-15/seccomp_fixes
seccomp: handle arch inversion - The Architecture Strikes Back
Christian Brauner [Wed, 18 Apr 2018 13:20:21 +0000 (15:20 +0200)]
seccomp: handle arch inversion II
LXC generates and loads the seccomp-bpf filter in the host/container which
spawn the new container. In other words, userspace N is responsible for
generating and loading the seccomp-bpf filter which restricts userspace N + 1.
Assume 64bit kernel and 32bit userspace running a 64bit container. In this case
the 32-bit x86 userspace is used to create a seccomp-bpf filter for a 64-bit
userspace. Unless one explicitly adds the 64-bit ABI to the libseccomp filter,
or adjusts the default behavior for "BAD_ARCH", *all* 64-bit x86 syscalls will
be blocked.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Suggested-by: Paul Moore <paul@paul-moore.com>
Christian Brauner [Wed, 18 Apr 2018 12:40:49 +0000 (14:40 +0200)]
seccomp: non-functional changes
Rename "compat_ctx" to "contexts" and "compat_arch" to "architectures".
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 15 Apr 2018 20:42:43 +0000 (22:42 +0200)]
tools: document -d/--daemonize for lxc-execute
Closes #2280.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 15 Apr 2018 20:39:07 +0000 (22:39 +0200)]
seccomp: improve logging
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 15 Apr 2018 20:12:51 +0000 (22:12 +0200)]
seccomp: cleanup compat architecture handling
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Kaarle Ritvanen [Sun, 15 Apr 2018 11:50:28 +0000 (14:50 +0300)]
do_lxcapi_create: set umask
Always use 022 as the umask when creating the rootfs directory and
executing the template. A too loose umask may cause security issues.
A too strict umask may cause programs to fail inside the container.
Signed-off-by: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Stéphane Graber [Fri, 13 Apr 2018 16:20:33 +0000 (18:20 +0200)]
Merge pull request #2275 from brauner/2018-04-13/improve_seccomp
seccomp: handle all errors
Christian Brauner [Fri, 13 Apr 2018 16:00:23 +0000 (18:00 +0200)]
seccomp: handle all errors
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Serge Hallyn [Fri, 13 Apr 2018 15:29:18 +0000 (10:29 -0500)]
Merge pull request #2274 from brauner/2018-04-13/fix_seccomp_with_personality_and_64bit_kernel_32_bit_userspace
seccomp: handle arch inversion
Christian Brauner [Fri, 13 Apr 2018 12:02:24 +0000 (14:02 +0200)]
seccomp: handle arch inversion
This commit deals with different kernel and userspace layouts and nesting. Here
are three examples:
1. 64bit kernel and 64bit userspace running 32bit containers
2. 64bit kernel and 32bit userspace running 64bit containers
3. 64bit kernel and 64bit userspace running 32bit containers running 64bit containers
Two things to lookout for:
1. The compat arch that is detected might have already been present in the main
context. So check that it actually hasn't been and only then add it.
2. The contexts don't need merging if the architectures are the same and also can't be.
With these changes I can run all crazy/weird combinations with proper seccomp
isolation.
Closes #654.
Link: https://bugs.chromium.org/p/chromium/issues/detail?id=832366
Reported-by: Chirantan Ekbote <chirantan@chromium.org>
Reported-by: Sonny Rao <sonnyrao@chromium.org>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 13 Apr 2018 08:39:05 +0000 (10:39 +0200)]
Merge pull request #2273 from aither64/master
conf: fix net type checks in run_script_argv()
Jakub Skokan [Thu, 12 Apr 2018 18:01:43 +0000 (20:01 +0200)]
conf: fix net type checks in run_script_argv()
Signed-off-by: Jakub Skokan <jakub.skokan@havefun.cz>
Serge Hallyn [Thu, 12 Apr 2018 16:31:05 +0000 (11:31 -0500)]
Merge pull request #2272 from brauner/2018-04-12/bugfixes
conf: ret-try devpts mount without gid=5 on error
Christian Brauner [Thu, 12 Apr 2018 10:49:20 +0000 (12:49 +0200)]
execute: fix app containers without root mapping
When starting application containers without a mapping for container root are
started, a dummy bind-mount target for lxc-init needs to be created. This will
not always work directly under "/" when e.g. permissions are missing due to the
ownership and/or mode of "/". We can try to work around this by using the
P_tmpdir as defined in POSIX which should usually land us in /tmp where
basically everyone can create files.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 12 Apr 2018 09:12:06 +0000 (11:12 +0200)]
conf: ret-try devpts mount without gid=5 on error
We should always default to mounting devpts with gid=5 but we should fallback
to mounting without gid=5. This let's us cover use-cases such as container
started with only a single mapping e.g.:
lxc.idmap = u 1000 1000 1
lxc.idmap = g 1000 1000 1
Closes #2257.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Serge Hallyn [Wed, 11 Apr 2018 23:00:35 +0000 (18:00 -0500)]
Merge pull request #2270 from brauner/2018-04-11/attach_try_dropping_supplementary_groups
attach: try to always drop supplementary groups
Serge Hallyn [Wed, 11 Apr 2018 17:24:59 +0000 (12:24 -0500)]
Merge pull request #2259 from gjaekel/patch-1
rootfs pinning: On NFS, make file hidden but don't delete it
Christian Brauner [Wed, 11 Apr 2018 15:35:57 +0000 (17:35 +0200)]
attach: try to always drop supplementary groups
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Tue, 10 Apr 2018 12:14:34 +0000 (14:14 +0200)]
Merge pull request #2266 from brauner/2018-04-09/attach_drop_suppl_groups
attach: always drop supplementary groups
Christian Brauner [Tue, 10 Apr 2018 10:27:39 +0000 (12:27 +0200)]
utils: define __NR_setns if missing on old glibcs
Closes #2248.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 9 Apr 2018 19:00:36 +0000 (21:00 +0200)]
Merge pull request #2267 from brauner/QbitLogic-master
Mergeable branch for C0deAi fixes
Christian Brauner [Mon, 9 Apr 2018 18:44:14 +0000 (20:44 +0200)]
lxc init: coding style
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
C0deAi [Fri, 6 Apr 2018 16:56:50 +0000 (12:56 -0400)]
tools/utils: free memory on error
Closes #2262.
Signed-off-by: C0deAi <techsupport@mycode.ai>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
C0deAi [Fri, 6 Apr 2018 16:46:53 +0000 (12:46 -0400)]
storage/rsync: free memory on error
Closes #2262.
Signed-off-by: C0deAi <techsupport@mycode.ai>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
C0deAi [Fri, 6 Apr 2018 15:30:06 +0000 (11:30 -0400)]
lxc init: remove dead code
Value stored is never read.
Closes #2262.
Signed-off-by: C0deAi <techsupport@mycode.ai>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 9 Apr 2018 16:01:38 +0000 (18:01 +0200)]
attach: always drop supplementary groups
Closes #1704.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 9 Apr 2018 08:15:09 +0000 (10:15 +0200)]
Merge pull request #2263 from ffontaine/master
Fix compilation with static libcap and shared gnutls
Fabrice Fontaine [Sat, 7 Apr 2018 13:48:46 +0000 (15:48 +0200)]
Fix compilation with static libcap and shared gnutls
Commit
c06ed219c47098f34485d408410b6ecc94a40877 has broken
compilation with a static libcap and a shared gnutls.
This results in a build failure on init_lxc_static if gnutls is
a shared library as init_lxc_static is built with -all-static option
(see src/lxc/Makefile.am) and AC_CHECK_LIB adds gnutls to LIBS.
This commit fix the issue by removing default behavior of AC_CHECK_LIB
and handling manually GNUTLS_LIBS and HAVE_LIBGNUTLS
Fixes:
- http://autobuild.buildroot.net/results/
b655d6853c25a195df28d91512b3ffb6c654fc90
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Christian Brauner [Fri, 6 Apr 2018 14:24:25 +0000 (16:24 +0200)]
Merge pull request #2261 from brauner/2018-04-06/thmo_patch_1
Fix temp file creation
Christian Brauner [Fri, 6 Apr 2018 08:54:41 +0000 (10:54 +0200)]
ringbuf: fix temporary file creation
lxc_make_tmpfile() uses mkstemp() internally, and thus expects the
template to contain 'XXXXXX' and be writable.
Signed-off-by: Thomas Moschny <thomas.moschny@gmx.de>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 6 Apr 2018 08:54:02 +0000 (10:54 +0200)]
conf: fix temporary file creation
lxc_make_tmpfile() uses mkstemp() internally, and thus expects the
template to contain 'XXXXXX' and be writable.
Signed-off-by: Thomas Moschny <thomas.moschny@gmx.de>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Guido Jäkel [Fri, 6 Apr 2018 07:35:21 +0000 (09:35 +0200)]
rootfs pinning: On NFS, make file hidden but don't delete it
On NFS, avoid random names of the root pin file due to "NFS silly renaming" but use a fixed hidden name instead.
Serge Hallyn [Thu, 5 Apr 2018 21:03:44 +0000 (16:03 -0500)]
Merge pull request #2258 from tych0/fix-signal-sending-to-lxc-init
fix signal sending in lxc.init
Tycho Andersen [Wed, 4 Apr 2018 23:45:29 +0000 (17:45 -0600)]
fix signal sending in lxc.init
The problem here is that these two clauses were ordered backwards: we first
check if the signal came from not the init pid, and if it did, then we give
a notice and return. The comment notes that this is intended to protect
against SIGCHLD, but we don't in fact know if the signal is a SIGCHLD yet,
because that's tested in the next hunk.
The symptom is that if I e.g. send SIGTERM from the outside world to the
container init, it ignores it and gives this notice. If we re-order these
clauses, it forwards non SIGCHLD signals, and ignores SIGCHLD signals from
things that aren't the real container process.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>
Christian Brauner [Tue, 3 Apr 2018 13:00:08 +0000 (15:00 +0200)]
Merge pull request #2256 from tenforward/japanese
doc: Tweak Japanese translation in lxc.container.conf(5)
KATOH Yasufumi [Tue, 3 Apr 2018 12:29:09 +0000 (21:29 +0900)]
doc: Tweak Japanese translation in lxc.container.conf(5)
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Christian Brauner [Mon, 2 Apr 2018 13:58:06 +0000 (15:58 +0200)]
Merge branch 'FengtuWang-make_rslave' into lxc/master
Fengtu Wang [Mon, 2 Apr 2018 21:00:19 +0000 (05:00 +0800)]
conf: ensure umounts don't propagate to host
Signed-off-by: Fengtu Wang <wangfengtu@huawei.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Mon, 2 Apr 2018 05:08:39 +0000 (01:08 -0400)]
Merge pull request #2247 from brauner/2018-03-31/expand_lxc_environment
confile: expand lxc.environment
Christian Brauner [Sat, 31 Mar 2018 00:39:28 +0000 (02:39 +0200)]
confile: expand lxc.environment
When a bare environment variable is specified then retrieve the value from the
current environment. For example, setting
lxc.environment = PATH
will cause LXC to inherit the value of PATH from the current environment.
Suggested-by: Jonathan Calmels <jcalmels@nvidia.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Fri, 30 Mar 2018 15:29:56 +0000 (11:29 -0400)]
Merge pull request #2244 from brauner/2018-03-29/fixup
bugfixes
Christian Brauner [Fri, 30 Mar 2018 05:53:02 +0000 (07:53 +0200)]
locktests: fix test suite
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 30 Mar 2018 04:54:40 +0000 (06:54 +0200)]
lxclock: use thread-safe *_OFD_* fcntl() locks
If they aren't available fallback to BSD flock()s.
Closes #2245.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 29 Mar 2018 19:31:54 +0000 (12:31 -0700)]
Merge pull request #2246 from flx42/lxc-oci-cmd-parsing-and-umoci
lxc-oci: cmd parsing and less verbose umoci
Felix Abecassis [Thu, 29 Mar 2018 17:21:22 +0000 (10:21 -0700)]
lxc-oci: make umoci less verbose
Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>
Felix Abecassis [Thu, 29 Mar 2018 17:20:31 +0000 (10:20 -0700)]
lxc-oci: fix Cmd/Entrypoint parsing
Don't use the -r option of jq, since it will strip the double quotes.
Fixes: #2195
Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>
Christian Brauner [Thu, 29 Mar 2018 16:29:49 +0000 (18:29 +0200)]
storage: fix lvm fs uuid generation
Closes #2241.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 29 Mar 2018 16:20:35 +0000 (18:20 +0200)]
tools: fix unitialized variable
Closes #2242.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Wed, 28 Mar 2018 01:49:16 +0000 (21:49 -0400)]
Release LXC 3.0.0
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Stéphane Graber [Tue, 27 Mar 2018 20:49:34 +0000 (16:49 -0400)]
Merge pull request #2239 from brauner/2018-03-27/fixup_action_script
Allow passing action scripts to CRIU
Eytan Heidingsfeld [Sun, 25 Mar 2018 21:10:21 +0000 (21:10 +0000)]
Allow passing action scripts to CRIU
Closes #2236.
Signed-off-by: Eytan Heidingsfeld <eytanh@gmail.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 27 Mar 2018 20:02:33 +0000 (13:02 -0700)]
Merge pull request #2238 from stgraber/master
configure.ac: Support redhatenterpriseserver
Stéphane Graber [Tue, 27 Mar 2018 19:21:51 +0000 (15:21 -0400)]
configure.ac: Support redhatenterpriseserver
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Stéphane Graber [Tue, 27 Mar 2018 03:38:01 +0000 (23:38 -0400)]
Release LXC 3.0.0.beta4
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Stéphane Graber [Mon, 26 Mar 2018 22:11:31 +0000 (18:11 -0400)]
Merge pull request #2237 from brauner/2018-03-26/always_make_dumpable
start: always make us dumpable
Christian Brauner [Mon, 26 Mar 2018 21:03:28 +0000 (23:03 +0200)]
start: always make us dumpable
Otherwise lxc.hook.mount hooks that try to inspect /proc/<pid>/*
will fail.
Cc: Jonathan Calmels <jcalmels@nvidia.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Mon, 26 Mar 2018 02:30:58 +0000 (22:30 -0400)]
Merge pull request #2235 from brauner/2018-03-25/simplify_autodev
conf: simplify autodev
Christian Brauner [Sun, 25 Mar 2018 12:33:44 +0000 (14:33 +0200)]
conf: simplify lxc_fill_autodev()
This function was way more syscall heavy than it needed to be.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Sat, 24 Mar 2018 04:36:32 +0000 (00:36 -0400)]
Merge pull request #2232 from flx42/dhclient-hook-apparmor
hooks: fix dhclient hook when an AppArmor profile is active
Stéphane Graber [Fri, 23 Mar 2018 20:22:00 +0000 (16:22 -0400)]
Release LXC 3.0.0.beta3
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Stéphane Graber [Fri, 23 Mar 2018 19:44:52 +0000 (15:44 -0400)]
Merge pull request #2233 from brauner/2018-03-23/truncate_config_file
lxccontainer: truncate config file
Christian Brauner [Fri, 23 Mar 2018 19:30:38 +0000 (20:30 +0100)]
lxccontainer: truncate config file
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 23 Mar 2018 17:54:22 +0000 (18:54 +0100)]
Merge pull request #2231 from stgraber/master
pam: Fix missing symbols in module
Felix Abecassis [Fri, 23 Mar 2018 17:47:35 +0000 (10:47 -0700)]
hooks: fix dhclient hook when an AppArmor profile is active
Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>
Stéphane Graber [Fri, 23 Mar 2018 17:26:24 +0000 (13:26 -0400)]
pam: Fix missing symbols in module
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Stéphane Graber [Thu, 22 Mar 2018 16:35:43 +0000 (12:35 -0400)]
Merge pull request #2229 from fliiiix/lxc_net_improvements
Rename ifup/down and remove usless parameter passing
Christian Brauner [Thu, 22 Mar 2018 16:22:55 +0000 (17:22 +0100)]
Merge pull request #2230 from tych0/drop-log-whitespace
remove leading whitespace from log files