]>
git.proxmox.com Git - mirror_lxc.git/log
Stéphane Graber [Thu, 15 Jul 2021 04:47:44 +0000 (00:47 -0400)]
Merge pull request #3904 from hallyn/2021-07-14/mantypo
doc/common_options: add trace and alert loglevels
Serge Hallyn [Thu, 15 Jul 2021 03:17:40 +0000 (22:17 -0500)]
doc/common_options: add trace and alert loglevels
Signed-off-by: Serge Hallyn <serge@hallyn.com>
Stéphane Graber [Thu, 8 Jul 2021 16:10:00 +0000 (12:10 -0400)]
Merge pull request #3900 from brauner/2021-07-08.fixes
file_utils: surface ENOENT when falling back to openat()
Christian Brauner [Thu, 8 Jul 2021 12:49:26 +0000 (14:49 +0200)]
file_utils: surface ENOENT when falling back to openat()
Link: https://discuss.linuxcontainers.org/t/error-failed-to-retrieve-pid-of-executing-child-process
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 5 Jul 2021 15:25:24 +0000 (17:25 +0200)]
Merge pull request #3896 from Blub/include-userns-config-dir
RFC: conf: userns.conf: include userns.conf.d
Stéphane Graber [Mon, 5 Jul 2021 12:49:08 +0000 (08:49 -0400)]
Merge pull request #3897 from brauner/2021-07-05.fixes
lxc-unshare: fixes
Christian Brauner [Mon, 5 Jul 2021 10:19:31 +0000 (12:19 +0200)]
lxc_unshare: fix network device handling
We were passing the wrong PID. Fix this!
Link: https://discuss.linuxcontainers.org/t/problem-with-moving-interface-new-network-namespace-in-lxc-unshare
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 5 Jul 2021 10:11:42 +0000 (12:11 +0200)]
lxc_unshare: make mount table private
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Wolfgang Bumiller [Mon, 5 Jul 2021 08:53:41 +0000 (10:53 +0200)]
confile: allow including nonexisting directories
If an include directive ends with a trailing slash, we now
always assume it is a directory and do not treat the
non-existence as an error.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Mon, 5 Jul 2021 07:02:36 +0000 (09:02 +0200)]
conf: userns.conf: include userns.conf.d
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Stéphane Graber [Mon, 5 Jul 2021 03:36:01 +0000 (23:36 -0400)]
Merge pull request #3895 from tenforward/japanese
Update Japanese lxc.container.conf(5)
KATOH Yasufumi [Mon, 5 Jul 2021 03:00:32 +0000 (12:00 +0900)]
doc: Fix typo in English lxc.container.conf(5)
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
KATOH Yasufumi [Mon, 5 Jul 2021 02:44:30 +0000 (11:44 +0900)]
doc: Add new idmap= option to Japanese lxc.container.conf(5)
Update for commit
1852be904823e3532af38efc5ef55d3fb931e616
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
KATOH Yasufumi [Mon, 5 Jul 2021 02:23:49 +0000 (11:23 +0900)]
doc: Append description of net type field
Update for commit
320061b34fea7d7f280b0a421dddeac7dac7f1bf
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
KATOH Yasufumi [Sun, 27 Jun 2021 15:10:09 +0000 (00:10 +0900)]
doc: Add eBPF-based device controller semantics to Japanese man page
Update for commit
5025f3a69053bbddbe6c76ffb55b4bbd5759dcc8
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Stéphane Graber [Thu, 1 Jul 2021 14:23:24 +0000 (10:23 -0400)]
Merge pull request #3891 from brauner/2021-07-01.fixes
cgroups: handle funky cgroup layouts
Stéphane Graber [Thu, 1 Jul 2021 12:56:59 +0000 (08:56 -0400)]
Merge pull request #3892 from brauner/2021-07-01.fixes.2
terminal: ensure newlines are turned into newlines+carriage return fo…
Stéphane Graber [Thu, 1 Jul 2021 12:51:44 +0000 (08:51 -0400)]
Merge pull request #3893 from brauner/2021-07-01.fixes.3
cmd/lxc-checkconfig: list cgroup namespaces and rename confusing ns_c…
Christian Brauner [Thu, 1 Jul 2021 11:39:46 +0000 (13:39 +0200)]
cmd/lxc-checkconfig: list cgroup namespaces and rename confusing ns_cgroup entry
Link: https://discuss.linuxcontainers.org/t/cgroup-namespace-required-in-lxc-checkconfig-and-config-cgroup-ns
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 1 Jul 2021 08:22:56 +0000 (10:22 +0200)]
terminal: ensure newlines are turned into newlines+carriage return for terminal output
Fixes: #3879
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 1 Jul 2021 07:51:30 +0000 (09:51 +0200)]
cgroups: handle funky cgroup layouts
Old versions of Docker emulate a cgroup namespace by bind-mounting the
container's cgroup over the corresponding controller:
/kubepods.slice/kubepods-burstable.slice/kubepods-burstable-pod7d4424e6_bb13_42f4_a47a_45a4828bf54d.slice/docker-
d0b3604b67ac7930dd34ba3a796627e3e4717d12309e90a4afe3f38b6816ac98 .scope /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime master:11 - cgroup cgroup rw,xattr,name=systemd
/kubepods.slice/kubepods-burstable.slice/kubepods-burstable-pod7d4424e6_bb13_42f4_a47a_45a4828bf54d.slice/docker-
d0b3604b67ac7930dd34ba3a796627e3e4717d12309e90a4afe3f38b6816ac98 .scope /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime master:15 - cgroup cgroup rw,net_cls,net_prio
/kubepods.slice/kubepods-burstable.slice/kubepods-burstable-pod7d4424e6_bb13_42f4_a47a_45a4828bf54d.slice/docker-
d0b3604b67ac7930dd34ba3a796627e3e4717d12309e90a4afe3f38b6816ac98 .scope /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime master:16 - cgroup cgroup rw,cpu,cpuacct
/kubepods.slice/kubepods-burstable.slice/kubepods-burstable-pod7d4424e6_bb13_42f4_a47a_45a4828bf54d.slice/docker-
d0b3604b67ac7930dd34ba3a796627e3e4717d12309e90a4afe3f38b6816ac98 .scope /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime master:17 - cgroup cgroup rw,memory
/kubepods.slice/kubepods-burstable.slice/kubepods-burstable-pod7d4424e6_bb13_42f4_a47a_45a4828bf54d.slice/docker-
d0b3604b67ac7930dd34ba3a796627e3e4717d12309e90a4afe3f38b6816ac98 .scope /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime master:18 - cgroup cgroup rw,devices
/kubepods.slice/kubepods-burstable.slice/kubepods-burstable-pod7d4424e6_bb13_42f4_a47a_45a4828bf54d.slice/docker-
d0b3604b67ac7930dd34ba3a796627e3e4717d12309e90a4afe3f38b6816ac98 .scope /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime master:19 - cgroup cgroup rw,hugetlb
/kubepods.slice/kubepods-burstable.slice/kubepods-burstable-pod7d4424e6_bb13_42f4_a47a_45a4828bf54d.slice/docker-
d0b3604b67ac7930dd34ba3a796627e3e4717d12309e90a4afe3f38b6816ac98 .scope /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime master:20 - cgroup cgroup rw,perf_event
/kubepods.slice/kubepods-burstable.slice/kubepods-burstable-pod7d4424e6_bb13_42f4_a47a_45a4828bf54d.slice/docker-
d0b3604b67ac7930dd34ba3a796627e3e4717d12309e90a4afe3f38b6816ac98 .scope /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime master:21 - cgroup cgroup rw,cpuset
/kubepods.slice/kubepods-burstable.slice/kubepods-burstable-pod7d4424e6_bb13_42f4_a47a_45a4828bf54d.slice/docker-
d0b3604b67ac7930dd34ba3a796627e3e4717d12309e90a4afe3f38b6816ac98 .scope /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime master:22 - cgroup cgroup rw,blkio
/kubepods.slice/kubepods-burstable.slice/kubepods-burstable-pod7d4424e6_bb13_42f4_a47a_45a4828bf54d.slice/docker-
d0b3604b67ac7930dd34ba3a796627e3e4717d12309e90a4afe3f38b6816ac98 .scope /sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime master:23 - cgroup cgroup rw,pids
/kubepods.slice/kubepods-burstable.slice/kubepods-burstable-pod7d4424e6_bb13_42f4_a47a_45a4828bf54d.slice/docker-
d0b3604b67ac7930dd34ba3a796627e3e4717d12309e90a4afe3f38b6816ac98 .scope /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime master:24 - cgroup cgroup rw,freezer
New versions of LXC always stash a file descriptor for the root of the
cgroup mount at /sys/fs/cgroup and then resolve the current cgroup
parsed from /proc/{1,self}/cgroup relative to that file descriptor. This
doesn't work when the caller's cgroup is mouned over the controllers.
Older versions of LXC simply counted such layouts as having no cgroups
available for delegation at all and moved on provided no cgroup limits
were requested. But mainline LXC would fail such layouts. While I would
argue that failing such layouts is the semantically clean approach we
shouldn't regress users so make mainline LXC treat such cgroup layouts
as having no cgroups available for delegation.
Fixes: #3890
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Wed, 30 Jun 2021 14:30:27 +0000 (10:30 -0400)]
Merge pull request #3888 from brauner/2021-06-30.fixes
Improve read-only /sys with read-write /sys/devices/virtual/net
Christian Brauner [Wed, 30 Jun 2021 11:41:46 +0000 (13:41 +0200)]
tests: add tests for read-only /sys with read-write /sys/devices/virtual/net
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 30 Jun 2021 11:22:15 +0000 (13:22 +0200)]
conf: improve read-only /sys with read-write /sys/devices/virtual/net
Some tools require /sys/devices/virtual/net to be read-write. At the
same time we want all other parts of /sys to be read-only. To do this we
created a layout where we hade a read-only instance of sysfs mounted on
top of a read-write instance of sysfs:
`-/sys sysfs sysfs rw,nosuid,nodev,noexec,relatime
`-/sys sysfs sysfs ro,nosuid,nodev,noexec,relatime
|-/sys/devices/virtual/net sysfs sysfs rw,relatime
| `-/sys/devices/virtual/net sysfs[/devices/virtual/net] sysfs rw,nosuid,nodev,noexec,relatime
This causes issues for systemd services that create a separate mount
namespace as they get confused to what mount options need to be
respected.
Simplify our mounting logic so we end up with a single read-only mount
of sysfs on /sys and a read-write bind-mount of /sys/devices/virtual/net:
├─/sys sysfs sysfs ro,nosuid,nodev,noexec,relatime
│ ├─/sys/devices/virtual/net sysfs[/devices/virtual/net] sysfs rw,nosuid,nodev,noexec,relatime
Link: systemd/systemd#20032
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 30 Jun 2021 10:56:03 +0000 (12:56 +0200)]
Merge pull request #3887 from simondeziel/closedir
initutils: close dirfd in error path
Simon Deziel [Tue, 29 Jun 2021 15:50:09 +0000 (11:50 -0400)]
initutils: close dirfd in error path
Signed-off-by: Simon Deziel <simon.deziel@canonical.com>
Christian Brauner [Tue, 29 Jun 2021 14:08:19 +0000 (16:08 +0200)]
Merge pull request #3885 from tych0/dont-exec-execute
execute: don't exec init, call it
Christian Brauner [Tue, 29 Jun 2021 08:32:31 +0000 (10:32 +0200)]
execute: ensure parent is notified about child exec and close all unneeded fds
lxc_container_init() creates the container payload process as it's child
so lxc_container_init() itself never really exits and thus the parent
isn't notified about the child exec'ing since the sync file descriptor
is never closed. Make sure it's closed to notify the parent about the
child's exec.
In addition we're currently leaking all file descriptors associated with
the handler into the stub init. Make sure that all file descriptors
other than stderr are closed.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 29 Jun 2021 08:32:05 +0000 (10:32 +0200)]
network: log network devices while sending
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 29 Jun 2021 08:31:17 +0000 (10:31 +0200)]
initutils: use vfork() in lxc_container_init()
We can let the child finish calling exec before continuing in the
parent.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Tycho Andersen [Mon, 28 Jun 2021 14:38:48 +0000 (08:38 -0600)]
execute: don't exec init, call it
Instead of having a statically linked init that we put on the host fs
somewhere via packaging, have to either bind mount in or detect fexecve()
functionality, let's just call it as a library function. This way we don't
have to do any of that.
This also fixes up a bunch of conditions from:
if (quiet)
fprintf(stderr, "log message");
to
if (!quiet)
fprintf(stderr, "log message");
:)
and it drops all the code for fexecve() detection and bind mounting our
init in, since we no longer need any of that.
A couple other thoughts:
* I left the lxc-init binary in since we ship it, so someone could be using
it outside of the internal uses.
* There are lots of unused arguments to lxc-init (including presumably
--quiet, since nobody noticed the above); those may be part of the API
though and so we don't want to drop them.
Signed-off-by: Tycho Andersen <tycho@tycho.pizza>
Wolfgang Bumiller [Tue, 29 Jun 2021 06:54:43 +0000 (08:54 +0200)]
Merge pull request #3877 from tomasz-blaszczak-red/fix-crash-after-remove-from-array
remove_from_array() causes a crash
Tomasz Blaszczak [Wed, 23 Jun 2021 07:17:05 +0000 (09:17 +0200)]
When an item is added to an array, then the array is realloc()ed (to size+1),
and the item is copied (strdup()) to the array.
Thus, when an item is removed from an array, memory allocated for that item
should be freed, successive items should be left-shifted and the array
realloc()ed again (size-1).
Additional changes:
- If strdup() fails in add_to_array(), then an array should be
realloc()ed again to original size.
- Initialize an array in list_all_containers().
Signed-off-by: Tomasz Blaszczak <tomasz.blaszczak@consult.red>
Wolfgang Bumiller [Mon, 28 Jun 2021 10:32:11 +0000 (12:32 +0200)]
Merge pull request #3884 from brauner/2021-06-28.fixes
cgroups: verify that hierarchies are non-empty
Christian Brauner [Mon, 28 Jun 2021 07:44:20 +0000 (09:44 +0200)]
cgroups: verify that hierarchies are non-empty
Fixes: #3881
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 28 Jun 2021 07:39:50 +0000 (09:39 +0200)]
Merge pull request #3882 from stgraber/master
lxc-download: Switch GPG server
Stéphane Graber [Mon, 28 Jun 2021 03:42:52 +0000 (23:42 -0400)]
lxc-download: Switch GPG server
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Tomasz Blaszczak [Fri, 25 Jun 2021 10:04:49 +0000 (12:04 +0200)]
Resize array in remove_from_array() and fix a crash
When an item is added to an array, then the array is realloc()ed (to size+1),
and the item is copied (strdup()) to the array.
Thus, when an item is removed from an array, allocated memory pointed by
the item (not the item itself) should be freed, successive items should
be left-shifted and the array realloc()ed again (size-1).
Additional changes:
- Initialize an array in list_all_containers().
Signed-off-by: Tomasz Blaszczak <tomasz.blaszczak@consult.red>
Tomasz Blaszczak [Wed, 23 Jun 2021 07:17:05 +0000 (09:17 +0200)]
When an item is added to an array, then the array is realloc()ed (to size+1),
and the item is copied (strdup()) to the array.
Thus, when an item is removed from an array, memory allocated for that item
should be freed, successive items should be left-shifted and the array
realloc()ed again (size-1).
Additional changes:
- If strdup() fails in add_to_array(), then an array should be
realloc()ed again to original size.
- Initialize an array in list_all_containers().
Signed-off-by: Tomasz Blaszczak <tomasz.blaszczak@consult.red>
Stéphane Graber [Wed, 16 Jun 2021 12:42:55 +0000 (08:42 -0400)]
Merge pull request #3870 from brauner/2021-06-16.fixes
cgroups: use stable ordering for co-mounted v1 controllers
Christian Brauner [Wed, 16 Jun 2021 08:03:42 +0000 (10:03 +0200)]
cgroups: use stable ordering for co-mounted v1 controllers
Fixes: #3703
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Mon, 14 Jun 2021 17:41:50 +0000 (13:41 -0400)]
Merge pull request #3867 from brauner/2021-06-14.fixes
remove problematic terminology
Christian Brauner [Mon, 14 Jun 2021 15:26:24 +0000 (17:26 +0200)]
tree-wide: replace problematic terminology
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 14 Jun 2021 15:25:39 +0000 (17:25 +0200)]
tree-wide: replace problematic terminology
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 14 Jun 2021 15:21:44 +0000 (17:21 +0200)]
tree-wide: replace problematic terminology
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 14 Jun 2021 15:15:43 +0000 (17:15 +0200)]
tree-wide: remove problematic terminology
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 14 Jun 2021 15:14:26 +0000 (17:14 +0200)]
seccomp: replace problematic terminology
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 14 Jun 2021 15:13:00 +0000 (17:13 +0200)]
common.conf: replace problematic terminology
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 14 Jun 2021 11:29:20 +0000 (13:29 +0200)]
Merge pull request #3865 from brauner/2021-06-14.listen_fds
Add support for LISTEN_FDS environment variable.
Ruben Jenster [Wed, 2 Jun 2021 14:31:31 +0000 (16:31 +0200)]
Add support for LISTEN_FDS environment variable.
The LISTEN_FDS environment variable defines the number of
file descriptors that should be inherited by the container,
in addition to stdio.
The LISTEN_FDS environment variable is defined in the OCI spec
and used to support socket activation.
Refs #3845
Signed-off-by: Ruben Jenster <r.jenster@drachenfels.de>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 14 Jun 2021 09:34:14 +0000 (11:34 +0200)]
Merge pull request #3864 from lifeng68/master
string utils: Make sure don't return uninitialized memory.
LiFeng [Sat, 12 Jun 2021 06:52:46 +0000 (14:52 +0800)]
string utils: Make sure don't return uninitialized memory.
The function lxc_string_split_quoted and lxc_string_split_and_trim use
realloc to reduce the memory. But the result may be NULL, the the
returned memory will be uninitialized
Signed-off-by: LiFeng <lifeng68@huawei.com>
Stéphane Graber [Tue, 8 Jun 2021 14:46:00 +0000 (10:46 -0400)]
Merge pull request #3861 from brauner/2021-06-08.fixes.2
api_extensions: introduce idmapped_mounts_v2 api extension
Christian Brauner [Tue, 8 Jun 2021 13:59:13 +0000 (15:59 +0200)]
api_extensions: introduce idmapped_mounts_v2 api extension
This indicates that LXC supports idmapping the rootfs and
idmapped lxc.mount.entry entries.
Link: https://github.com/lxc/lxd/issues/8870
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Tue, 8 Jun 2021 13:21:35 +0000 (09:21 -0400)]
Merge pull request #3860 from brauner/2021-06-08.fixes
tools/lxc_autostart: fix failed count
Christian Brauner [Tue, 8 Jun 2021 12:59:12 +0000 (14:59 +0200)]
tools/lxc_autostart: fix failed count
Don't include skipped containers in the failed count.
Fixes: #3857
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Mon, 7 Jun 2021 14:31:32 +0000 (10:31 -0400)]
Merge pull request #3856 from brauner/2021-06-07.fixes
lsm/apparmor: actually report an error when we fail to wire AppArmor …
Christian Brauner [Mon, 7 Jun 2021 13:37:38 +0000 (15:37 +0200)]
lsm/apparmor: actually report an error when we fail to wire AppArmor profile
Link: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1931064
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Thu, 3 Jun 2021 15:21:35 +0000 (11:21 -0400)]
Merge pull request #3854 from brauner/2021-06-03.fixes
lxc: add lpthread to lxc.pc
Christian Brauner [Thu, 3 Jun 2021 13:37:11 +0000 (15:37 +0200)]
lxc: add lpthread to lxc.pc
Fixes: #3853
Suggested-by: Tycho Andersen <tycho@tycho.pizza>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Fri, 28 May 2021 20:28:57 +0000 (16:28 -0400)]
Merge pull request #3852 from pablofsf/lxc-net-nftables
Update lxc-net to support nftables
Pablo Correa Gómez [Thu, 27 May 2021 13:43:31 +0000 (15:43 +0200)]
Update lxc-net to support nftables
Closes #3093
Closes #3602
Add support for nftables firewall rules if `nft` command line
interface is available in the system
Signed-off-by: Pablo Correa Gómez <ablocorrea@hotmail.com>
Stéphane Graber [Tue, 25 May 2021 13:56:43 +0000 (09:56 -0400)]
Merge pull request #3851 from brauner/2021-05-25.fixes
fixes
Christian Brauner [Tue, 25 May 2021 12:24:01 +0000 (14:24 +0200)]
network: please broken compilers
Some users report that compilation fails because of reports that this
variable can be used uninitialized. Initialize it to silence the
compiler.
Fixes: https://github.com/lxc/lxc/issues/3850
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 25 May 2021 07:01:34 +0000 (09:01 +0200)]
Merge pull request #3849 from stgraber/master
README: Update IRC
Stéphane Graber [Mon, 24 May 2021 04:18:01 +0000 (00:18 -0400)]
README: Update IRC
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Stéphane Graber [Fri, 21 May 2021 16:25:56 +0000 (12:25 -0400)]
Merge pull request #3848 from brauner/2021-05-21.fixes
start: rework fd synchronization
Christian Brauner [Fri, 21 May 2021 10:14:47 +0000 (12:14 +0200)]
start: simplify startup synchronization
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 21 May 2021 09:18:21 +0000 (11:18 +0200)]
start: reorder START_SYNC_POST_CONFIGURE
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 21 May 2021 09:07:33 +0000 (11:07 +0200)]
start: use barrier instead of wake/wait pair
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 21 May 2021 08:30:38 +0000 (10:30 +0200)]
conf: use explicit signage in bit field
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 21 May 2021 08:12:29 +0000 (10:12 +0200)]
conf: move file descriptor synchronization with parent into single function
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 21 May 2021 08:06:27 +0000 (10:06 +0200)]
conf: move file descriptor synchronization with child into single function
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 21 May 2021 15:24:38 +0000 (17:24 +0200)]
cgroups: rework check whether legacy hierarchy is writable
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Wed, 19 May 2021 18:09:14 +0000 (14:09 -0400)]
Merge pull request #3846 from brauner/2021-05-19.fixes
conf: fix mount option parsing
Christian Brauner [Wed, 19 May 2021 15:38:20 +0000 (17:38 +0200)]
conf: fix mount option parsing
Fixes: Coverity 1484906
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Wed, 19 May 2021 13:55:26 +0000 (09:55 -0400)]
Merge pull request #3843 from brauner/2021-05-17.idmapped.lxc.mount.entry
conf: support idmapped lxc.mount.entry entries
Christian Brauner [Tue, 18 May 2021 18:23:17 +0000 (20:23 +0200)]
confile: free mount data
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 19 May 2021 09:12:04 +0000 (11:12 +0200)]
conf: add sequence when setting up idmapped mounts
Make sure we catch any weird behavior.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 17 May 2021 09:41:38 +0000 (11:41 +0200)]
conf: support idmapped lxc.mount.entry entries
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 18 May 2021 19:37:14 +0000 (21:37 +0200)]
Merge pull request #3844 from CecilHarvey/master
Skip rootfs pinning for read-only file system.
Wei Mingzhi [Tue, 18 May 2021 12:37:52 +0000 (20:37 +0800)]
Skip rootfs pinning for read-only file system.
Signed-off-by: Wei Mingzhi <weimingzhi@baidu.com>
Christian Brauner [Mon, 17 May 2021 10:42:50 +0000 (12:42 +0200)]
conf: rename struct mount_opt flag member s/flag/legacy_flag/
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 17 May 2021 10:35:37 +0000 (12:35 +0200)]
tree-wide: s/parse_mntopts/parse_mntopts_legacy/
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Fri, 14 May 2021 17:49:18 +0000 (13:49 -0400)]
Merge pull request #3842 from brauner/2021-05-14.fixes
start: move idmapped mount setup later
Christian Brauner [Fri, 14 May 2021 17:00:14 +0000 (19:00 +0200)]
start: move idmapped mount setup later
At the prior location we we're placed between sending and receiving
networking information over the data socket causing the startup to fail.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Wed, 12 May 2021 13:03:33 +0000 (09:03 -0400)]
Merge pull request #3840 from brauner/2021-05-12.fixes.rootfs
conf: fix containers without rootfs
Christian Brauner [Wed, 12 May 2021 07:34:26 +0000 (09:34 +0200)]
conf: tweak rootfs handling
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 12 May 2021 08:19:25 +0000 (10:19 +0200)]
conf: don't unmount procfs and sysfs
Fixes: #3838
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 12 May 2021 07:18:53 +0000 (09:18 +0200)]
conf: allow xdev when setting up /dev
Fixes: #3838
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Tue, 11 May 2021 12:51:27 +0000 (08:51 -0400)]
Merge pull request #3837 from brauner/2021-05-10.fixes.cgroup
cgroups: clean up cgroup_ops on initialization error
Christian Brauner [Tue, 11 May 2021 07:05:03 +0000 (09:05 +0200)]
cgroups: clean up cgroup_ops on initialization error
Fixes: #3836
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Mon, 10 May 2021 16:12:56 +0000 (12:12 -0400)]
Merge pull request #3826 from brauner/2021-05-04.fuzz.cgroup
oss-fuzz: add basic cgroup_init()/cgroup_exit() fuzzing
Stéphane Graber [Mon, 10 May 2021 15:25:51 +0000 (11:25 -0400)]
Merge pull request #3834 from brauner/2021-05-10.fixes
tests: fix lxc-test-arch-parse for make dist
Christian Brauner [Mon, 10 May 2021 15:05:04 +0000 (17:05 +0200)]
tests: fix lxc-test-arch-parse for make dist
Fixes: https://jenkins.linuxcontainers.org/job/lxc-build-tarballs/2762/console
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Sun, 9 May 2021 17:03:17 +0000 (13:03 -0400)]
Merge pull request #3833 from brauner/2021-05-09.fixes
confile: re-add aarch64 architecture
Christian Brauner [Sun, 9 May 2021 14:11:12 +0000 (16:11 +0200)]
tests: add tests for supported architectures
Ensure that we detect all supported architectures and don't regress
recognizing them.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 9 May 2021 13:44:59 +0000 (15:44 +0200)]
confile: re-add aarch64 architecture
Apparenty we dropped this when we cleaned up architecture handling.
Fixes: #3832
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 9 May 2021 12:28:23 +0000 (14:28 +0200)]
Merge pull request #3831 from sjuxax/zfs-fix
Skip rootfs pinning for ZFS roots.
Jeff Cook [Sun, 9 May 2021 11:29:05 +0000 (05:29 -0600)]
Reflow ZFS check to follow the style of the overlayfs return.
Per https://github.com/lxc/lxc/pull/3831#discussion_r628865713
Signed-off-by: Jeff Cook <jeff@jeffcook.io>