Commits · 00a476d2668ed13df0b28d3d80a50a37fd874a09 · Chen Yisong / lxc

18 Jul, 2020 12 commits

cgroup2_devices: fix access rule parsing · 00a476d2
Christian Brauner authored Jul 03, 2020
```
Closes: #3473.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
00a476d2
cgroups: use empty {} to initialize struct · f3783d06
Christian Brauner authored Jul 03, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
f3783d06
seccomp: support allowlist/denylist in profiles · 4bc51378
Christian Brauner authored Jul 03, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
4bc51378
cgroups: update terminology II · 59410099
Christian Brauner authored Jul 03, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
59410099
cgroups: update terminology · c27f081b
Christian Brauner authored Jul 03, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
c27f081b
templates/lxc-download.in: use GPG option --receive-keys instead of --recv-keys · 04f72d91
Johannes Kastl authored Jun 30, 2020
```
Signed-off-by: Johannes Kastl <kastl@b1-systems.de>
```
04f72d91
templates/lxc-download.in: make shellcheck happy · 0404298b
Johannes Kastl authored Jun 30, 2020
```
Signed-off-by: Johannes Kastl <kastl@b1-systems.de>
```
0404298b

templates/lxc-download.in: fix wrong if condition (use the result of the gpg… · 2e8b5275

authored Jun 30, 2020

templates/lxc-download.in: fix wrong if condition (use the result of the gpg command, not the result when executing the result of the gpg command)
Signed-off-by: Johannes Kastl <kastl@b1-systems.de>

2e8b5275

attach: set no_new_privs flag after LSM label · 3e0175ef

authored Jun 30, 2020

In `start.c:1284`, no_new_privs flag is set after LSM label is set.
Also, in `lxc.container.conf` documentation it is written that:
```
Note that PR_SET_NO_NEW_PRIVS is applied after the container has
changed into its intended AppArmor profile or SElinux context.
```
This commit fixes the behavior of `lxc_attach` by moving
`PR_SET_NO_NEW_PRIVS` set logic after LSM for the process is configured;

Closes #3393
Signed-off-by: Alexander Livenets <a.livenets@gmail.com>

3e0175ef

start: use __aligned_u64 · 8eb14fa0

authored Jun 29, 2020

Closes: Coverity 1465044.
Closes: Coverity 1465046.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

8eb14fa0

start: initialize cgroup_fd · 0e609c17

authored Jun 29, 2020

Fixes: Coverity 1465045.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

0e609c17

lxc: support CLONE_INTO_CGROUP · 65b53096
Christian Brauner authored Jun 29, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
65b53096

03 Jul, 2020 1 commit
- get the right path in get_cgroup command · 3a7f78f9
  Wolfgang Bumiller authored Apr 05, 2020
```
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
```
  3a7f78f9
28 Jun, 2020 1 commit
- Release LXC 4.0.3 · 6dc1208d
  Stéphane Graber authored Jun 28, 2020
```
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
```
  6dc1208d
25 Jun, 2020 3 commits

commands: don't flood logs · 53838b01

authored Jun 25, 2020

We're ignoring commands that we don't know about. They used to be fatal. Not
anymore.

Closes: #3459.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

53838b01

lxc-net: Set broadcast · e72336a5
Stéphane Graber authored Jun 23, 2020
```
Closes #3457
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
```
e72336a5

lxccontainer: fix non-blocking container stop · a94c4a6d

authored Jun 23, 2020

Stopping a lxc container with without waiting on it was broken in master. This
patch fixes it.
Signed-off-by: Robert Vogelgesang <vogel@folz.de>

a94c4a6d

20 Jun, 2020 5 commits

test: update terminology · 04e0ad4e
Christian Brauner authored Jun 19, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
04e0ad4e
doc: update terminology · 0332ef2c
Christian Brauner authored Jun 19, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
0332ef2c
CODING_STYLE: adapt code example · b15eb500
Christian Brauner authored Jun 19, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
b15eb500
openpty: adapt variable naming · 1478a2fc
Christian Brauner authored Jun 19, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
1478a2fc

network: Rename primary to master · 51eccacb

authored Jun 18, 2020

The previous change made things confusing by impliying there may be a
secondary when VLAN/IPVLAN/bridge members can only have a single parent
device.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

51eccacb

18 Jun, 2020 3 commits
- tree-wide: use "primary" in networking code · 8254704d
  Christian Brauner authored Jun 18, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  8254704d
- tree-wide: wipe references to questionable apis from our public logs · 2e5e77c5
  Christian Brauner authored Jun 18, 2020
```
We can't do anything about the established kernel API but we can at least not
propagate the terminology.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  2e5e77c5
- tree-wide: use "ptmx" and "pts" as terminal terms · 148e709e
  Christian Brauner authored Jun 17, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  148e709e
15 Jun, 2020 11 commits
- containertests: fix null pointer defereference · e84f3ab7
  Gaurav Singh authored Jun 13, 2020
```
Signed-off-by: Gaurav Singh <gaurav1086@gmail.com>
```
  e84f3ab7
- lxccontainer: remove pointless string duplication · 2989eb15
  Christian Brauner authored Jun 11, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  2989eb15
- conf: kill old chown_mapped_root() · a993d4f1
  Christian Brauner authored Jun 10, 2020
```
It's now a wrapper around userns_exec_mapped_root() which allows us to avoid
fork() + exec() lxc-usernsexec makes things way nicer to test with ASAN etc.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  a993d4f1
- conf: add some more logging to userns_exec_mapped_root() · dd6ed3b0
  Christian Brauner authored Jun 11, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  dd6ed3b0
- conf: always use target_fd in userns_exec_mapped_root() · d3d1c6e1
  Christian Brauner authored Jun 11, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  d3d1c6e1
- conf: remove faulty flags · 18adfa20
  Christian Brauner authored Jun 11, 2020
```
If we set O_RDWR we won't be able to open directories and if we set O_PATH we
won't be able to chown.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  18adfa20
- cgroups: initialize lxc.pivot cpuset · 1bb08049
  Christian Brauner authored Jun 10, 2020
```
Closes: #3443.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  1bb08049
- network: Removes unused ip_proxy_args · 5d2ce0b6
  Thomas Parrott authored Jun 09, 2020
```
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
```
  5d2ce0b6
- network: Updates netlink_open handling in lxc_ipvlan_create · ebd26a19
  Thomas Parrott authored Jun 09, 2020
```
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
```
  ebd26a19
- network: Adds check for bridge link interface existence in instantiate_veth · f36a519a
  Thomas Parrott authored Jun 03, 2020
```
To avoid misleading errors about openvswitch when non-existent bridge link interface specified.
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
```
  f36a519a
- macro: Adds UINT_TO_PTR and PTR_TO_USHORT helpers · b4c9fc14
  Thomas Parrott authored Jun 08, 2020
```
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
```
  b4c9fc14
04 Jun, 2020 2 commits

.gitignore: Ignores COPYING file created by make · 9d81b99a
Thomas Parrott authored Jun 03, 2020
```
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
```
9d81b99a

lxc-test-usernsexec: If user is root, then create and use non-root user. · e0344cfa

authored Jun 01, 2020

Previously if the user was root, then the test would just skip
running (and exit 0).  The lxc test environment is run as root.
So, instead of never doing anything there, we create a user,
make sure it is in /etc/sub{ug}id and then execute the test as that
user.

If user is already non-root, then just execute the tests as before.
Signed-off-by: Scott Moser <smoser@brickies.net>

e0344cfa

02 Jun, 2020 1 commit

Add test of lxc-usernsexec · bfbd606e

authored May 29, 2020

The test executes lxc-usernsexec to create some files and chmod them.
Then makes assertions on the uid and gid of those files from outside.
Signed-off-by: Scott Moser <smoser@brickies.net>

bfbd606e

28 May, 2020 1 commit

api_extensions: add "pidfd" · c5acbe98

authored May 25, 2020

Somehow it's documented but wasn't ever added.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

c5acbe98