- 21 Aug, 2020 1 commit
-
-
graysky authored
Signed-off-by:graysky <graysky@archlinux.us>
-
- 17 Aug, 2020 1 commit
-
-
Stéphane Graber authored
Updated documentation to reflect lack of support for pure cgroupv2
-
- 15 Aug, 2020 1 commit
-
-
Arjun Ramachandrula authored
Signed-off-by:Arjun Ramachandrula <arjun.ramachandrula@gmail.com>
-
- 12 Aug, 2020 2 commits
-
-
Stéphane Graber authored
lsm: remove the need for atomic operations
-
Christian Brauner authored
Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
- 11 Aug, 2020 3 commits
-
-
Stéphane Graber authored
lsm: rewrite
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by:
-
- 10 Aug, 2020 4 commits
-
-
Stéphane Graber authored
conf: terminal and /dev hardening
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Stéphane Graber authored
openat2() and safe mounting
-
- 09 Aug, 2020 9 commits
-
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
This way we only need to open it _once_ per container startup. Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by:
-
- 07 Aug, 2020 3 commits
-
-
Christian Brauner authored
lxc-download fixes
-
Stéphane Graber authored
Closes #3511 Signed-off-by:Stéphane Graber <stgraber@ubuntu.com>
-
Stéphane Graber authored
This reverts commit 409040e7. Testing of both options show identical behavior but receive-keys does not exist on older releases, so let's revert this. Closes #3510 Signed-off-by:
-
- 06 Aug, 2020 7 commits
-
-
Stéphane Graber authored
api-extension: add missing seccomp_proxy_send_notify_fd extension
-
Christian Brauner authored
Signed-off-by: -
Stéphane Graber authored
seccomp: add seccomp_notify_fd_active api extension
-
Christian Brauner authored
Since we haven't made this official api yet: YOLO Signed-off-by: -
Christian Brauner authored
which allows to retrieve an active seccomp notifier fd from a running container. Signed-off-by: -
Stéphane Graber authored
seccomp: don't close the mainloop, simply remove the handler
-
Christian Brauner authored
Signed-off-by:
-
- 05 Aug, 2020 5 commits
-
-
Stéphane Graber authored
macro: define TIOCGPTPEER if missing
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Stéphane Graber authored
terminal: safely allocate pts devices from inside the container
-
Christian Brauner authored
This was a year long journey which seems to finally have come to an end. Closes: #1620. Signed-off-by:
-
- 04 Aug, 2020 1 commit
-
-
Stéphane Graber authored
conf: ensure that the idmap pointer itself is freed
-
- 03 Aug, 2020 1 commit
-
-
Christian Brauner authored
Signed-off-by:
-
- 28 Jul, 2020 2 commits
-
-
Christian Brauner authored
syscall: don't fail if __NR_signalfd is not defined
-
Fabrice Fontaine authored
lxc fails to build if __NR_signalfd is not defined since version 4.0.0 and https://github.com/lxc/lxc/commit/bed09c9cc0bec7bbd2442fcce4a2a0f03994cb09 However, some architectures don't define __NR_signalfd but only __NR_signalfd4. This is the case for example for nios2 or csky: https://github.com/bminor/glibc/blob/f9ac84f92f151e07586c55e14ed628d493a5929d/sysdeps/unix/sysv/linux/nios2/arch-syscall.h https://github.com/bminor/glibc/blob/f9ac84f92f151e07586c55e14ed628d493a5929d/sysdeps/unix/sysv/linux/csky/arch-syscall.h Fixes: - http://autobuild.buildroot.org/results/75096a48d2dbda57459523db3ed0952e63f93535Signed-off-by:
Fabrice Fontaine <fontaine.fabrice@gmail.com>
-
