Commits · 0f6e4b4b4a667858bf09f9ae66ba3cdbe81f79e1 · Chen Yisong / lxc

10 Apr, 2017 2 commits
- remove obsolete note about api stability · 0f6e4b4b
  Jakob Gillich authored Apr 08, 2017
```
Signed-off-by: Jakob Gillich <jakob@gillich.me>
```
  0f6e4b4b
- avoid assigning to a variable which is not POSIX shell proof (bug #1498) · bc86797e
  Vincent Catros authored Apr 07, 2017
```
Signed-off-by: Vincent Catros <vincent.catros@laposte.net>
```
  bc86797e
04 Apr, 2017 6 commits

Increased buffer length in print_stats() · f4f749a4

authored Mar 30, 2017

Some "/sys" entries exceeds buffer size.
This results to some statistics loss ('BlkIO' in particular):

 wc -c /sys/fs/cgroup/blkio/lxc/alt/blkio.throttle.io_service_bytes
 318 /sys/fs/cgroup/blkio/lxc/alt/blkio.throttle.io_service_bytes
Signed-off-by: Denis Pynkin <dans@altlinux.org>

f4f749a4

Avoid waiting for bridge interface if disabled in sysconfig/lxc | lxc-net via USE_LXC_BRIDGE · a9b74be6
Torsten Fohrer authored Mar 30, 2017
```
Signed-off-by: Torsten Fohrer <tfohrer@googlemail.com>
```
a9b74be6
Makefile: fix static clang init.lxc build · aa6e38fa
Christian Brauner authored Mar 23, 2017
```
Signed-off-by: Serge Hallyn <serge@hallyn.com>
```
aa6e38fa

Keep veth.pair.name on network shutdown · 2ad08536

authored Mar 23, 2017

In case of a container that is rebooting, freeing veth.pair.name here results in losing given veth.pair name
(Only if given lxc_netdev is reused).
Signed-off-by: Torsten Fohrer <tfohrer@googlemail.com>

2ad08536

tools: exit with return code of lxc_execute() · 13758567
Christian Brauner authored Feb 15, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
13758567
Merge pull request #1488 from evgeni/stable-2.0-no-passwords · d98e80e2
Stéphane Graber authored Apr 03, 2017
```
[stable-2.0] default password cleanup
```
d98e80e2

25 Mar, 2017 3 commits
- don't set a default password for altlinux, gentoo, openmandriva and pld · 8c7dddc2
  Evgeni Golov authored Mar 19, 2017
```
Refs: #1158
Signed-off-by: Evgeni Golov <evgeni@debian.org>
```
  8c7dddc2
- do not set insecure passwords · ff7a7fdc
  Evgeni Golov authored Dec 15, 2016
```
Signed-off-by: Evgeni Golov <evgeni@debian.org>
```
  ff7a7fdc
- do not set the root password in the debian template · ebb0cc53
  Evgeni Golov authored Apr 13, 2016
```
closes #302
Signed-off-by: Evgeni Golov <evgeni@debian.org>
```
  ebb0cc53
22 Mar, 2017 4 commits

Fix opening wrong file in suggest_default_idmap · 20f3261a

authored Mar 22, 2017

Fixing the typo making `suggest_default_idmap` open `subuidfile`
instead of `subgidfile` to read subgid information.
Signed-off-by: Pochang Chen <johnchen902@gmail.com>

20f3261a

tests: Kill containers (don't wait for shutdown) · 8bb16503

authored Mar 21, 2017

We waste a lot of time waiting for Ubuntu containers to cleanly stop
right before we destroy them anyway.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

8bb16503

tests: Support running on IPv6 networks · 45997a79
Stéphane Graber authored Mar 21, 2017
```
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
```
45997a79
tree-wide: include <sys/sysmacros.h> directly · cef0cc99
Christian Brauner authored Mar 21, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
cef0cc99

20 Mar, 2017 25 commits

conf/ile: make sure buffer is large enough · 1b060788

authored Feb 02, 2017

conf.c: In function 'lxc_assign_network':
conf.c:3096:25: error: '%lu' directive output may be truncated writing between 1 and 20 bytes into a region of size 19 [-Werror=format-truncation=]
   snprintf(pidstr, 19, "%lu", (unsigned long) pid);
                         ^~~
conf.c:3096:24: note: using the range [1, 18446744073709551615] for directive argument
   snprintf(pidstr, 19, "%lu", (unsigned long) pid);
                        ^~~~~
In file included from /usr/include/stdio.h:938:0,
                 from conf.c:35:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:64:10: note: format output between 2 and 21 bytes into a destination of size 19
   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        __bos (__s), __fmt, __va_arg_pack ());
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
confile.c: In function 'network_new_hwaddrs':
confile.c:2889:38: error: '%02x' directive output may be truncated writing between 2 and 8 bytes into a region of size 6 [-Werror=format-truncation=]
  snprintf(hwaddr, 18, "00:16:3e:%02x:%02x:%02x",
                                      ^~~~
confile.c:2889:23: note: using the range [0, 4294967295] for directive argument
  snprintf(hwaddr, 18, "00:16:3e:%02x:%02x:%02x",
                       ^~~~~~~~~~~~~~~~~~~~~~~~~
confile.c:2889:23: note: using the range [0, 4294967295] for directive argument
In file included from /usr/include/stdio.h:938:0,
                 from confile.c:24:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:64:10: note: format output between 18 and 36 bytes into a destination of size 18
   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        __bos (__s), __fmt, __va_arg_pack ());
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Not sure whether the latter is really a problem. We might need an additional
fix later on.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

1b060788

tree-wide: include <sys/sysmacros.h> directly · 1750a260
Christian Brauner authored Mar 20, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
1750a260
Change variable check to match existing style · e1adf44e
Tai Kedzierski authored Mar 19, 2017
```
Signed-off-by: Tai Kedzierski <dch.tai@gmail.com>
```
e1adf44e
lxc-download.in / Document keyserver change in help · bff08b8d
Tai Kedzierski authored Mar 19, 2017
```
Signed-off-by: Tai Kedzierski <dch.tai@gmail.com>
```
bff08b8d

lxc-download.in / allow setting keyserver from env · c586a4dc

authored Mar 19, 2017

Checks if DOWNLOAD_KEYSERVER has already been set in the environment before setting a value
Signed-off-by: Tai Kedzierski <dch.tai@gmail.com>

c586a4dc

python3: Deal with potential NULL char* · 6db96171
Stéphane Graber authored Mar 17, 2017
```
Closes #1466
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
```
6db96171
[templates] archlinux: noneed default_timezone variable · 3bd24f75
otofune authored Mar 15, 2017
```
Signed-off-by: otofune <otofune@gmail.com>
```
3bd24f75

[templates] archlinux: resolve conflicting files · f8bed24c

authored Mar 15, 2017

- already found /etc/localtime
- duplicate creation /etc/resolv.conf
Signed-off-by: otofune <otofune@gmail.com>

f8bed24c

lxc-checkconfig: verify new[ug]idmap are setuid-root · c3d52854
Serge Hallyn authored Mar 14, 2017
```
Signed-off-by: Serge Hallyn <serge@hallyn.com>
```
c3d52854

lxc-alpine: use dl-cdn.a.o as default mirror instead of random one · 3088ce24

authored Mar 14, 2017

Some mirrors from the mirrors list are not very reliable and it seems
that no one really wants to use some random mirror as the default
option.
Signed-off-by: Jakub Jirutka <jakub@jirutka.cz>

3088ce24

Fix mixed tab/spaces in previous patch · 0391995a
Stéphane Graber authored Mar 14, 2017
```
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
```
0391995a
Fix lxc-containers to support multiple bridges · 215fff92
Harald Dunkel authored Mar 14, 2017
```
Signed-off-by: Harald Dunkel <harald.dunkel@aixigo.de>
```
215fff92
conf: only try to delete veth when privileged · e0e26721
Christian Brauner authored Mar 11, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
e0e26721
lxc-user-nic: delete link on failure · 2bde6a96
Christian Brauner authored Mar 11, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
2bde6a96
lxc-user-nic: improve + bugfix · f6c0d0b3
Christian Brauner authored Jan 29, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
f6c0d0b3
lxc-user-nic: re-order #includes · 4350bfc4
Christian Brauner authored Jan 29, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
4350bfc4

seccomp: set SCMP_FLTATR_ATL_TSKIP if available · 92acbf2f

authored Mar 06, 2017

Newer libseccomp has a flag called SCMP_FLTATR_ATL_TSKIP which
allows syscall '-1' (nop) to be executed.  Without that flag,
debuggers cannot skip system calls inside containers.  For reference,
see the seccomp(2) manpage, which says:

	The tracer can skip the system call by changing the system call  number  to  -1.

and see the seccomp issue #80
Signed-off-by: Serge Hallyn <serge@hallyn.com>

92acbf2f

cgfsng: make trim() safer · f35896ae
Christian Brauner authored Mar 03, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
f35896ae

log: fix lxc_unix_epoch_to_utc() · c70748d1

authored Feb 27, 2017

The conversion algorithm used uses a clever trick by letting a year start at 1
March. So we need to add 1 for January and February.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

c70748d1

start: dumb down SIGCHLD from WARN() to NOTICE() · 6e2bf212
Christian Brauner authored Feb 26, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
6e2bf212
squeeze is not a supported release anymore, drop the key · e839039c
Evgeni Golov authored Feb 23, 2017
```
Signed-off-by: Evgeni Golov <evgeni@debian.org>
```
e839039c

Use LXC_ROOTFS_MOUNT in clonehostname hook · a2a3d25c

authored Feb 22, 2017

Previously this hook did not work when cloning containers using an overlayfs snapshot as the LXC_ROOTFS_PATH didn't point to the actual filesystem that the container would see. LXC_ROOTFS_MOUNT should be used instead and in fact lxc.container.conf man page says that you usually would want to use the _MOUNT variant.
Signed-off-by: Matt Keeler <mjkeeler7@gmail.com>

a2a3d25c

Added 'mkdir -p' functionality in create_or_remove_cgroup · 89b4d6ff

authored Feb 15, 2017

This allows us to run LXC containers from within docker
Signed-off-by: McCabe, Robert J <Robert.McCabe@rockwellcollins.com>

89b4d6ff

c/r: only supply --ext-mount-map for bind mounts · 00ed6a7f

authored Feb 15, 2017

The rest of the mounts can be restored normally.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>

00ed6a7f

Add HAVE_LIBCAP · 76877071

authored Feb 11, 2017

Currently it is impossible to build lxc with --disable-capabilities if
the user has libcap-dev installed on his system as:
 - calls to cap_xxx functions are not protected by HAVE_LIBCAP defines.
 The whole file is only protected by HAVE_SYS_CAPABILITY_H.
 - AC_CHECK_LIB default action-if-found is overriden by [true] so
 HAVE_LIBCAP is never written to config.h

This patch replaces all HAVE_SYS_CAPABILITY_H checks by HAVE_LIBCAP
checks (fix #1361)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

76877071