- 17 Feb, 2018 4 commits
-
-
Christian Brauner authored
Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
They shouldn't be needed anymore. Signed-off-by:
-
- 12 Feb, 2018 14 commits
-
-
Yifeng Tan authored
Closes #810. Signed-off-by:
Yifeng Tan <tanyifeng1@huawei.com> Signed-off-by:
-
LiFeng authored
The variable 'descr' is mistakenly covered with 'descr_console'. Signed-off-by:LiFeng <lifeng68@huawei.com>
-
LiFeng authored
add: src/lxc/cmd/lxc-checkconfig src/lxc/cmd/lxc-update-config Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Tycho Andersen authored
In both of these cases if there is actually an error, we won't close the pipe and the api call will hang. Instead, let's be sure to close the pipe before waiting, so that it doesn't hang. Signed-off-by:Tycho Andersen <tycho@tycho.ws>
-
Christian Brauner authored
Dereference after null check Signed-off-by: -
Christian Brauner authored
Argument cannot be negative Signed-off-by: -
Christian Brauner authored
Resource leak Signed-off-by: -
Serge Hallyn authored
The only cases where we really need to be privileged with respect to the host is when we are trying to mknod, and in some cases to do with a physical network device. This patch leaves the detection of the network device cases as a TODO. This should fix the currently broken case of starting a privileged container with at least one veth nic, nested inside an unprivileged container. Cc: Tycho Andersen <tycho@tycho.ws> Signed-off-by:Serge Hallyn <shallyn@cisco.com>
-
Serge Hallyn authored
Sometimes we want to know whether we are privileged wrt our namespaces, and sometimes we want to know whether we are priv wrt init_user_ns. Signed-off-by: -
Marcos Paulo de Souza authored
Signed-off-by:Marcos Paulo de Souza <marcos.souza.org@gmail.com>
-
Marcos Paulo de Souza authored
Signed-off-by:
-
Marcos Paulo de Souza authored
Closes #870. Signed-off-by:
-
- 07 Feb, 2018 12 commits
-
-
Christian Brauner authored
Issues fixed: - lxc-centos died about a missing /run directory - lxc-centos complained about some config files it couldn't modify - the new container got stuck at startup time for a minute (literally), waiting for systemd-remount-fs startup script Of course it still works for RHEL 6, CentOS 6 and 7 as well. I did not verify earlier CentOS or RHEL releases. Signed-off-by:
Harald Dunkel <harald.dunkel@aixigo.de> Signed-off-by:
-
Christian Brauner authored
Signed-off-by: -
LiFeng authored
Perform MS_REMOUNT on mounts with MS_RDONLY. Signed-off-by:
-
Christian Brauner authored
Signed-off-by: -
l00415420 authored
Set the same environment variables that were used when starting the container when attaching to the container. Signed-off-by:
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by:
-
- 06 Feb, 2018 10 commits
-
-
Tycho Andersen authored
see comment for details. Signed-off-by: -
Tycho Andersen authored
For the ->execute() case, we want to make sure the application dies when SIGHUP is received. The next patch will ignore SIGHUP in the lxc monitor, because tasks inside the container send SIGHUP to init to have it reload its config sometimes, and we don't want to do that with init.lxc, since it might actually kill the container if it forwards SIGHUP to the child and the child can't handle it. Signed-off-by: -
Tycho Andersen authored
d76e3e1a inadvertently switched the alarm timeout from sigterm to sigkill. We really want sigkill here, so let's bring it back. Signed-off-by:
-
Stéphane Graber authored
Signed-off-by:Stéphane Graber <stgraber@ubuntu.com>
-
Christian Brauner authored
Since we stopped linking against AppArmor we can now remove the conditional compilation. Signed-off-by: -
Christian Brauner authored
This lets users use the tools with "lxc-* -n <container-name>" or "lxc-* <container-name>". Signed-off-by: -
Stéphane Graber authored
The package has pretty much always been iproute2 with iproute being an alias for it, the alias is now gone so we need to use iproute2. Signed-off-by: -
Tycho Andersen authored
In particular, if we are already in a user namespace we are unprivileged, and doing things like moving the physical nics back to the host netns won't work. Let's do the same thing LXD does if euid == 0: inspect /proc/self/uid_map and see what that says. Signed-off-by: -
Tycho Andersen authored
Consider the case where we're running in a user namespace but in the host's mount ns with the host's filesystem (something like lxc-usernsexec ... lxc-execute ...), in this case, we'll be euid 0, but we can't actually write to /run. Let's improve this locking check to make sure we can actually write to /run before we decide to actually use it as our locking dir. Signed-off-by: -
duguhaotian authored
lxc_cgroup_set_data: h = get_hierarchy(controller); if h is NULL, now errno is old, it donot set new one. And then, cgfsng_setup_limits: if (lxc_cgroup_set_data(cg->subsystem, cg->value, d)) { if (do_devices && (errno == EACCES || errno == EPERM)) { WARN("Error setting %s to %s for %s", cg->subsystem, cg->value, d->name); continue; } SYSERROR("Error setting %s to %s for %s", cg->subsystem, cg->value, d->name); goto out; } SYSERROR will show old errno, make me confused. Signed-off-by:duguhaotian <duguhaotian@gmail.com>
-
