- 27 Feb, 2014 2 commits
-
-
Dwight Engen authored
When booting an OL7 container on OL6, systemd in the OL7 container mounted some extra cgroup controllers, which are then present in /proc/self/cgroups of every task on the host. This is the list used by attach to determine which cgroups to move the attached task into, but when it asks the container over the command interface for the path to the subsystem this will fail since the controller didn't exist when the container was first started. Instead of failing, this change allows the attach to continue, warning that those cgroups that could not be found won't be attached to. The problem can be more simply reproduced by starting a busybox container, mounting a cgroup that was not previously mounted, and then attempting to attach to to the busybox container. The problem will likely not manifest with cgmanager since it only requests the path for the first controller, which is likely to always be mounted. Signed-off-by:
Dwight Engen <dwight.engen@oracle.com> Acked-by:
Serge E. Hallyn <serge.hallyn@ubuntu.com>
-
Stéphane Graber authored
This adds yet another case in the in_userns function detecting the case where an unprivileged container is created by the real uid 0, in which case we want to share the system wide cache but still use the unprivileged templates and unpack method. Signed-off-by:
Stéphane Graber <stgraber@ubuntu.com> Acked-by:
-
- 26 Feb, 2014 1 commit
-
-
Stéphane Graber authored
Without this change, a request to *.LXC_DOMAIN that doesn't get a local result from dnsmasq will be forwarded to its upstream server with the potential of a loop. Thanks to Ed for the patch on Launchpad (LP: #1246094). Reported-by: Ed Swierk Signed-off-by:
-
- 25 Feb, 2014 8 commits
-
-
Stéphane Graber authored
Signed-off-by:
-
Stéphane Graber authored
With this change it's now possible to add wlan devices to the container. This will track down the right phy device, move it to the right namespace (we don't care about its name), then if the user asked for a new device name for the actual interface, we attach to the container and rename the interface in there using attach. I have tested this to work with both Intel and Atheros NICs. This patch is based on the one provided to lxc-devel by Gregor Beck and has then been updated to do the device renaming as well as minor code style changes. Thanks! Reported-by:
Gregor Beck <gbeck@sernet.de> Signed-off-by:
-
Stéphane Graber authored
Signed-off-by: -
Serge Hallyn authored
(this expands on Dwight's recent patch, commit c597baa8) After unshare(CLONE_NEWNS) and before doing any mounting, always check whether rootfs is shared. Otherwise template runs or clone scripts can bleed mount activity to the host. Signed-off-by:
-
Serge Hallyn authored
Note that if a task other than init violates the seccomp policy, we cannot catch that. Init will catch it and (if it feels like it) log it. Signed-off-by:
-
Stéphane Graber authored
The tmpfs was mounted with its default mode (1777) which was then picked up by overlayfs/aufs as the target's mode. This led to a world writable / in ephemeral containers. I have confirmed that this issue doesn't impact lxc-clone. Signed-off-by:
-
Serge Hallyn authored
It used to be supported with the lxc-create.in script, and the manpage says it's supported... So let's just support it. Now sudo lxc-create -t download --dir /opt/ab -n ab works, creating the container rootfs under /opt/ab. This generally isn't something I'd recommend, however telling users to use a different lxc-path isn't as friendly as I'd like, because each lxcpath requires separate lxc-ls and lxc-autostart runs. Signed-off-by:
-
Serge Hallyn authored
always change profile immediately. Otherwise there are weird corner cases where the profile change may not happen. Signed-off-by:
-
- 20 Feb, 2014 8 commits
-
-
Stéphane Graber authored
Signed-off-by: -
Stéphane Graber authored
This profile was never meant to get into git... Signed-off-by: -
Stéphane Graber authored
Signed-off-by: -
Stéphane Graber authored
Signed-off-by: -
Natanael Copa authored
Signed-off-by:
Natanael Copa <ncopa@alpinelinux.org> Acked-by:
-
Natanael Copa authored
Modules should not link to the Lua core library. See http://lua-users.org/wiki/BuildingModules under "Do Not Link Modules to the Lua Core Libraries" Signed-off-by:
-
Stéphane Graber authored
Signed-off-by: -
S.Çağlar Onur authored
Signed-off-by:
S.Çağlar Onur <caglar@10ur.org> Acked-by:
-
- 19 Feb, 2014 13 commits
-
-
Dwight Engen authored
Systems based on systemd mount the root shared by default. We don't want mounts done during creation by templates nor those done internally by bdev during rsync based clones to propagate to the root mntns. The create case already had the right check, but the mount call was missing "/", so it was failing. Signed-off-by:
-
Stéphane Graber authored
Signed-off-by: -
Stéphane Graber authored
Signed-off-by: -
Stéphane Graber authored
Signed-off-by: -
Stéphane Graber authored
Signed-off-by: -
Stéphane Graber authored
Signed-off-by: -
KATOH Yasufumi authored
Update for commit 3a5ec236Signed-off-by:
KATOH Yasufumi <karma@jazz.email.ne.jp> Acked-by:
-
Natanael Copa authored
We have added 3 new build servers for Alpine Linux musl libc x86, x86_64 and arm. Add the sha256sum for those keys. Signed-off-by:
-
Natanael Copa authored
Fix the issues reported by checkbashisms and change back to #!/bin/sh Signed-off-by:
-
Stéphane Graber authored
Since we're no longer always returning a getenv result or some defined string, the callers should cleanup the variable after use. As a result, change from const char* to char*, add the needed free() everywhere and use strdup() on strings coming from getenv. Signed-off-by:
-
Stéphane Graber authored
Signed-off-by: -
Serge Hallyn authored
That's to make sure that if the bridge has a higher than 1500 mtu, the new veth (defaulting to 1500) doesn't lower it. Signed-off-by:
-
Stéphane Graber authored
This makes get_rundir actually do what I meant it to do... for some reason I missed that one in testing... Signed-off-by:
-
- 18 Feb, 2014 8 commits
-
-
Stéphane Graber authored
If get_rundir can't find XDG_RUNTIME_DIR in the environment, it'll attempt to build a path using ~/.cache/lxc/run/. Should that fail because of missing $HOME in the environment, it'll then return NULL an all callers will fail in that case. Signed-off-by:
-
Stéphane Graber authored
Signed-off-by: -
Serge Hallyn authored
If we are unprivileged and have asked for a veth device, then create a pipe over which to pass the veth names. Network-related todos: 1. set mtu on the container side of veth device 2. set mtu in lxc-user-nic. Note that this probably requires an update to the /etc/lxc/lxc-usernet file :( Signed-off-by:
-
Serge Hallyn authored
after commit 4e4ca161 we are checking for optional in mntopts after we forcibly remove it. Cache whether we had it before removing it. Signed-off-by:
-
Eivind Uggedal authored
Signed-off-by:
Eivind Uggedal <eivind@uggedal.com> Acked-by:
-
Dwight Engen authored
Signed-off-by:
-
Serge Hallyn authored
Otherwise mount may return -EINVAL if in-kernel super-block parser objects (as is the case with ext4). Changelog v2: also drop 'optional' specifically drop create=dir, not create=* fix order of arguments for memmove Signed-off-by:
-
Stéphane Graber authored
Signed-off-by:
-
