- 18 Jul, 2020 23 commits
-
-
Christian Brauner authored
Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
Sam Boyles authored
To detect if a newly generated interface name is a duplicate of an existing interface lxc_ifname_alnum_case_sensitive() currently gets a list of all interfaces using netns_getifaddrs(). When the system has a small number of interfaces this works fine, however when there are thousands or tens of thousands of interfaces this quickly becomes less than optimal. As we only need to check if an interface name exists, and do not need the detailed information about the interfaces provided by netns_getifaddrs(), we can instead use the if_nametoindex() function, which is much more efficient. Signed-off-by:Sam Boyles <sam.boyles@alliedtelesis.co.nz>
-
Christian Brauner authored
Closes: #3484. Suggested-by:
Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by:
-
Ruben Jenster authored
Signed-off-by:Ruben Jenster <r.jenster@drachenfels.de>
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Closes: #3473. Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Closes: #3473. Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Johannes Kastl authored
Signed-off-by:Johannes Kastl <kastl@b1-systems.de>
-
Johannes Kastl authored
Signed-off-by: -
Johannes Kastl authored
templates/lxc-download.in: fix wrong if condition (use the result of the gpg command, not the result when executing the result of the gpg command) Signed-off-by: -
Alexander Livenets authored
In `start.c:1284`, no_new_privs flag is set after LSM label is set. Also, in `lxc.container.conf` documentation it is written that: ``` Note that PR_SET_NO_NEW_PRIVS is applied after the container has changed into its intended AppArmor profile or SElinux context. ``` This commit fixes the behavior of `lxc_attach` by moving `PR_SET_NO_NEW_PRIVS` set logic after LSM for the process is configured; Closes #3393 Signed-off-by:Alexander Livenets <a.livenets@gmail.com>
-
Christian Brauner authored
Closes: Coverity 1465044. Closes: Coverity 1465046. Signed-off-by: -
Christian Brauner authored
Fixes: Coverity 1465045. Signed-off-by: -
Christian Brauner authored
Signed-off-by:
-
- 03 Jul, 2020 1 commit
-
-
Wolfgang Bumiller authored
Signed-off-by:Wolfgang Bumiller <w.bumiller@proxmox.com>
-
- 28 Jun, 2020 1 commit
-
-
Stéphane Graber authored
Signed-off-by:Stéphane Graber <stgraber@ubuntu.com>
-
- 25 Jun, 2020 3 commits
-
-
Christian Brauner authored
We're ignoring commands that we don't know about. They used to be fatal. Not anymore. Closes: #3459. Signed-off-by: -
Stéphane Graber authored
Closes #3457 Signed-off-by: -
Robert Vogelgesang authored
Stopping a lxc container with without waiting on it was broken in master. This patch fixes it. Signed-off-by:Robert Vogelgesang <vogel@folz.de>
-
- 20 Jun, 2020 5 commits
-
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Stéphane Graber authored
The previous change made things confusing by impliying there may be a secondary when VLAN/IPVLAN/bridge members can only have a single parent device. Signed-off-by:
-
- 18 Jun, 2020 3 commits
-
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
We can't do anything about the established kernel API but we can at least not propagate the terminology. Signed-off-by: -
Christian Brauner authored
Signed-off-by:
-
- 15 Jun, 2020 4 commits
-
-
Gaurav Singh authored
Signed-off-by:Gaurav Singh <gaurav1086@gmail.com>
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
It's now a wrapper around userns_exec_mapped_root() which allows us to avoid fork() + exec() lxc-usernsexec makes things way nicer to test with ASAN etc. Signed-off-by: -
Christian Brauner authored
Signed-off-by:
-
