- 18 Jul, 2020 23 commits
-
-
Christian Brauner authored
Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
Sam Boyles authored
To detect if a newly generated interface name is a duplicate of an existing interface lxc_ifname_alnum_case_sensitive() currently gets a list of all interfaces using netns_getifaddrs(). When the system has a small number of interfaces this works fine, however when there are thousands or tens of thousands of interfaces this quickly becomes less than optimal. As we only need to check if an interface name exists, and do not need the detailed information about the interfaces provided by netns_getifaddrs(), we can instead use the if_nametoindex() function, which is much more efficient. Signed-off-by:Sam Boyles <sam.boyles@alliedtelesis.co.nz>
-
Christian Brauner authored
Closes: #3484. Suggested-by:
Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by:
Christian Brauner <christian.brauner@ubuntu.com>
-
Ruben Jenster authored
Signed-off-by:Ruben Jenster <r.jenster@drachenfels.de>
-
Christian Brauner authored
Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
Christian Brauner authored
Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
Christian Brauner authored
Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
Christian Brauner authored
Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
Christian Brauner authored
Closes: #3473. Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
Christian Brauner authored
Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
Christian Brauner authored
Closes: #3473. Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
Christian Brauner authored
Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
Christian Brauner authored
Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
Christian Brauner authored
Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
Christian Brauner authored
Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
Johannes Kastl authored
Signed-off-by:Johannes Kastl <kastl@b1-systems.de>
-
Johannes Kastl authored
Signed-off-by:Johannes Kastl <kastl@b1-systems.de>
-
Johannes Kastl authored
templates/lxc-download.in: fix wrong if condition (use the result of the gpg command, not the result when executing the result of the gpg command) Signed-off-by:Johannes Kastl <kastl@b1-systems.de>
-
Alexander Livenets authored
In `start.c:1284`, no_new_privs flag is set after LSM label is set. Also, in `lxc.container.conf` documentation it is written that: ``` Note that PR_SET_NO_NEW_PRIVS is applied after the container has changed into its intended AppArmor profile or SElinux context. ``` This commit fixes the behavior of `lxc_attach` by moving `PR_SET_NO_NEW_PRIVS` set logic after LSM for the process is configured; Closes #3393 Signed-off-by:Alexander Livenets <a.livenets@gmail.com>
-
Christian Brauner authored
Closes: Coverity 1465044. Closes: Coverity 1465046. Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
Christian Brauner authored
Fixes: Coverity 1465045. Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
Christian Brauner authored
Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
- 03 Jul, 2020 1 commit
-
-
Wolfgang Bumiller authored
Signed-off-by:Wolfgang Bumiller <w.bumiller@proxmox.com>
-
- 28 Jun, 2020 1 commit
-
-
Stéphane Graber authored
Signed-off-by:Stéphane Graber <stgraber@ubuntu.com>
-
- 25 Jun, 2020 3 commits
-
-
Christian Brauner authored
We're ignoring commands that we don't know about. They used to be fatal. Not anymore. Closes: #3459. Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
Stéphane Graber authored
Closes #3457 Signed-off-by:Stéphane Graber <stgraber@ubuntu.com>
-
Robert Vogelgesang authored
Stopping a lxc container with without waiting on it was broken in master. This patch fixes it. Signed-off-by:Robert Vogelgesang <vogel@folz.de>
-
- 20 Jun, 2020 5 commits
-
-
Christian Brauner authored
Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
Christian Brauner authored
Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
Christian Brauner authored
Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
Christian Brauner authored
Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
Stéphane Graber authored
The previous change made things confusing by impliying there may be a secondary when VLAN/IPVLAN/bridge members can only have a single parent device. Signed-off-by:Stéphane Graber <stgraber@ubuntu.com>
-
- 18 Jun, 2020 3 commits
-
-
Christian Brauner authored
Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
Christian Brauner authored
We can't do anything about the established kernel API but we can at least not propagate the terminology. Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
Christian Brauner authored
Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
- 15 Jun, 2020 4 commits
-
-
Gaurav Singh authored
Signed-off-by:Gaurav Singh <gaurav1086@gmail.com>
-
Christian Brauner authored
Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
Christian Brauner authored
It's now a wrapper around userns_exec_mapped_root() which allows us to avoid fork() + exec() lxc-usernsexec makes things way nicer to test with ASAN etc. Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
Christian Brauner authored
Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-