- 25 Jun, 2020 3 commits
-
-
Christian Brauner authored
We're ignoring commands that we don't know about. They used to be fatal. Not anymore. Closes: #3459. Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
Stéphane Graber authored
Closes #3457 Signed-off-by:Stéphane Graber <stgraber@ubuntu.com>
-
Robert Vogelgesang authored
Stopping a lxc container with without waiting on it was broken in master. This patch fixes it. Signed-off-by:Robert Vogelgesang <vogel@folz.de>
-
- 20 Jun, 2020 5 commits
-
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Stéphane Graber authored
The previous change made things confusing by impliying there may be a secondary when VLAN/IPVLAN/bridge members can only have a single parent device. Signed-off-by:
-
- 18 Jun, 2020 3 commits
-
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
We can't do anything about the established kernel API but we can at least not propagate the terminology. Signed-off-by: -
Christian Brauner authored
Signed-off-by:
-
- 15 Jun, 2020 11 commits
-
-
Gaurav Singh authored
Signed-off-by:Gaurav Singh <gaurav1086@gmail.com>
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
It's now a wrapper around userns_exec_mapped_root() which allows us to avoid fork() + exec() lxc-usernsexec makes things way nicer to test with ASAN etc. Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
If we set O_RDWR we won't be able to open directories and if we set O_PATH we won't be able to chown. Signed-off-by: -
Christian Brauner authored
Closes: #3443. Signed-off-by: -
Thomas Parrott authored
Signed-off-by:Thomas Parrott <thomas.parrott@canonical.com>
-
Thomas Parrott authored
Signed-off-by: -
Thomas Parrott authored
To avoid misleading errors about openvswitch when non-existent bridge link interface specified. Signed-off-by: -
Thomas Parrott authored
Signed-off-by:
-
- 04 Jun, 2020 2 commits
-
-
Thomas Parrott authored
Signed-off-by: -
Scott Moser authored
Previously if the user was root, then the test would just skip running (and exit 0). The lxc test environment is run as root. So, instead of never doing anything there, we create a user, make sure it is in /etc/sub{ug}id and then execute the test as that user. If user is already non-root, then just execute the tests as before. Signed-off-by:Scott Moser <smoser@brickies.net>
-
- 02 Jun, 2020 1 commit
-
-
Scott Moser authored
The test executes lxc-usernsexec to create some files and chmod them. Then makes assertions on the uid and gid of those files from outside. Signed-off-by:
-
- 28 May, 2020 1 commit
-
-
Christian Brauner authored
Somehow it's documented but wasn't ever added. Signed-off-by:
-
- 25 May, 2020 14 commits
-
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Wolfgang Bumiller authored
When a newer lxc library communicates with an older one (such as running an lxc 4.0 lxc-freeze on a longer running container which was started while lxc was still at version 3), the LXC_CMD_GET_LIMITING_CGROUP command is not available, causing the remote to just close the socket. Catch this and try the previous command instead. Signed-off-by:Wolfgang Bumiller <w.bumiller@proxmox.com>
-
Wolfgang Bumiller authored
Otherwise we cannot use an 'a' entry in devices.deny/allow as these are not permitted once a subdirectory was created. Without isolation we initialize the devices cgroup particularly late, so there are probably cases which cannot work with isolation. Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Wolfgang Bumiller authored
This is a new approach to #1302 with a container-side configuration instead of a global boolean flag. Contrary to the previous PR using an optional additional parameter for the get-cgroup command, this introduces two new additional commands to get the limiting cgroup path and cgroup2 file descriptor. If the limiting option is not in use, these behave identical to their full-path counterparts. If these variables are used the payload will end up in the concatenation of lxc.cgroup.dir.container and lxc.cgroup.dir.container.inner (which may be empty), and the monitor will end up in lxc.cgruop.dir.monitor. The directories are fixed, no retry count logic is applied, failing to create these directories will simply be a hard error. Signed-off-by:
-
Stéphane Graber authored
Signed-off-by: -
Christian Brauner authored
We can fail to setgroups() when "deny" has been set which we need to set when we are a fully unprivileged user. Closes: 3420. Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Fixes: https://lists.linuxcontainers.org/pipermail/lxc-users/2020-May/015245.htmlSigned-off-by:
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
I introduced a regression: when users didn't specify a specific name via lxc.net.<idx>.name then the device would retain the random name it received when we created it. Before we would use the "eth%d" syntax to get the kernel to assign a fixed name. Restore that behavior. Closes: #3407. Fixes: 8bf64b77 ("network: rework network device creation") Signed-off-by:
-
Christian Brauner authored
No more weird api quirks between architectures and cool new features. Signed-off-by:
-
