- 17 Sep, 2016 2 commits
-
-
Stéphane Graber authored
Cgroup root on dump
-
Tycho Andersen authored
Otherwise in the error case, we end up subtracting two from the static_args, which would lead to a segfault :) Signed-off-by:Tycho Andersen <tycho.andersen@canonical.com>
-
- 16 Sep, 2016 11 commits
-
-
Tycho Andersen authored
This is almost never the right thing to use, and we don't use it any more anyway. Signed-off-by: -
Tycho Andersen authored
We initialized cgfsng in a strange way inside of its implementation of escape so we could use it during checkpoint. Instead, the previous patch does a hacky initialization in criu.c, and we can get rid of the hacks elsewhere :) Signed-off-by: -
Tycho Andersen authored
CRIU has added support for passing --cgroup-root on dump, which we should use (see the criu commit 07d259f365f224b32914de26ea0fd59fc6db0001 for details). Note that we don't have to do any version checking or anything, because CRIU just ignored --cgroup-root on checkpoint before, so passing it is safe, and will result in correct behavior when a sufficient version of CRIU is present. Signed-off-by: -
Tycho Andersen authored
Signed-off-by: -
Tycho Andersen authored
N.B. that these are only implemented in cgfsng, but, 15:28:28 tych0 | do we still use cgfs anywhere? or the cgm backend? 15:29:19 stgraber | not anywhere we care about ...I think that's okay. Signed-off-by: -
Tycho Andersen authored
Signed-off-by: -
Stéphane Graber authored
lxc-create -t debian fails on ppc64el arch
-
Thierry Fauck authored
Template catches arch from uname -m, but for ppc64el system, arch reports ppc64le which doesn't match image repo. Signed-off-by:
Thierry Fauck <tfauck@free.fr> Signed-off-by:
Serge Hallyn <serge@hallyn.com>
-
Christian Brauner authored
doc: Add lxc.no_new_privs to Japanese lxc.container.conf(5)
-
KATOH Yasufumi authored
Update for commit 222ddc Signed-off-by:KATOH Yasufumi <karma@jazz.email.ne.jp>
-
Serge Hallyn authored
implement PR_SET_NO_NEW_PRIVS in liblxc
-
- 14 Sep, 2016 2 commits
-
-
Stéphane Graber authored
make rsync deal with sparse files efficiently
-
Lukas Pirl authored
Signed-off-by:Lukas Pirl <git@lukas-pirl.de>
-
- 13 Sep, 2016 4 commits
-
-
Christian Brauner authored
c/r: free valid_opts if necessary
-
Tycho Andersen authored
2cb80427 introduced a malloc without a matching free. Signed-off-by:
-
Stéphane Graber authored
lxczfs: small fixes
-
Christian Brauner authored
- We expect destroy to fail in zfs_clone() so try to silence it so users are not irritated when they create zfs snapshots. - Add -r recursive to zfs_destroy(). This code is only hit when a) the container has no snapshots or b) the user calls destroy with snapshots. So this should be safe. Without -r snapshots will remain. Signed-off-by:Christian Brauner <christian.brauner@canonical.com>
-
- 08 Sep, 2016 2 commits
-
-
Christian Brauner authored
c/r: zero a smaller than known migrate_opts struct
-
Tycho Andersen authored
Signed-off-by:
-
- 06 Sep, 2016 4 commits
-
-
Christian Brauner authored
templates: use correct cron version in alpine template
-
Alex Athanasopoulos authored
Signed-off-by:Alex Athanasopoulos <alex@melato.org>
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by:
-
- 05 Sep, 2016 9 commits
-
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
- When we detect that the container, we want to attach to, has been stared with PR_SET_NO_NEW_PRIVS we attach with PR_SET_NO_NEW_PRIVS as well. (We might relax this restriction later but let's be strict for now.) - When LXC_ATTACH_NO_NEW_PRIVS is set in the flags passed to lxc_attach()/attach_child_main() then we set PR_SET_NO_NEW_PRIVS irrespective of whether the container was started with PR_SET_NO_NEW_PRIVS or not. - Set no_new_privs before lsm and seccomp. We probably don't want attach() to be able to change the lsm or seccomp policy if the container was started with PR_SET_NO_NEW_PRIVS enabled. Signed-off-by: -
Christian Brauner authored
We will reuse the newly initialized container for PR_SET_NO_NEW_PRIVS. Signed-off-by: -
Christian Brauner authored
Add a flag for PR_SET_NO_NEW_PRIVS. It is off by default. Signed-off-by: -
Christian Brauner authored
Set no_new_privs after setting the lsm label. If we do set it before we aren't allowed to change the label anymore. Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
configure: add --disable-werror
-
Stéphane Graber authored
syslog tweaks
-
Stéphane Graber authored
console: use correct log name
-
- 04 Sep, 2016 4 commits
-
-
Christian Brauner authored
Signed-off-by:Christian Brauner <christian.brauner@mailbox.org>
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
- add lxc_syslog_priority_to_string() - add lxc_syslog_priority_to_int() - remove syslog_facility struct - add lxc.syslog to lxc_getconfig struct - adapt config_syslog() callback Signed-off-by: -
Jérôme Pouiller authored
-Werror may break builds on some scenarios with trivialities (especially during developments). Signed-off-by:Jérôme Pouiller <jezz@sysmic.org>
-
- 03 Sep, 2016 1 commit
-
-
Christian Brauner authored
lxc_console is used with lxc_console.c Signed-off-by:
-
- 01 Sep, 2016 1 commit
-
-
Christian Brauner authored
templates: remove creation of bogus directory in Debian templates
-
