Commits · 7385273fc415fe56d499e2bdfd628dfe0e06e10c · Chen Yisong / lxc

07 Feb, 2018 1 commit

attach: set the container's environment variables · 7385273f

authored Feb 07, 2018

Set the same environment variables that were used when starting the container
when attaching to the container.
Signed-off-by: LiFeng <lifeng68@huawei.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

7385273f

06 Feb, 2018 2 commits
- Merge pull request #2117 from brauner/2018-01-26/cgroup_v2_support · 3fb8253d
  Serge Hallyn authored Feb 06, 2018
```
cgroups: add unified hierarchy support
```
  3fb8253d
- Merge pull request #2044 from brauner/2017-12-16/lxc_ls_add_unprivileged_field · d8eb058d
  Serge Hallyn authored Feb 06, 2018
```
tools: add UNPRIVILEGED field in fancy output mode
```
  d8eb058d
05 Feb, 2018 5 commits

Merge pull request #2130 from tych0/sigterm-handling · af3f9cc9
Serge Hallyn authored Feb 05, 2018
```
Sigterm handling
```
af3f9cc9
Merge pull request #2129 from tych0/sigterm-sigkill · 05f2fed7
Christian Brauner authored Feb 05, 2018
```
lxc-init: use SIGKILL after alarm timeout
```
05f2fed7
lxc.init: ignore SIGHUP · 186dfb16
Tycho Andersen authored Feb 05, 2018
```
see comment for details.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>
```
186dfb16

monitor: send SIGTERM to the container when SIGHUP is received · d4b5d7a8

authored Feb 05, 2018

For the ->execute() case, we want to make sure the application dies when
SIGHUP is received. The next patch will ignore SIGHUP in the lxc monitor,
because tasks inside the container send SIGHUP to init to have it reload
its config sometimes, and we don't want to do that with init.lxc, since it
might actually kill the container if it forwards SIGHUP to the child and
the child can't handle it.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>

d4b5d7a8

lxc-init: use SIGKILL after alarm timeout · 60e324aa

authored Feb 05, 2018

d76e3e1a inadvertently switched the alarm timeout from sigterm to sigkill.
We really want sigkill here, so let's bring it back.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>

60e324aa

02 Feb, 2018 2 commits

Merge pull request #2126 from flx42/nvidia-visible-devices-change-null-semantic · e6bd446c
Christian Brauner authored Feb 02, 2018
```
hooks: change the semantic of NVIDIA_VISIBLE_DEVICES=""
```
e6bd446c

hooks: change the semantic of NVIDIA_VISIBLE_DEVICES="" · b8724383

authored Feb 02, 2018

With LXC, you can override the value of an environment variable to
null, but you can't unset an existing variable.

The NVIDIA hook was previously activated when NVIDIA_VISIBLE_DEVICES
was set to null. As a result, it was not possible to disable the hook
by overriding the environment variable in the configuration.

The hook can now be disabled by setting NVIDIA_VISIBLE_DEVICES to
null or to the new special value "void".
Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>

b8724383

01 Feb, 2018 5 commits
- Merge pull request #2120 from stgraber/master · b046bbab
  Christian Brauner authored Feb 01, 2018
```
debian: We must use iproute on wheezy
```
  b046bbab
- debian: We must use iproute on wheezy · 24d87135
  Stéphane Graber authored Feb 01, 2018
```
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
```
  24d87135
- Merge pull request #2119 from brauner/2018-02-01/fix_android · 0b7ab4c7
  Stéphane Graber authored Feb 01, 2018
```
lsm: do not #ifdefine
```
  0b7ab4c7
- lsm: do not #ifdefine · 1fb5e888
  Christian Brauner authored Feb 01, 2018
```
Since we stopped linking against AppArmor we can now remove the conditional
compilation.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  1fb5e888
- Merge pull request #2114 from brauner/2018-01-27/make_name_arg_optional · 0bf1c308
  Serge Hallyn authored Jan 31, 2018
```
tools: make "-n" optional
```
  0bf1c308
31 Jan, 2018 8 commits
- cgroups: more consistent naming · a3926f6a
  Christian Brauner authored Jan 31, 2018
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  a3926f6a
- cgroups: handle limits on the unified hierarchy · 6b38e644
  Christian Brauner authored Jan 31, 2018
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  6b38e644
- confile: add lxc.cgroup2.[controller].[property] · 54860ed0
  Christian Brauner authored Jan 31, 2018
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  54860ed0
- cgroups: cgfsng_set: handle unified hierarchy · 87777968
  Christian Brauner authored Jan 31, 2018
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  87777968
- cgroups: cgfsng_get: handle unified hierarchy · 0069cc61
  Christian Brauner authored Jan 31, 2018
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  0069cc61
- cgroups: cgfsng_attach: handle unified hierarchy · c2aed66d
  Christian Brauner authored Jan 31, 2018
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  c2aed66d
- cgroups: cgfsng_create: handle unified hierarchy · 0c3deb94
  Christian Brauner authored Jan 31, 2018
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  0c3deb94
- cgroups: get controllers on the unified hierarchy · d6337a5f
  Christian Brauner authored Jan 31, 2018
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  d6337a5f
30 Jan, 2018 2 commits
- Merge pull request #2116 from brauner/2018-01-29/legacy_network_fixes · 2ddc6653
  Stéphane Graber authored Jan 29, 2018
```
confile_legacy: fix legacy network parser
```
  2ddc6653
- confile_legacy: fix legacy network parser · 70a82405
  Christian Brauner authored Jan 29, 2018
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  70a82405
29 Jan, 2018 1 commit
- Merge pull request #2102 from brauner/2018-01-22/lsm_simplifications · 26f0e915
  Serge Hallyn authored Jan 29, 2018
```
lsm: simplifcations
```
  26f0e915
27 Jan, 2018 5 commits
- tools: make "-n" optional · 817a0e46
  Christian Brauner authored Jan 27, 2018
```
This lets users use the tools with "lxc-* -n <container-name>" or
"lxc-* <container-name>".
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  817a0e46
- Merge pull request #2113 from marcosps/seccomp_return · cf73b78c
  Christian Brauner authored Jan 27, 2018
```
seccomp.c: Use return instead of attribution and return
```
  cf73b78c
- seccomp.c: Use return instead of attribution and return · 29cb2617
  Marcos Paulo de Souza authored Jan 27, 2018
```
Signed-off-by: Marcos Paulo de Souza <marcos.souza.org@gmail.com>
```
  29cb2617
- Merge pull request #2112 from stgraber/master · 8f57ca64
  Christian Brauner authored Jan 27, 2018
```
debian: Use iproute2 instead of iproute
```
  8f57ca64
- debian: Use iproute2 instead of iproute · 89266861
  Stéphane Graber authored Jan 27, 2018
```
The package has pretty much always been iproute2 with iproute being an
alias for it, the alias is now gone so we need to use iproute2.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
```
  89266861
26 Jan, 2018 6 commits

Merge pull request #2111 from tych0/unpriv-fixups · 0cea2977
Christian Brauner authored Jan 26, 2018
```
Unpriv fixups
```
0cea2977
rename am_unpriv to am_host_unpriv · 5384e99d
Tycho Andersen authored Jan 26, 2018
```
Signed-off-by: Tycho Andersen <tycho@tycho.ws>
```
5384e99d

better unprivileged detection · 4692c01a

authored Jan 26, 2018

In particular, if we are already in a user namespace we are unprivileged,
and doing things like moving the physical nics back to the host netns won't
work. Let's do the same thing LXD does if euid == 0: inspect
/proc/self/uid_map and see what that says.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>

4692c01a

better check for lock dir · 9650c735

authored Jan 26, 2018

Consider the case where we're running in a user namespace but in the host's
mount ns with the host's filesystem (something like
lxc-usernsexec ... lxc-execute ...), in this case, we'll be euid 0, but we
can't actually write to /run. Let's improve this locking check to make sure
we can actually write to /run before we decide to actually use it as our
locking dir.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>

9650c735

Merge pull request #2109 from duguhaotian/new · 3fdb1cf4
Christian Brauner authored Jan 26, 2018
```
[cgfsng] show wrong errno
```
3fdb1cf4

[cgfsng] show wrong errno · d1953b26

authored Jan 26, 2018

lxc_cgroup_set_data: h = get_hierarchy(controller);
if h is NULL, now errno is old, it donot set new one.
And then,
cgfsng_setup_limits:

    if (lxc_cgroup_set_data(cg->subsystem, cg->value, d)) {
		if (do_devices && (errno == EACCES ||
			errno == EPERM)) {
			WARN("Error setting %s to %s for %s",
				cg->subsystem, cg->value,
				d->name);
			continue;
		}
		SYSERROR("Error setting %s to %s for
			 %s",
			 cg->subsystem, cg->value,
			 d->name);
		goto out;
	}

SYSERROR will show old errno, make me confused.
Signed-off-by: duguhaotian <duguhaotian@gmail.com>

d1953b26

24 Jan, 2018 1 commit
- Merge pull request #2099 from brauner/2018-01-20/attach_init_pty · f1289f48
  Stéphane Graber authored Jan 24, 2018
```
bugfixes
```
  f1289f48
23 Jan, 2018 2 commits

Merge pull request #2103 from marcosps/forward_not_used · b28e2826
Christian Brauner authored Jan 23, 2018
```
network.c: Remove ip_forward_set and callers
```
b28e2826

network.c: Remove ip_forward_set and callers · c0a6d713

authored Jan 22, 2018

The last user of ip_forward_set, lxc_ip_forward_on and
lxc_ip_forward_off was in 2009:

commit 92d38522
Author: Daniel Lezcano <dlezcano@fr.ibm.com>
Date:   Thu Oct 22 15:33:40 2009 +0200

    remove test directory

These functions are not called anymore.
Signed-off-by: Marcos Paulo de Souza <marcos.souza.org@gmail.com>

c0a6d713