Commits · 756e65cc19e4f879ecd00f2ca3a888bbcfa8cfde · Chen Yisong / lxc

09 Nov, 2017 38 commits

console: non-functional changes · 756e65cc
Christian Brauner authored Oct 26, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
756e65cc
console: non-functional changes · d4f78df3
Christian Brauner authored Oct 23, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
d4f78df3
commands: non-functional changes · b07d3445
Christian Brauner authored Oct 22, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
b07d3445

config: remove SIGRTMIN+14 as lxc.signal.stop · 51d1ec4f

authored Oct 31, 2017

We want to be able to SIGKILL an Archlinux container.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

51d1ec4f

cgroupfs/cgfsng: improve cgroup2 handling · 0a5c220e
Christian Brauner authored Oct 31, 2017
```
This fixes a bunch of bugs.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
0a5c220e
cgroups/cgfsng: fix get_controllers() for cgroup2 · eb768a6e
Christian Brauner authored Oct 31, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
eb768a6e

cgroups/cgfsng: remove is_lxcfs() · 8353971f

authored Nov 01, 2017

We don't need to parse fuse.lxcfs entries.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

8353971f

cgroupfs/cgfsng: tweak logging · a4852420
Christian Brauner authored Oct 31, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
a4852420
log: check for i/o error with vsnprintf() · 614f917a
Christian Brauner authored Oct 31, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
614f917a

cgroups/cgfsng: support MS_READONLY with cgroup ns · 4f6758e9

authored Oct 31, 2017

If we lack CAP_SYS_ADMIN this is really useful.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

4f6758e9

cgroups/cgfsng: cgfsns_chown() -> cgfsng_chown() · a409c1b3
Christian Brauner authored Oct 31, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
a409c1b3
cgroups/cgfsng: keep mountpoint intact · f2cacc25
Christian Brauner authored Oct 31, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
f2cacc25

attach: handle namespace inheritance · 04464087

authored Nov 01, 2017

We need to have lxc_attach() distinguish between a caller specifying specific
namespaces to attach to and a caller not requesting specific namespaces. The
latter is taken by lxc_attach() to mean that all namespaces will be attached.
This also needs to include all inherited namespaces.

Closes #1890.
Closes #1897.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

04464087

tools: fix help output of lxc-create · 15b0967b
Christian Brauner authored Nov 06, 2017
```
Closes #1899.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
15b0967b
storage: switch to ext4 as default filesystem · 326c7f47
Christian Brauner authored Nov 06, 2017
```
Closes #1899.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
326c7f47
conf: reap child in all cases · 7f586ee9
Christian Brauner authored Nov 01, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
7f586ee9
network: reap child in all cases · 12f39bdb
Christian Brauner authored Nov 01, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
12f39bdb

monitor: do not log useless warnings · d0d3ce9b

authored Oct 29, 2017

lxc-monitord is deprecated so this is expected to fail.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

d0d3ce9b

start: close data socket in parent · 1016c1e0

authored Oct 29, 2017

Brings the number of open fds in the monitor process for a standard container
without ttys down to 17.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

1016c1e0

handler: make name argument const · b25fbb66

authored Oct 28, 2017

There's no obvious need to strdup() the name of the container in the handler.
We can simply make this a pointer to the memory allocated in
lxc_container_new().
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

b25fbb66

start: close non-needed file descriptors · b703a043
Christian Brauner authored Oct 29, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
b703a043

lxc-start: remove unnecessary checks · b3784041

authored Oct 28, 2017

The console struct is internal and liblxc takes care of creating paths.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

b3784041

cgroups: enable container without CAP_SYS_ADMIN · 40b94ece

authored Oct 30, 2017

In case cgroup namespaces are supported but we do not have CAP_SYS_ADMIN we
need to mount cgroups for the container. This patch enables both privileged and
unprivileged containers without CAP_SYS_ADMIN.

Closes #1737.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

40b94ece

cgfsng: fix cgroup2 detection · 89d56cc6
Christian Brauner authored Oct 30, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
89d56cc6

attach: correctly handle namespace inheritance · 130814ed

authored Oct 29, 2017

When attaching to a container's namespaces we did not handle the case where we
inherited namespaces correctly. In essence, liblxc on start records the
namespaces the container was created with in the handler. But it only records
the clone flags that were passed to clone() and doesn't record the namespaces
we e.g. inherited from other containers. This means that attach only ever
attached to the clone flags. But this is only correct if all other namespaces
not recorded in the handler refer to the namespaces of the caller. However,
this need not be the case if the container has inherited namespaces from
another container. To handle this case we need to check whether caller and
container are in the same namespace. If they are, we know that things are all
good. If they aren't then we need to attach to these namespaces as well.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

130814ed

lxc-debian: don't write C.* locales to /etc/locale.gen · 39387750

authored Oct 27, 2017

Doing that confuses locale generation. lxc-ubuntu does the same check
Signed-off-by: Antonio Terceiro <terceiro@debian.org>

39387750

Add missing lxc_container_put · 6946b25e
Jordan Webb authored Oct 27, 2017
```
Signed-off-by: Jordan Webb <jordemort@github.com>
```
6946b25e
Fix typo in lxc-net script · 971d7155
adrian5 authored Oct 27, 2017
```
Signed-off-by: adrian5 <adrian5@users.noreply.github.com>
```
971d7155
Call lxc_config_define_load from lxc_execute again · 15dab9e1
Jordan Webb authored Oct 27, 2017
```
Signed-off-by: Jordan Webb <jordemort@github.com>
```
15dab9e1

lxc-debian: allow creating `testing` and `unstable` · 36f1986c

authored Oct 26, 2017

Being able to create `testing` containers, regardless of what's the name
of the next stable, is useful in several contexts, included but not
limited to testing purposes. i.e. one won't need to explicitly switch to
`bullseye` once `buster` is released to be able to continue tracking
`testing`. While we are at it, let's also enable `unstable`, which is
exactly the same as `sid`, but there is no reason for not being able to.
Signed-off-by: Antonio Terceiro <terceiro@debian.org>

36f1986c

namespace: use lxc_getpagesize() · 584993fc
Christian Brauner authored Oct 21, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
584993fc
utils: add lxc_find_next_power2() · 6b38945f
Christian Brauner authored Oct 18, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
6b38945f
utils: parse_byte_size_string() · 02139ac2
Christian Brauner authored Oct 18, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
02139ac2
utils: add lxc_safe_long_long() · 76f40d1f
Christian Brauner authored Oct 18, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
76f40d1f
utils: add lxc_getpagesize() · df0f17ad
Christian Brauner authored Oct 21, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
df0f17ad
utils: add lxc_make_tmpfile() · 9360c59d
Christian Brauner authored Oct 18, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
9360c59d
utils: add lxc_cloexec() · 785c692d
Christian Brauner authored Oct 18, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
785c692d
utils: move memfd_create() definition · 5d4dfde9
Christian Brauner authored Oct 18, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
5d4dfde9

30 Oct, 2017 1 commit
- Merge pull request #1877 from brauner/2017-10-27/tools_allow_undefined_containers_stable_2.0 · 3feb8712
  Stéphane Graber authored Oct 30, 2017
```
stable-2.0: tools: allow lxc-attach to undefined containers
```
  3feb8712
27 Oct, 2017 1 commit

tools: allow lxc-attach to undefined containers · 0b7d6207

authored Oct 27, 2017

For example the following sequence is expected to work:

lxc-start -n containerName -f /path/to/conf \
-s 'lxc.id_map = u 0 100000 65536' \
-s 'lxc.id_map = g 0 100000 65536' \
-s 'lxc.rootfs = /path/to/rootfs' \
-s 'lxc.init_cmd = /path/to/initcmd'

lxc-attach -n containerName

Closes #984.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

0b7d6207