- 22 Nov, 2016 30 commits
-
-
Serge Hallyn authored
remove atoi
-
Christian Brauner authored
Signed-off-by:Christian Brauner <christian.brauner@canonical.com>
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
This function safely parses an unsigned integer. On success it returns 0 and stores the unsigned integer in @converted. On error it returns a negative errno. Signed-off-by:
-
- 21 Nov, 2016 3 commits
-
-
Serge Hallyn authored
cgroup: improve isolcpus handling
-
Christian Brauner authored
If the file "/sys/devices/system/cpu/isolated" doesn't exist, we can't just simply bail. We still need to check whether we need to copy the parents cpu settings. Signed-off-by: -
Christian Brauner authored
- add more logging - only write to cpuset.cpus if we really have to - simplify cleanup on error and success Signed-off-by:
-
- 20 Nov, 2016 3 commits
-
-
Stéphane Graber authored
use ns info struct and always attach to user namespace first
-
Christian Brauner authored
Move the user namespace at the first position in the array so that we always attach to it first when iterating over the struct and using setns() to switch namespaces. This especially affects lxc_attach(): Suppose you cloned a new user namespace and mount namespace as an unprivileged user on the host and want to setns() to the mount namespace. This requires you to attach to the user namespace first otherwise the kernel will fail this check: if (!ns_capable(mnt_ns->user_ns, CAP_SYS_ADMIN) || !ns_capable(current_user_ns(), CAP_SYS_CHROOT) || !ns_capable(current_user_ns(), CAP_SYS_ADMIN)) return -EPERM; in linux/fs/namespace.c:mntns_install(). Signed-off-by: -
Christian Brauner authored
Using custom structs in attach.c risks getting out of sync with the commonly used ns_info[LXC_NS_MAX] struct and thus attaching to wrong namespaces. Switch to using ns_info[LXC_NS_MAX]. Signed-off-by:
-
- 19 Nov, 2016 4 commits
-
-
Serge Hallyn authored
remove veth device from host
-
Christian Brauner authored
- simply check /proc/self/ns - improve SYSERROR() report - use #define to prevent gcc & clang to use a VLA Signed-off-by: -
Christian Brauner authored
It's much more appropriate there and makes start.{c,h} cleaner and leaner. Signed-off-by: -
Christian Brauner authored
Improve log and comments in a bunch of places to make it easier for us on bug reports. Signed-off-by:
-
