Commits · 78580ddbc13c0dd4e2c3af950f8dc96410502ced · Chen Yisong / lxc

10 May, 2017 4 commits
- conf: non-functional changes to console functions · 78580ddb
  Christian Brauner authored May 08, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  78580ddb
- conf: non-functional changes lxc_setup() · bb826cfe
  Christian Brauner authored May 08, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  bb826cfe
- conf: remove /dev/console from lxc_fill_autodev() · b55e06be
  Christian Brauner authored May 08, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  b55e06be
- conf: non-functional changes lxc_fill_autodev() · a489983a
  Christian Brauner authored May 08, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  a489983a
09 May, 2017 14 commits

fix the wrong exit status · 2e6347d6
0x0916 authored May 08, 2017
```
Signed-off-by: 0x0916 <w@laoqinren.net>
```
2e6347d6
precise is not the latest LTS, let's use xenial instead · ec9be825
Evgeni Golov authored May 08, 2017

ec9be825

monitor: simplify abstract socket logic · 8cab92d4

authored May 06, 2017

Older version of liblxc only allowed for 105 bytes to be used for the abstract
unix domain socket name because the code for our abstract unix socket handling
performed invalid checks. Since we \0-terminate we could now have a maximum of
106 chars. But do not break backwards compatibility we keep the limit at 105.

Reported-by: 0x0916 w@laoqinren.net
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

8cab92d4

lxccontainer: avoid NULL pointer dereference · 91677024

authored May 06, 2017

In case the lxc command socket is hashed and the socket was created for a
different path than the one we're currently querying
lxc_cmd_get_{lxcpath,name}() can return NULL. The command socket path is hashed
when len(lxcpath) > sizeof(sun_path) - 2.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

91677024

commands: non-functional changes · e2b7b3ff
Christian Brauner authored May 06, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
e2b7b3ff

commands: avoid NULL pointer dereference · 1177c9b0

authored May 06, 2017

lxc_cmd_get_lxcpath() and lxc_cmd_get_name() both pass a nil pointer to
fill_sock_name(). Make sure that they are not dereferenced.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

1177c9b0

af unix: allow for maximum socket name · 9d24213e

authored May 06, 2017

Abstract unix sockets need not be \0-terminated. So you can effectively have
107 chars available. If you \0-terminate you'll have a 106. Don't enforce
\0-termination in these low-level functions. Enforce it higher up which we
already do.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

9d24213e

monitor: report errno on exec() error · 20b3cceb
Christian Brauner authored May 05, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
20b3cceb
conf: add MS_LAZYTIME to mount options · 052e7c70
Christian Brauner authored May 02, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
052e7c70
conf: order mount options · a49066d4
Christian Brauner authored May 02, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
a49066d4

Change sshd template to work with Ubuntu 17.04 · 94b8d282

authored May 01, 2017

A few things have changed and this patch makes container generated for sshd work in Ubuntu
Signed-off-by: Nikolay Martynov <mar.kolya@gmail.com>

94b8d282

utils: tweak lxc_mount_proc_if_needed() · 859ee653

authored Apr 29, 2017

Create /proc directory if it doesn't exist.

Closes #1475.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

859ee653

conf: non-functional changes · 8a807a12
Christian Brauner authored Apr 28, 2017
```
Closes #1475.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
8a807a12

conf: close fd in lxc_setup_devpts() · 74363c78

authored Apr 28, 2017

This left the file descriptor to the underlying /dev/ptmx file open which
confused the hell out of criu. Let's close it.

Closes https://github.com/lxc/lxd/issues/3243.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

74363c78

26 Apr, 2017 7 commits

issue template: fix typo · 814e9e3a
Christian Brauner authored Apr 23, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
814e9e3a

cgroups: improve cgfsng debugging · c150e386

authored Apr 23, 2017

In a lot of cases we need a list of the writeable cgroup controllers detected
by the cgfsng driver.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

c150e386

create ISSUE_TEMPLATE.md · 14a53ef2
Christian Brauner authored Apr 22, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
14a53ef2

utils: use loop device helpers from LXD · 57ada8a7

authored Apr 22, 2017

Use the loop device helpers I wrote for LXD in LXC as well. They should be more
efficient.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

57ada8a7

conf: non-functional changes · b31b2a20
Christian Brauner authored Apr 22, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
b31b2a20

conf: use bind-mount for /dev/ptmx · a32f7894

authored Apr 22, 2017

AppArmor will refuse on /dev/ptmx being a symlink.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

a32f7894

conf: non-functional changes to setup_pts() · 4de4ec76
Christian Brauner authored Apr 21, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
4de4ec76

19 Apr, 2017 2 commits
- caps: return false if caps are not supported · 4645c74c
  Christian Brauner authored Apr 19, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  4645c74c
- autotools: check for cap_get_file · 1291d99a
  Christian Brauner authored Apr 19, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  1291d99a
18 Apr, 2017 3 commits
- caps: skip file capability checks on android · 723935d6
  Christian Brauner authored Apr 17, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  723935d6
- attach|unshare: fix the wrong comment · 99e54f04
  0x0916 authored Apr 17, 2017
```
Signed-off-by: 0x0916 <w@laoqinren.net>
```
  99e54f04
- fix typo introduced in #1509 · c2fc2033
  Evgeni Golov authored Apr 17, 2017
```
Signed-off-by: Evgeni Golov <evgeni@debian.org>
```
  c2fc2033
17 Apr, 2017 6 commits

ls: simplify the judgment condition when list active containers · 34b87922
0x0916 authored Apr 16, 2017
```
Signed-off-by: 0x0916 <w@laoqinren.net>
```
34b87922
conf: improve log when mounting rootfs · 016c5924
Christian Brauner authored Apr 15, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
016c5924

conf: check for {filecaps,setuid} on new{g,u}idmap · 25743d0d

authored Apr 15, 2017

The new{g,u}idmap binaries where a source of trouble for users when they lacked
sufficient privileges. This commit adds code to check for sufficient privilege.
It checks whether new{g,u}idmap is root owned and has the setuid bit set and if
it doesn't it checks whether new{g,u}idmap is root owned and has CAP_SETUID in
its CAP_PERMITTED and CAP_EFFECTIVE set.

Closes #296.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

25743d0d

caps: add lxc_{proc,file}_cap_is_set() · abeded90

authored Apr 15, 2017

Add two new helpers that allow to determine whether a given proc or file has a
capability in the given set and move lxc_cap_is_set() to static function that
both call internally.

Closes #296.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

abeded90

conf: lxc_map_ids() non-functional changes · e8f08226
Christian Brauner authored Apr 15, 2017
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
e8f08226

conf: less error prone pointer access · 125acbf7

authored Dec 23, 2016

These functions define pointer to their key shifted by a
number and guard access to it later via another variable.
Let's make this more explicit (and additionally have the
pointer be NULL in the case where it is not supposed to be
used).
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

125acbf7

10 Apr, 2017 2 commits
- remove obsolete note about api stability · 0f6e4b4b
  Jakob Gillich authored Apr 08, 2017
```
Signed-off-by: Jakob Gillich <jakob@gillich.me>
```
  0f6e4b4b
- avoid assigning to a variable which is not POSIX shell proof (bug #1498) · bc86797e
  Vincent Catros authored Apr 07, 2017
```
Signed-off-by: Vincent Catros <vincent.catros@laposte.net>
```
  bc86797e
04 Apr, 2017 2 commits

Increased buffer length in print_stats() · f4f749a4

authored Mar 30, 2017

Some "/sys" entries exceeds buffer size.
This results to some statistics loss ('BlkIO' in particular):

 wc -c /sys/fs/cgroup/blkio/lxc/alt/blkio.throttle.io_service_bytes
 318 /sys/fs/cgroup/blkio/lxc/alt/blkio.throttle.io_service_bytes
Signed-off-by: Denis Pynkin <dans@altlinux.org>

f4f749a4

Avoid waiting for bridge interface if disabled in sysconfig/lxc | lxc-net via USE_LXC_BRIDGE · a9b74be6
Torsten Fohrer authored Mar 30, 2017
```
Signed-off-by: Torsten Fohrer <tfohrer@googlemail.com>
```
a9b74be6