Commits · 7e30d659c314da29dece4e4c226f3884f7d80c5e · Chen Yisong / lxc

06 May, 2019 2 commits
- Merge pull request #2977 from brauner/2019-05-06/pidfd_send_signal · 7e30d659
  Stéphane Graber authored May 06, 2019
```
raw_syscalls: add initial support for pidfd_send_signal()
```
  7e30d659
- raw_syscalls: add initial support for pidfd_send_signal() · d9bb2fba
  Christian Brauner authored May 06, 2019
```
Well, I added this syscall so we better use it. :)
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  d9bb2fba
05 May, 2019 2 commits
- Merge pull request #2974 from brauner/master · 192023dd
  Stéphane Graber authored May 05, 2019
```
tree-wide: make socket SOCK_CLOEXEC
```
  192023dd
- Merge pull request #2975 from brauner/2019-05-04/returns_twice · 3ade8167
  Stéphane Graber authored May 05, 2019
```
compiler: add __returns_twice attribute
```
  3ade8167
04 May, 2019 2 commits

compiler: add __returns_twice attribute · 633cb8be

authored May 04, 2019

The returns_twice attribute tells the compiler that a function may return more
than one time. The compiler will ensure that all registers are dead before
calling such a function and will emit a warning about the variables that may be
clobbered after the second return from the function. Examples of such functions
are setjmp and vfork. The longjmp-like counterpart of such function, if any,
might need to be marked with the noreturn attribute.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

633cb8be

Merge pull request #2973 from tomponline/tp-gw-dev · 0854538f
Christian Brauner authored May 04, 2019
```
network: Adds gateway device route mode
```
0854538f

03 May, 2019 5 commits
- Merge pull request #2968 from tomponline/tp-ipvlan-l2proxy · 9e8c3ebe
  Christian Brauner authored May 03, 2019
```
network: Static routes for IPVLAN with L2PROXY
```
  9e8c3ebe
- network: Adds ipvlan static routes for l2proxy mode · b670016a
  tomponline authored May 01, 2019
```
Signed-off-by: tomponline <thomas.parrott@canonical.com>
```
  b670016a
- tree-wide: make socket SOCK_CLOEXEC · ad9429e5
  Christian Brauner authored May 03, 2019
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  ad9429e5
- network: Adds gateway device route mode · a2f9a670
  tomponline authored May 03, 2019
```
Adds ability to specify "dev" as the gateway value, which will cause a device route to be set as default gateway.
Signed-off-by: tomponline <thomas.parrott@canonical.com>
```
  a2f9a670
- Merge pull request #2964 from tomponline/tp-l2proxy · 5b94d538
  Christian Brauner authored May 03, 2019
```
network: Adds layer 2 (ARP/NDP) proxy mode
```
  5b94d538
02 May, 2019 5 commits

Merge pull request #2972 from brauner/2019-05-02/seccomp_notify_mem_fd · 9e1accb9
Stéphane Graber authored May 02, 2019
```
seccomp: send process memory fd
```
9e1accb9
Merge pull request #2971 from hallyn/2019-05-01/nsshare.2 · 99b68bdb
Christian Brauner authored May 02, 2019
```
namespaces: allow a pathname to a nsfd for namespace to share
```
99b68bdb

seccomp: send process memory fd · 5ed06d3a

authored May 02, 2019

There's an inherent race when reading a process's memory. The easiest way is to
have liblxc get an fd and check that the race was one, send it to the caller
(They are free to ignore it if they don't use recvmsg()).
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

5ed06d3a

namespaces: allow a pathname to a nsfd for namespace to share · 39e6fd36
Serge Hallyn authored May 01, 2019
```
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
```
39e6fd36

network: Adds layer 2 (ARP/NDP) proxy mode · 6509154d

authored Apr 30, 2019

Adds the lxc.net.[i].l2proxy flag that can be either 0 or 1.

Defaults to 0.

This, when used with lxc.net.[i].link, will add IP neighbour proxy entries on the linked device
for any IPv4 and IPv6 addresses on the container's network device.

Additionally, for IPv6 addresses it will check the following sysctl values and fail with an error if not set:

	net.ipv6.conf.[link].proxy_ndp=1
	net.ipv6.conf.[link].forwarding=1
Signed-off-by: tomponline <thomas.parrott@canonical.com>

6509154d

01 May, 2019 6 commits
- Merge pull request #2969 from brauner/2019-05-01/seccomp_fixes · 0b5afd32
  Stéphane Graber authored May 01, 2019
```
seccomp: ensure fields are set to 0
```
  0b5afd32
- seccomp: ensure fields are set to 0 · 37046066
  Christian Brauner authored May 01, 2019
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  37046066
- Merge pull request #2950 from tomponline/tp-ipvlan · ea84ddf9
  Christian Brauner authored May 01, 2019
```
network: Adds IPVLAN support
```
  ea84ddf9
- network: Adds IPVLAN support · c9f52382
  tomponline authored Apr 26, 2019
```
Example usage:

	lxc.net[i].type=ipvlan
	lxc.net[i].ipvlan.mode=[l3|l3s|l2] (defaults to l3)
	lxc.net[i].ipvlan.flags=[bridge|private|vepa] (defaults to bridge)
	lxc.net[i].link=eth0
	lxc.net[i].flags=up
Signed-off-by: tomponline <thomas.parrott@canonical.com>
```
  c9f52382
- Merge pull request #2967 from brauner/2019-05-01/seccomp_notifier_api_removal · 28805eb0
  Stéphane Graber authored Apr 30, 2019
```
seccomp: remove alignment requirements
```
  28805eb0
- seccomp: remove alignment requirements · 2a621ece
  Christian Brauner authored May 01, 2019
```
since apparently there are insane programming languages out there that just
silently remove packed members in structs.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  2a621ece
30 Apr, 2019 8 commits
- Merge pull request #2966 from brauner/2019-05-01/seccomp_notifier_api_removal · 2bad9476
  Stéphane Graber authored Apr 30, 2019
```
seccomp: don't commit to an api just yet
```
  2bad9476
- seccomp: don't commit to an api just yet · ebc1c319
  Christian Brauner authored May 01, 2019
```
I'm not sure that I want to be married (to this layout) just yet.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  ebc1c319
- Merge pull request #2965 from brauner/2019-05-01/seccomp_notifier_fixes · 0b8bb8db
  Stéphane Graber authored Apr 30, 2019
```
seccomp: notifier fixes
```
  0b8bb8db
- seccomp: notifier fixes · 2ac0f627
  Christian Brauner authored May 01, 2019
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  2ac0f627
- Merge pull request #2961 from tomponline/tp-static-net-funcs · 8d539bc9
  Christian Brauner authored Apr 30, 2019
```
network: Makes some routing functions static
```
  8d539bc9
- network: Makes some routing functions static · 8f82874c
  tomponline authored Apr 30, 2019
```
The following functions can be made static for consistency:

	lxc_ipv4_dest_add
	lxc_ipv6_dest_add
	lxc_ip_route_dest_add (renamed)
Signed-off-by: tomponline <thomas.parrott@canonical.com>
```
  8f82874c
- Merge pull request #2960 from tomponline/tp-seccomp-apiext-docs · 75614e8e
  Christian Brauner authored Apr 30, 2019
```
docs: Adds missing doc entries for seccomp related API extensions
```
  75614e8e
- docs: Adds missing doc entries for seccomp related API extensions · 7b766ddc
  tomponline authored Apr 30, 2019
```
Signed-off-by: tomponline <thomas.parrott@canonical.com>
```
  7b766ddc
29 Apr, 2019 10 commits
- Merge pull request #2949 from tomponline/tp-veth-routes · 5efab6bf
  Christian Brauner authored Apr 29, 2019
```
network: Adds veth static routes feature
```
  5efab6bf
- Merge pull request #2957 from tomponline/tp-macvlan-mode · 7815c733
  Christian Brauner authored Apr 29, 2019
```
network: Fixes bug in macvlan mode selection
```
  7815c733
- network: Fixes bug in macvlan mode selection · b56680fd
  tomponline authored Apr 29, 2019
```
Signed-off-by: tomponline <thomas.parrott@canonical.com>
```
  b56680fd
- Merge pull request #2956 from brauner/2019-04-29/seccomp_trap_cleanup · 978dfc7e
  Stéphane Graber authored Apr 29, 2019
```
seccomp: cleanup
```
  978dfc7e
- seccomp: cleanup · c3e3c21a
  Christian Brauner authored Apr 29, 2019
```
Simplify and cleanup some of the seccomp code. This mainly focuses on removing
the open coding of various seccomp settings all over the code place in favor of
centralized helpers.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  c3e3c21a
- Merge pull request #2955 from tomponline/tp-ignore-test-build · 27b73709
  Stéphane Graber authored Apr 29, 2019
```
tests: Updates .gitignore to ignore test build artefacts
```
  27b73709
- Merge pull request #2954 from tomponline/tp-vlan-hook · c62784df
  Stéphane Graber authored Apr 29, 2019
```
network: Fixes vlan hook script
```
  c62784df
- tests: Updates .gitignore to ignore test build artefacts · 9574a378
  tomponline authored Apr 29, 2019
```
Signed-off-by: tomponline <thomas.parrott@canonical.com>
```
  9574a378
- network: Fixes vlan hook script · 19abca58
  tomponline authored Apr 29, 2019
```
Signed-off-by: tomponline <thomas.parrott@canonical.com>
```
  19abca58
- network: Adds support host side veth device static routes · d4a7da46
  tomponline authored Apr 25, 2019
```
Adds the following new config keys:

	lxc.net.[i].veth.ipv4.route
	lxc.net.[i].veth.ipv6.route
E.g.

	lxc.net.0.veth.ipv4.route = 192.0.2.1/32
	lxc.net.0.veth.ipv4.route = 192.0.3.0/24
	lxc.net.0.veth.ipv6.route = 2001:db8::1/128
	lxc.net.0.veth.ipv6.route = 2001:db8:2::/64
Signed-off-by: tomponline <thomas.parrott@canonical.com>
```
  d4a7da46