- 22 Nov, 2016 35 commits
-
-
Cam Cope authored
Signed-off-by:Cam Cope <cam@dropbox.com>
-
Stéphane Graber authored
tools: replace non-standard namespace identifiers
-
Stéphane Graber authored
tests: remove overflow tests
-
Christian Brauner authored
They do not behave correctly on some architectures, so let's remove them for now and come up with better ones later. Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
Christian Brauner authored
The identifiers for namespaces used with lxc-unshare and lxc-attach as given on the manpage do not align with the standard identifiers. This affects network, mount, and uts namespaces. The standard identifiers are: "mnt", "uts", and "net" whereas lxc-unshare and lxc-attach use "MOUNT", "UTSNAME", and "NETWORK". I'm weary to hack this into namespace.{c.h} by e.g. adding additional members to the ns_info struct or to special case this in lxc_fill_namespace_flags(). Internally, we should only accept standard identifiers to ensure that we are always correctly aligned with the kernel. So let's use some cheap memmove()s to replace them by their standard identifiers in lxc-unshare and lxc-attach. Signed-off-by: -
Serge Hallyn authored
remove atoi
-
Christian Brauner authored
Signed-off-by:Christian Brauner <christian.brauner@canonical.com>
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
This function safely parses an unsigned integer. On success it returns 0 and stores the unsigned integer in @converted. On error it returns a negative errno. Signed-off-by:
-
- 21 Nov, 2016 3 commits
-
-
Serge Hallyn authored
cgroup: improve isolcpus handling
-
Christian Brauner authored
If the file "/sys/devices/system/cpu/isolated" doesn't exist, we can't just simply bail. We still need to check whether we need to copy the parents cpu settings. Signed-off-by: -
Christian Brauner authored
- add more logging - only write to cpuset.cpus if we really have to - simplify cleanup on error and success Signed-off-by:
-
- 20 Nov, 2016 2 commits
-
-
Stéphane Graber authored
use ns info struct and always attach to user namespace first
-
Christian Brauner authored
Move the user namespace at the first position in the array so that we always attach to it first when iterating over the struct and using setns() to switch namespaces. This especially affects lxc_attach(): Suppose you cloned a new user namespace and mount namespace as an unprivileged user on the host and want to setns() to the mount namespace. This requires you to attach to the user namespace first otherwise the kernel will fail this check: if (!ns_capable(mnt_ns->user_ns, CAP_SYS_ADMIN) || !ns_capable(current_user_ns(), CAP_SYS_CHROOT) || !ns_capable(current_user_ns(), CAP_SYS_ADMIN)) return -EPERM; in linux/fs/namespace.c:mntns_install(). Signed-off-by:
-
