- 25 May, 2018 3 commits
-
-
Christian Brauner authored
seccomp: leak fixup
-
Wolfgang Bumiller authored
Fix an error case not free()ing the line forgotten during the move from fgets() on a static buffer to using getline. Signed-off-by:
Wolfgang Bumiller <w.bumiller@proxmox.com> Fixes: ccf8d128 ("seccomp: parse_config_v1()")
-
Stéphane Graber authored
lxccontainer: fix fd leaks when sending signals
-
- 24 May, 2018 27 commits
-
-
Christian Brauner authored
Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Stéphane Graber authored
seccomp: cleanup
-
Stéphane Graber authored
tree-wide: s/sigprocmask/pthread_sigmask()/g
-
Christian Brauner authored
sscanf() skips whitespace anyway so don't account for tabs in case the file layout changes. Signed-off-by: -
Christian Brauner authored
The behavior of sigprocmask() is unspecified in multi-threaded programs. Let's use pthread_sigmask() instead. Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Seccomp fixes
-
Felix Abecassis authored
Specifier %lli was insufficient for the type uint64_t, all values between 2^63-1 and 2^64-1 were silently converted to 2^63-1. We can't use %llu since it doesn't handle hexadecimal. Instead, we parse the values as strings and then use strtoull(3). Signed-off-by:Felix Abecassis <fabecassis@nvidia.com>
-
Felix Abecassis authored
Signed-off-by: -
Felix Abecassis authored
Signed-off-by: -
Felix Abecassis authored
The maximum field width does not include the null terminator. Signed-off-by:
-
- 23 May, 2018 6 commits
-
-
Stéphane Graber authored
tools: only create log file when requested
-
Stéphane Graber authored
lxc-init: skip signals that can't be caught
-
Stéphane Graber authored
log: enable per-thread container name prefix
-
Christian Brauner authored
We used to initialize a log unconditionally before. This has led to scenarios where users where left with container directories and an empty log file even though they didn't request a log be created at all. Switch all tools to only create a log file when the user explicitly requests this. Closes #1779. Closes #2032. Signed-off-by: -
Christian Brauner authored
use execveat syscall to exec lxc-init if supported
-
Tycho Andersen authored
The execveat allows us to exec stuff via a fd so we don't have to bind mount stuff in. See the comment about why we're using the syscall directly. Closes #2339. Signed-off-by:
Tycho Andersen <tycho@tycho.ws> [christian.brauner@ubuntu.com: adapt error message and whitespace fixes] Signed-off-by:
-
- 22 May, 2018 2 commits
-
-
Christian Brauner authored
Signed-off-by: -
Serge Hallyn authored
cgroups: refactor cgroup handling
-
- 20 May, 2018 1 commit
-
-
Christian Brauner authored
When using the LXC API multi-thread and users initialize a log: struct lxc_log log; log.name = "my-log"; lxc_log_init(&log); all threads will have the same "my-log" prefix even though thy might call lxc_container_new() in separate threads. There is currently no easy way to handle per-thread container name prefixes. To handle this carry a reference to the name of the container in struct lxc_conf and if no log.name was set, use it by default. This way each thread will get the container it is currently working on as a log-prefix. Signed-off-by:
duguhaotian <duguhaotian@gmail.com>
-
- 19 May, 2018 1 commit
-
-
Christian Brauner authored
Signed-off-by:
-
