- 28 Aug, 2018 2 commits
-
-
Christian Brauner authored
A while back the whole lxc_cmd() infrastructure was changed to return meaningful negative error codes. But lxc_cmd_get_init_pid() should always return -1. Make it so! Signed-off-by:
Christian Brauner <christian.brauner@ubuntu.com> Reported-by:
Stéphane Graber <stgraber@ubuntu.com>
-
Stéphane Graber authored
confile: add lxc.cgroup.keep
-
- 27 Aug, 2018 2 commits
-
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
This adds the new lxc.cgroup.keep config key. The key can be used to instruct LXC to not escape to never escape to the root cgroup. This makes it easy for users to adhere to restrictions enforced by cgroup2 and systemd. Specifically, this makes it possible to run LXC containers as systemd services. Note that cgroup v1 is considered legacy and will not see additional controllers being added to it. This means that it is safe to use lxc.cgroup.keep as config key since there is no "keep" controller. The only way a conflict can be introduced is if the user is creating a named controller. I think this case can be safely ignored since it is super rare and also the users problem. Signed-off-by:
-
- 26 Aug, 2018 1 commit
-
-
Christian Brauner authored
Signed-off-by:
-
- 23 Aug, 2018 7 commits
-
-
Wolfgang Bumiller authored
execute: pass /proc/self/fd/<nr>
-
Christian Brauner authored
Passing /proc/1/fd/<nr> presupposes that CLONE_NEWPID was specified. This isn't the case when users use lxc.namespace.keep = pid to inherit pid namespaces. Pass /proc/self/fd/<nr> instead. Signed-off-by:
Mrinal Dhillon <mdhillon@juniper.net>
-
Stéphane Graber authored
execute: skip lxc-init logging when unprivileged
-
Christian Brauner authored
Unprivileged app containers will not be able to open the passed in /proc/1/fd/<idx> log path and will thus currently fail completely as soon as any log level or log file is passed. Signed-off-by:
-
Wolfgang Bumiller authored
include: add safe getifaddrs() version
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
The old version was crazy. This replaces it with an internal version based on musl. Signed-off-by:
-
- 22 Aug, 2018 14 commits
-
-
Stéphane Graber authored
remove last pam_cgfs special-casing
-
Christian Brauner authored
Fix typo
-
Stéphane Graber authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Wolfgang Bumiller authored
log: handle strerror_r() versions + autotools: add --{disable,enable}-thread-safety -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Fail the build if --enable-thread-safety is passed and the environment cannot guarantee thread-safety. Signed-off-by: -
Christian Brauner authored
Closes #2563. Signed-off-by:
-
- 21 Aug, 2018 14 commits
-
-
Christian Brauner authored
autotools: check if compiler is new enough
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
We line up with the Linux kernel and won't support any compiler under 4.6. Additionally, we also require at least gnu99 so this is due anyway. Signed-off-by: -
Stéphane Graber authored
attach: bugfixes
-
Stéphane Graber authored
Makefile: don't allow undefined symbols
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Stéphane Graber authored
conf: fix devpts mounting when fully unprivileged
-
Stéphane Graber authored
pam_cgfs: build from the same sources as liblxc
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Closes #2556. Signed-off-by: -
Christian Brauner authored
Signed-off-by:
-
