Commits · 934ecd08fc4ecc116f6ec16f14a63cd740b392d0 · Chen Yisong / lxc

26 Oct, 2016 5 commits

log: sanity check the returned value from snprintf() · 934ecd08

authored Oct 10, 2016

The returned value from snprintf() should be checked carefully.

This bug can be leveraged to execute arbitrary code through carefully
constructing the payload, e.g,

lxc-freeze -n `python -c "print 'AAAAAAAA' + 'B'*959"` -P PADPAD -o /tmp/log

This command running on Ubuntu 14.04 (x86-64) can cause a segment fault.
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>

934ecd08

mark the python examples as having utf-8 encoding · 51ee3c58

authored Oct 08, 2016

this allows running them also under Python2, which otherwise
would choke on Stéphane's name and error out with
 SyntaxError: Non-ASCII character '\xc3' in file …
Signed-off-by: Evgeni Golov <evgeni@debian.org>

51ee3c58

add Documentation entries to lxc and lxc@ units · 8d45c62c
Evgeni Golov authored Oct 08, 2016
```
Signed-off-by: Evgeni Golov <evgeni@debian.org>
```
8d45c62c
tests: add test for detect_ramfs_rootfs() · ac920ef6
Christian Brauner authored Sep 06, 2016
```
Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
```
ac920ef6
utils: make detect_ramfs_rootfs() return bool · 32a2ca49
Christian Brauner authored Sep 06, 2016
```
Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
```
32a2ca49

05 Oct, 2016 3 commits
- change version to 2.0.5 in configure.ac · 357e023b
  Stéphane Graber authored Oct 05, 2016
```
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
```
  357e023b
- tools: lxc-checkconfig conditionalize devpts check · 3a61be8e
  Christian Brauner authored Sep 29, 2016
```
Only check for DEVPTS_MULTIPLE_INSTANCES on kernels < 4.7.
Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
```
  3a61be8e
- Define LXC_DEVEL to detect development releases · 51a43951
  Stéphane Graber authored Oct 04, 2016
```
This can be used by downstreams to improve their "feature" checks.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
```
  51a43951
03 Oct, 2016 7 commits
- Fix spelling of CentOS in the templates · fbe7891b
  Roman Mueller authored Sep 28, 2016
```
Signed-off-by: Roman Mueller <roman.mueller@gmail.com>
```
  fbe7891b
- utils: lxc_deslashify() free memory · f9f676d7
  Christian Brauner authored Sep 26, 2016
```
Make sure we always free any memory that was allocated by the call to
lxc_normalize_path().
Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
```
  f9f676d7
- Fix for ALTLinux container creation in all branches · 3d5658d1
  Denis Pynkin authored Sep 26, 2016
```
Use 'apt-conf' virtual package for ALTLinux default packages set
Signed-off-by: Denis Pynkin <denis_pynkin@epam.com>
```
  3d5658d1
- tests: add unit tests for lxc_deslashify() · 29cbbb02
  Christian Brauner authored Sep 25, 2016
```
Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
```
  29cbbb02
- tools: lxc_deslashify() handle special cases · 0f0bf497
  Christian Brauner authored Sep 25, 2016
```
Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
```
  0f0bf497
- utils: fix lxc_string_split() · 304b20df
  Christian Brauner authored Sep 25, 2016
```
Make sure we don't return uninitialized memory.
Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
```
  304b20df
- Fix null derefence if attach is called without access to any tty · 07d11275
  Oliver Matthews authored Sep 25, 2016
```
Signed-off-by: Oliver Matthews <oliver@codersoffortune.net>
```
  07d11275
23 Sep, 2016 13 commits

c/r: detatch from controlling tty on restore · a6013704
Tycho Andersen authored Sep 21, 2016
```
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
```
a6013704

conf: try to retrieve mtu from veth · eb39afe5

authored Sep 21, 2016

When the mtu cannot be retrieved from netdev->link try from veth device.
Signed-off-by: Christian Brauner <christian.brauner@canonical.com>

eb39afe5

conf: retrieve mtu from netdev->link · 8d9e6d77

authored Sep 21, 2016

When mtu is not set, try to retrieve mtu from netdev->link.
Signed-off-by: Christian Brauner <christian.brauner@canonical.com>

8d9e6d77

tools: do not add trailing spaces on lxc-ls -1 · 8d74bafd
Christian Brauner authored Sep 21, 2016
```
Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
```
8d74bafd

c/r: check that cgroup_num_hierarchies > 0 · 8b4e6d69

authored Sep 16, 2016

Otherwise in the error case, we end up subtracting two from the
static_args, which would lead to a segfault :)
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>

8b4e6d69

cgroup: drop cgroup_canonical_path · d7e0fb80

authored Sep 14, 2016

This is almost never the right thing to use, and we don't use it any more
anyway.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>

d7e0fb80

cgroup: get rid of weird hack in cgfsng_escape · a6f6d468

authored Sep 14, 2016

We initialized cgfsng in a strange way inside of its implementation of
escape so we could use it during checkpoint. Instead, the previous patch
does a hacky initialization in criu.c, and we can get rid of the hacks
elsewhere :)
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>

a6f6d468

c/r: pass --cgroup-roots on checkpoint · 02f2cba6

authored Sep 14, 2016

CRIU has added support for passing --cgroup-root on dump, which we should
use (see the criu commit 07d259f365f224b32914de26ea0fd59fc6db0001 for
details). Note that we don't have to do any version checking or anything,
because CRIU just ignored --cgroup-root on checkpoint before, so passing it
is safe, and will result in correct behavior when a sufficient version of
CRIU is present.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>

02f2cba6

utils: add lxc_deslashify · 8c41d0fc
Tycho Andersen authored Sep 14, 2016
```
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
```
8c41d0fc

cgroup: add new functions for interacting with hierachies · 336b642f

authored Sep 14, 2016

N.B. that these are only implemented in cgfsng, but,

15:28:28    tych0 | do we still use cgfs anywhere? or the cgm backend?
15:29:19 stgraber | not anywhere we care about

...I think that's okay.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>

336b642f

c/r: fix typo in comment · f3727c94
Tycho Andersen authored Sep 12, 2016
```
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
```
f3727c94

lxc-create -t debian fails on ppc64el arch · 2658578e

authored Sep 16, 2016

Template catches arch from uname -m, but for ppc64el system, arch reports ppc64le
which doesn't match image repo.
Signed-off-by: Thierry Fauck <tfauck@free.fr>
Signed-off-by: Serge Hallyn <serge@hallyn.com>

2658578e

make rsync deal with sparse files efficiently · 0725879b
Lukas Pirl authored Sep 14, 2016
```
Signed-off-by: Lukas Pirl <git@lukas-pirl.de>
```
0725879b

14 Sep, 2016 12 commits

c/r: free valid_opts if necessary · 5fbd50cd

authored Sep 13, 2016

2cb80427 introduced a malloc without a
matching free.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>

5fbd50cd

lxczfs: small fixes · 07eb2723

authored Sep 13, 2016

- We expect destroy to fail in zfs_clone() so try to silence it so users are
  not irritated when they create zfs snapshots.
- Add -r recursive to zfs_destroy(). This code is only hit when a) the
  container has no snapshots or b) the user calls destroy with snapshots. So
  this should be safe. Without -r snapshots will remain.
Signed-off-by: Christian Brauner <christian.brauner@canonical.com>

07eb2723

c/r: zero a smaller than known migrate_opts struct · 8319c93f
Tycho Andersen authored Sep 08, 2016
```
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
```
8319c93f
templates: use correct cron version in alpine template · 4674d20e
Alex Athanasopoulos authored Sep 06, 2016
```
Signed-off-by: Alex Athanasopoulos <alex@melato.org>
```
4674d20e
tests: fix get_item tests · 0e5743d5
Christian Brauner authored Sep 05, 2016
```
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
```
0e5743d5

configure: add --disable-werror · 18f96d10

authored Sep 04, 2016

-Werror may break builds on some scenarios with trivialities
(especially during developments).
Signed-off-by: Jérôme Pouiller <jezz@sysmic.org>

18f96d10

console: use correct log name · b5eb7be1

authored Sep 03, 2016

lxc_console is used with lxc_console.c
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>

b5eb7be1

templates: remove creation of bogus directory · cdb7b5a7

authored Sep 01, 2016

An incorrect quoting introduced in bf39edb3 caused a /{lib,etc} folder to
appear in Debian templates

The very next line :
    mkdir -p "${rootfs}/etc/systemd/system/getty.target.wants

makes creating ${rootfs}/etc/systemd/system/ unnecessary in the first
place
Signed-off-by: Maxime Besson <maxime.besson@smile.fr>

cdb7b5a7

templates: rm halt.target -> sigpwr.target symlink · 09b157d4

authored Aug 31, 2016

Given commit 330ae3d3:

    lxccontainer: detect if we should send SIGRTMIN+3

    This is required by systemd to cleanly shutdown. Other init systems should not
    have SIGRTMIN+3 in the blocked signals set.

we should stop symlinking halt.target to sigpwr.target for systemd.
Signed-off-by: Christian Brauner <cbrauner@suse.de>

09b157d4

set FULL_PATH_NAMES=NO in doc/api/Doxyfile · 4167ada8

authored Aug 27, 2016

otherwise the generated docs have the full build path in them
and nonbody cares that the files were built in
 /build/lxc-_BVY2u/lxc-2.0.4/src/lxc/
Signed-off-by: Evgeni Golov <evgeni@debian.org>

4167ada8

c/r: write status only after trying to parse the pid · bc3da65f

authored Aug 26, 2016

Previously, we write a "success" status but tried to parse the pid. This
meant that we wouldn't notice a successful restore but failure to parse the
pid, which was a little strange.

We still don't know the child pid, so we will end up with a restored
process tree and a running container, but at least in this case the API
will return false indicating that something failed.

We could kill(-1, 9) in this case, but since liblxc runs as root sometimes
(e.g. LXD), that would be a Very Bad Thing.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>

bc3da65f

remove extra 'ret' · 063ce092
Tycho Andersen authored Aug 26, 2016
```
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
```
063ce092