- 24 Oct, 2013 10 commits
-
-
Serge Hallyn authored
Signed-off-by:
Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by:
Stéphane Graber <stgraber@ubuntu.com>
-
Serge Hallyn authored
It needs to be done from the handler, not the container, since the container may not have the rights. Signed-off-by:
-
Serge Hallyn authored
1. lxcapi_create: don't try to unshare and mount for dir backed containers It's unnecessary, and breaks unprivileged lxc-create (since unpriv users cannot yet unshare(CLONE_NEWNS)). 2. api_create: chown rootfs chown rootfs to the host uid to which container root will be mapped 3. create: run template in a mapped user ns 4. use (setuid-root) newxidmap to set id_map if we are not root This is needed to be able to set userns mappings as an unprivileged user, for unprivileged lxc-start. Signed-off-by:
-
Serge Hallyn authored
In a few places we checked for LONG_MIN or LONG_MAX as indication that strtoul failed. That's not reliable. As suggested in the manpage, switch to checking errno value. Signed-off-by: -
Stéphane Graber authored
Those are a bit less obvious than those I pushed directly to master. All those changes were required to build LXC under clang here. With this, gcc can be replaced by clang to build LXC so long as you're not using the python3 binding (as python extensions can't be built under clang at the moment). For reference, the clang output for those is: http://paste.ubuntu.com/6292460/Signed-off-by:
-
Stéphane Graber authored
Signed-off-by:
Thomas Nemeth <thomas.nemeth@laposte.net> Acked-by:
-
Serge Hallyn authored
Since we check /sys/kernel/security/ files when deciding whether apparmor is enabled, and that might not be mounted in the container, we cannot re-make the decision at apparmor_process_label_set() time. Luckily we don't have to - just cache the decision made at lsm_apparmor_drv_init(). Signed-off-by:
-
Dwight Engen authored
Note that since we don't drop CAP_SYS_ADMIN, root in the container can remount proc or sys however they want to, however this at least improves the default situation. Signed-off-by:
Dwight Engen <dwight.engen@oracle.com> Acked-by:
-
Stéphane Graber authored
Signed-off-by: -
Stéphane Graber authored
Signed-off-by:
-
- 23 Oct, 2013 3 commits
-
-
KATOH Yasufumi authored
Update for commit 055af165Signed-off-by:
KATOH Yasufumi <karma@jazz.email.ne.jp> Acked-by:
-
KATOH Yasufumi authored
Signed-off-by:
-
KATOH Yasufumi authored
When no template file is specified on lxc-create, recieve segfault. So change not to append header in config when no template is specified. Signed-off-by:
-
- 22 Oct, 2013 7 commits
-
-
Serge Hallyn authored
Also log execlp error code if it returns. Signed-off-by: -
Sidnei da Silva authored
Remove the union in bdev_specs and store all options if -Bbest is passed. Fixes issue #31. Signed-off-by:
Sidnei da Silva <sidnei.da.silva@canonical.com> Signed-off-by:
-
Dwight Engen authored
Fixes rpmlint error "script-without-shebang". Checked other lua modules and none are installed with execute permission. Signed-off-by:
-
Dwight Engen authored
The following changes were made to fix rpmlint warnings/errors - use %global instead of %define http://fedoraproject.org/wiki/PackagingDrafts/global_preferred_over_define - change Summary to match .deb - update License - do not mention the libcap dependency explicitly, rpm will fill it in - fix Summary, Description for libs and devel packages - pass -q to %setup - add %post for libs to run ldconfig - explicitly name lxc man paths so pkg doesn't "own" /usr/share/man - mark /etc/lxc/default.conf as a config file In addition, while I was here: - split lua bits into seperate lxc-lua package - change Description to match .deb - remove "Version" in changelog entries to follow http://fedoraproject.org/wiki/Packaging:Guidelines#ChangelogsSigned-off-by:
-
Serge Hallyn authored
Signed-off-by:
-
Natanael Copa authored
The template creates /dev/full for the container but needs also give permission to access it. Signed-off-by:
Natanael Copa <ncopa@alpinelinux.org> Signed-off-by:
-
Serge Hallyn authored
The idea was simply misguided. If you provide a custom configuration file, you still should be putting the command sock into the real lxcpath, not an 'anon' one. Signed-off-by:
-
- 21 Oct, 2013 4 commits
-
-
tenforward authored
Update for commit 62c70ee2Signed-off-by:
-
Sidnei da Silva authored
If lvs invocation fails or doesn't return any output, then lv flags comparison to false. Signed-off-by:
-
Sidnei da Silva authored
When using the -Bloop option, fstype and fssize arguments were copied into the lvm struct of bdev specs instead of the loop struct. Signed-off-by:
-
Sidnei da Silva authored
Will fallback to no thinpool if not present or if thin pool provided on the command line does not exist. Signed-off-by:
-
- 20 Oct, 2013 2 commits
-
-
Stéphane Graber authored
Signed-off-by: -
Stéphane Graber authored
Signed-off-by:
-
- 19 Oct, 2013 4 commits
-
-
S.Çağlar Onur authored
[...] make[3]: Entering directory `/home/caglar/Projects/lxc/src/tests' depbase=`echo attach.o | sed 's|[^/]*$|.deps/&|;s|\.o$||'`;\ gcc -DHAVE_CONFIG_H -I. -I../../src -I../../src -DLXCROOTFSMOUNT=\"/usr/lib/x86_64-linux-gnu/lxc/rootfs\" -DLXCPATH=\"/var/lib/lxc\" -DLXC_GLOBAL_CONF=\"/etc/lxc/lxc.conf\" -DLXCINITDIR=\"/usr/libexec\" -DLXC_DEFAULT_CONFIG=\"/etc/lxc/default.conf\" -g -O2 -Wall -Werror -MT attach.o -MD -MP -MF $depbase.Tpo -c -o attach.o attach.c &&\ mv -f $depbase.Tpo $depbase.Po attach.c: In function ‘main’: attach.c:380:2: error: implicit declaration of function ‘test_lsm_detect’ [-Werror=implicit-function-declaration] cc1: all warnings being treated as errors make[3]: *** [attach.o] Error 1 [...] Signed-off-by:S.Çağlar Onur <caglar@10ur.org> Signed-off-by:
-
S.Çağlar Onur authored
Signed-off-by:
-
S.Çağlar Onur authored
Signed-off-by:
-
S.Çağlar Onur authored
Signed-off-by:
-
- 18 Oct, 2013 10 commits
-
-
Stéphane Graber authored
Signed-off-by: -
Stéphane Graber authored
Signed-off-by: -
Stéphane Graber authored
Signed-off-by: -
Sidnei da Silva authored
-
Sidnei da Silva authored
-
Sidnei da Silva authored
Add a --thinpool argument to lxc-create, to use thin pool backed lvm when creating the container. When cloning a container backed by a thin pool, the clone will default to the same thin pool.
-
Dwight Engen authored
On a system with AppArmor enabled, if lxc.se_context is configured but lxc.aa_profile is not (because the user just wants to use the default AppArmor profile) lxc was passing the lxc.se_context to be set as the new AppArmor profile. Determine which configuration item to use based on which lsm is enabled. Signed-off-by:
-
Dwight Engen authored
- Add attach test cases - Moved setting of LSM label later to avoid failure of IPC between parent and child during attach Signed-off-by:
-
Dwight Engen authored
Signed-off-by:
-
Natanael Copa authored
It was probably disabled by a mistake Signed-off-by:
-
