Commits · 9fd047d1585fb278c30ae21ce67ae145e7d8f966 · Chen Yisong / lxc

25 Aug, 2020 1 commit

authored Aug 25, 2020

Link: https://launchpadlibrarian.net/494473462/buildlog_ubuntu-groovy-armhf.lxc_1%3A4.0.4-0ubuntu2_BUILDING.txt.gzSigned-off-by: Christian Brauner <christian.brauner@ubuntu.com>

9fd047d1

21 Aug, 2020 4 commits

Merge pull request #3528 from graysky2/master · c22a1a4a
Stéphane Graber authored Aug 21, 2020
```
remove deprecated options in lxc.service fixes #3527
```
c22a1a4a
Merge pull request #3526 from brauner/2020-08-21/fixes · 256928ac
Stéphane Graber authored Aug 21, 2020
```
cgfsng: fix cgroup attach cgroup creation
```
256928ac
remove deprecated options in lxc.service fixes #3527 · 0c4cd88d
graysky authored Aug 21, 2020
```
Signed-off-by: graysky <graysky@archlinux.us>
```
0c4cd88d

cgfsng: fix cgroup attach cgroup creation · c80c9a70

authored Aug 21, 2020

[01m[Kcgroups/cgfsng.c:[m[K In function ‘[01m[Kcgroup_attach_leaf.constprop[m[K’:
[01m[Kcgroups/cgfsng.c:2221:10:[m[K [01;31m[Kerror: [m[Kwriting 1 byte into a region of size 0 [[01;31m[K-Werror=stringop-overflow=[m[K]
 2221 |   [01;31m[K*slash = '\0'[m[K;
      |   [01;31m[K~~~~~~~^~~~~~[m[K
[01m[Kcgroups/cgfsng.c:2213:8:[m[K [01;36m[Knote: [m[Kat offset -13 to object ‘[01m[Kattach_cgroup[m[K’ with size 23 declared here
 2213 |   char [01;36m[Kattach_cgroup[m[K[STRLITERALLEN(".lxc-1000/cgroup.procs") + 1];
      |        [01;36m[K^~~~~~~~~~~~~[m[K
[01m[Kcgroups/cgfsng.c:2229:10:[m[K [01;31m[Kerror: [m[Kwriting 1 byte into a region of size 0 [[01;31m[K-Werror=stringop-overflow=[m[K]
 2229 |   [01;31m[K*slash = '/'[m[K;
      |   [01;31m[K~~~~~~~^~~~~[m[K
[01m[Kcgroups/cgfsng.c:2213:8:[m[K [01;36m[Knote: [m[Kat offset -13 to object ‘[01m[Kattach_cgroup[m[K’ with size 23 declared here
 2213 |   char [01;36m[Kattach_cgroup[m[K[STRLITERALLEN(".lxc-1000/cgroup.procs") + 1];
      |        [01;36m[K^~~~~~~~~~~~~[m[K
[01m[Kcgroups/cgfsng.c:2229:10:[m[K [01;31m[Kerror: [m[Kwriting 1 byte into a region of size 0 [[01;31m[K-Werror=stringop-overflow=[m[K]
 2229 |   [01;31m[K*slash = '/'[m[K;
      |   [01;31m[K~~~~~~~^~~~~[m[K
[01m[Kcgroups/cgfsng.c:2213:8:[m[K [01;36m[Knote: [m[Kat offset -13 to object ‘[01m[Kattach_cgroup[m[K’ with size 23 declared here
 2213 |   char [01;36m[Kattach_cgroup[m[K[STRLITERALLEN(".lxc-1000/cgroup.procs") + 1];
      |        [01;36m[K^~~~~~~~~~~~~[m[K

Link: https://launchpadlibrarian.net/494354168/buildlog_ubuntu-groovy-armhf.lxc_1%3A4.0.4-0ubuntu1_BUILDING.txt.gzSigned-off-by: Christian Brauner <christian.brauner@ubuntu.com>

c80c9a70

17 Aug, 2020 1 commit
- Merge pull request #3522 from avr1254/master · 9d3b7c97
  Stéphane Graber authored Aug 17, 2020
```
Updated documentation to reflect lack of support for pure cgroupv2
```
  9d3b7c97
15 Aug, 2020 1 commit
- Updated documentation to reflect lack of support for pure cgroupv2 · b87ed83b
  Arjun Ramachandrula authored Aug 15, 2020
```
Signed-off-by: Arjun Ramachandrula <arjun.ramachandrula@gmail.com>
```
  b87ed83b
12 Aug, 2020 2 commits
- Merge pull request #3518 from brauner/2020-08-12/fixes · 76a59906
  Stéphane Graber authored Aug 12, 2020
```
lsm: remove the need for atomic operations
```
  76a59906
- lsm: remove the need for atomic operations · af04d847
  Christian Brauner authored Aug 12, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  af04d847
11 Aug, 2020 3 commits
- Merge pull request #3517 from brauner/2020-08-10/fixes_2 · b7993256
  Stéphane Graber authored Aug 11, 2020
```
lsm: rewrite
```
  b7993256
- lsm: use atomic in ase we're used multi-threaded · 3bb6ff01
  Christian Brauner authored Aug 11, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  3bb6ff01
- lsm: rework lsm handling · d701d729
  Christian Brauner authored Aug 10, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  d701d729
10 Aug, 2020 4 commits
- Merge pull request #3514 from brauner/2020-08-10/fixes · d333aeb4
  Stéphane Graber authored Aug 10, 2020
```
conf: terminal and /dev hardening
```
  d333aeb4
- terminal: harden terminal allocation · 8ea93a0f
  Christian Brauner authored Aug 10, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  8ea93a0f
- conf: move /dev setup to be file descriptor based · 953db219
  Christian Brauner authored Aug 10, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  953db219
- Merge pull request #3513 from brauner/2020-08-09/openat2 · 567104e5
  Stéphane Graber authored Aug 09, 2020
```
openat2() and safe mounting
```
  567104e5
09 Aug, 2020 9 commits
- conf: harden lxc_fill_autodev() via save_mount_beneath_at() · d43d5191
  Christian Brauner authored Aug 09, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  d43d5191
- file_utils: add exists_dir_at() · 6f61472b
  Christian Brauner authored Aug 09, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  6f61472b
- conf: make use of stashed container mountpoint fd in mount_autodev() · ae9215cf
  Christian Brauner authored Aug 09, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  ae9215cf
- conf: stash file descriptor to root mountpoint in struct lxc_rootfs · 31f8b2fd
  Christian Brauner authored Aug 09, 2020
```
This way we only need to open it _once_ per container startup.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  31f8b2fd
- utils: introduce safe_mount_beneath_at() · 43535b6d
  Christian Brauner authored Aug 09, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  43535b6d
- cgfsng: use safe_mount_beneath() · 8b1f4dd9
  Christian Brauner authored Aug 09, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  8b1f4dd9
- conf: switch mount_autodev() to new safe_mount_beneath() helper · ee8eeba8
  Christian Brauner authored Aug 09, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  ee8eeba8
- utils: add safe_mount_beneath() based on openat2() · 65f0afde
  Christian Brauner authored Aug 09, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  65f0afde
- syscalls: add openat2() · 2b0c8106
  Christian Brauner authored Aug 09, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  2b0c8106
07 Aug, 2020 3 commits
- Merge pull request #3512 from stgraber/master · da0fdceb
  Christian Brauner authored Aug 07, 2020
```
lxc-download fixes
```
  da0fdceb
- lxc-download: Fix retry loop · e14546e3
  Stéphane Graber authored Aug 07, 2020
```
Closes #3511
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
```
  e14546e3
- Revert "templates/lxc-download.in: use GPG option --receive-keys instead of --recv-keys" · 459fef26
  Stéphane Graber authored Aug 07, 2020
```
This reverts commit 409040e7.

Testing of both options show identical behavior but receive-keys does
not exist on older releases, so let's revert this.

Closes #3510
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
```
  459fef26
06 Aug, 2020 7 commits
- Merge pull request #3509 from brauner/2020-08-06/fixes · dc9074bb
  Stéphane Graber authored Aug 06, 2020
```
api-extension: add missing seccomp_proxy_send_notify_fd extension
```
  dc9074bb
- api-extension: add missing seccomp_proxy_send_notify_fd extension · 0dd2e321
  Christian Brauner authored Aug 06, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  0dd2e321
- Merge pull request #3508 from brauner/2020-08-06/fixes · 2a35d949
  Stéphane Graber authored Aug 06, 2020
```
seccomp: add seccomp_notify_fd_active api extension
```
  2a35d949
- seccomp: send notify fd as part of the message · ec49d30f
  Christian Brauner authored Aug 06, 2020
```
Since we haven't made this official api yet: YOLO
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  ec49d30f
- seccomp: add seccomp_notify_fd_active api extension · 21405769
  Christian Brauner authored Aug 06, 2020
```
which allows to retrieve an active seccomp notifier fd from a running
container.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  21405769
- Merge pull request #3507 from brauner/2020-08-06/fixes · 05af17d7
  Stéphane Graber authored Aug 06, 2020
```
seccomp: don't close the mainloop, simply remove the handler
```
  05af17d7
- seccomp: don't close the mainloop, simply remove the handler · eb551cef
  Christian Brauner authored Aug 06, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  eb551cef
05 Aug, 2020 5 commits
- Merge pull request #3506 from brauner/2020-08-05/safe_native_terminal_allocation · c6018400
  Stéphane Graber authored Aug 05, 2020
```
macro: define TIOCGPTPEER if missing
```
  c6018400
- conf: use openat() instead of open_tree() · cfca9ccd
  Christian Brauner authored Aug 05, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  cfca9ccd
- macro: define TIOCGPTPEER if missing · 07002a08
  Christian Brauner authored Aug 05, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  07002a08
- Merge pull request #3505 from brauner/2020-08-05/safe_native_terminal_allocation · 1f15c1c3
  Stéphane Graber authored Aug 05, 2020
```
terminal: safely allocate pts devices from inside the container
```
  1f15c1c3
- terminal: safely allocate pts devices from inside the container · f797f05e
  Christian Brauner authored Aug 05, 2020
```
This was a year long journey which seems to finally have come to an end.

Closes: #1620.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  f797f05e