- 08 Nov, 2017 31 commits
-
-
Christian Brauner authored
If we lack CAP_SYS_ADMIN this is really useful. Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
We need to have lxc_attach() distinguish between a caller specifying specific namespaces to attach to and a caller not requesting specific namespaces. The latter is taken by lxc_attach() to mean that all namespaces will be attached. This also needs to include all inherited namespaces. Closes #1890. Closes #1897. Signed-off-by: -
Christian Brauner authored
Closes #1899. Signed-off-by: -
Christian Brauner authored
Closes #1899. Signed-off-by: -
Peter Korsgaard authored
The configure checks for these use AC_CHECK_DECLS, which define the symbol to 0 if not available - So adjust the code to match. From the autoconf manual: https://www.gnu.org/software/autoconf/manual/autoconf-2.65/html_node/Generic-Declarations.html) For each of the symbols (comma-separated list), define HAVE_DECL_symbol (in all capitals) to ‘1’ if symbol is declared, otherwise to ‘0’. Signed-off-by:
Peter Korsgaard <peter@korsgaard.com>
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
lxc-monitord is deprecated so this is expected to fail. Signed-off-by: -
Christian Brauner authored
Brings the number of open fds in the monitor process for a standard container without ttys down to 17. Signed-off-by: -
Christian Brauner authored
There's no obvious need to strdup() the name of the container in the handler. We can simply make this a pointer to the memory allocated in lxc_container_new(). Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
The console struct is internal and liblxc takes care of creating paths. Signed-off-by: -
Fabrice Fontaine authored
Some toolchains which are not bionic like uclibc does not support prlimit or prlimit64. In this case, return an error. Moreover, if prlimit64 is available, use lxc implementation of prlimit. Signed-off-by:Fabrice Fontaine <fontaine.fabrice@gmail.com>
-
Christian Brauner authored
In case cgroup namespaces are supported but we do not have CAP_SYS_ADMIN we need to mount cgroups for the container. This patch enables both privileged and unprivileged containers without CAP_SYS_ADMIN. Closes #1737. Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
When attaching to a container's namespaces we did not handle the case where we inherited namespaces correctly. In essence, liblxc on start records the namespaces the container was created with in the handler. But it only records the clone flags that were passed to clone() and doesn't record the namespaces we e.g. inherited from other containers. This means that attach only ever attached to the clone flags. But this is only correct if all other namespaces not recorded in the handler refer to the namespaces of the caller. However, this need not be the case if the container has inherited namespaces from another container. To handle this case we need to check whether caller and container are in the same namespace. If they are, we know that things are all good. If they aren't then we need to attach to these namespaces as well. Signed-off-by: -
Jordan Webb authored
Signed-off-by:Jordan Webb <jordemort@github.com>
-
Jordan Webb authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Closes #1857. Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by:
-
- 30 Oct, 2017 6 commits
-
-
Antonio Terceiro authored
This avoids the dance of updating the list of valid releases every time Debian makes a new release. It also fixes the following bug: even though lxc-debian will default to creating containers of the latest stable by querying the archive, it won't allow you to explicitly request `stable` because the current list of valid releases don't include it. Last, but not least, avoid hitting the mirror in the case the desired release is one of the ones we know will always be there, i.e. stable, testing, sid, and unstable. Signed-off-by:Antonio Terceiro <terceiro@debian.org>
-
Antonio Terceiro authored
Doing that confuses locale generation. lxc-ubuntu does the same check Signed-off-by: -
adrian5 authored
Signed-off-by:adrian5 <adrian5@users.noreply.github.com>
-
Antonio Terceiro authored
Being able to create `testing` containers, regardless of what's the name of the next stable, is useful in several contexts, included but not limited to testing purposes. i.e. one won't need to explicitly switch to `bullseye` once `buster` is released to be able to continue tracking `testing`. While we are at it, let's also enable `unstable`, which is exactly the same as `sid`, but there is no reason for not being able to. Signed-off-by: -
Geaaru authored
Problem happens for image with systemd >=233. Minor fix for mirrors list. Signed-off-by:Geaaru <geaaru@gmail.com>
-
Stéphane Graber authored
stable-2.1: tools: allow lxc-attach to undefined containers
-
- 27 Oct, 2017 1 commit
-
-
Christian Brauner authored
For example the following sequence is expected to work: lxc-start -n containerName -f /path/to/conf \ -s 'lxc.id_map = u 0 100000 65536' \ -s 'lxc.id_map = g 0 100000 65536' \ -s 'lxc.rootfs = /path/to/rootfs' \ -s 'lxc.init_cmd = /path/to/initcmd' lxc-attach -n containerName Closes #984. Signed-off-by:
-
- 19 Oct, 2017 2 commits
-
-
Stéphane Graber authored
Signed-off-by:Stéphane Graber <stgraber@ubuntu.com>
-
Adam Borowski authored
Assuming a particular width of a type (or equivalence with "long") doesn't work everywhere. On new architectures, LFS/etc is enabled by default, making rlim_t same as rlim64_t even if long is only 32-bit. Not sure how you handle too big values -- you may want to re-check the strtoull part. Signed-off-by:Adam Borowski <kilobyte@angband.pl>
-
