- 10 Dec, 2015 11 commits
-
-
Serge Hallyn authored
Closes #712 Signed-off-by:
Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by:
Stéphane Graber <stgraber@ubuntu.com>
-
Tycho Andersen authored
Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Acked-by:
-
Tycho Andersen authored
Signed-off-by:
-
Tycho Andersen authored
We'll use this in the next patch to escape to the root cgroup before we exec criu. v2: s/cgm_connected/cmg_needs_disconnect/g Signed-off-by:
-
Sungbae Yoo authored
Update for commit c154af98Signed-off-by:
Sungbae Yoo <sungbae.yoo@samsung.com> Acked-by:
-
TAMUKI Shoichi authored
Add support for new target plamo to specify the linux distribution. Plamo Linux uses sysvinit. Signed-off-by:
KATOH Yasufumi <karma@jazz.email.ne.jp> Signed-off-by:
TAMUKI Shoichi <tamuki@linet.gr.jp> Acked-by:
-
TAMUKI Shoichi authored
Fold dnsmasq command line at about 80 chars because the line is too long. Signed-off-by:
-
Tycho Andersen authored
No idea how these got there, but let's get rid of them since they're weird. Signed-off-by:
-
Tycho Andersen authored
This patch adds a new ->migrate API call with three commands: MIGRATE_DUMP: this is basically just ->checkpoint() MIGRATE_RESTORE: this is just ->restore() MIGRATE_PRE_DUMP: this can be used to invoke criu's pre-dump command on the container. A small addition to the (pre-)dump commands is the ability to specify a previous partial dump directory, so that one can use a pre-dump of a container. Finally, this new API call uses a structure to pass options so that it can be easily extended in the future (e.g. to CRIU's --leave-frozen option in the future, for potentially smarter failure handling on restore). v2: remember to flip the return code for legacy ->checkpoint and ->restore calls Signed-off-by: -
Tycho Andersen authored
Since we're relying on 1.8 for the seccomp stuff, let's refuse to use anything lower than that. Signed-off-by:
-
Tycho Andersen authored
Instead of *always* resetting the current_config to null, we should only reset it if this API call set it. This allows nesting of API calls, e.g. c->checkpoint() can pass stuff into criu.c, which can call c->init_pid() and not lose the ability to log stuff afterwards. Signed-off-by:
-
- 07 Dec, 2015 1 commit
-
-
Serge Hallyn authored
This is to avoid: https://errors.ubuntu.com/problem/d640a68bf7343705899d7ca8c6bc070d477cd845Signed-off-by:
-
- 03 Dec, 2015 12 commits
-
-
KATOH Yasufumi authored
Update for commit a8dfe4e0 and 6039eaa2Signed-off-by:
-
KATOH Yasufumi authored
Update for commit c154af98Signed-off-by:
-
KATOH Yasufumi authored
Signed-off-by:
-
Christian Brauner authored
Check if symbols SCMP_ARCH_ARM and SCMP_ARCH_PPC are defined. Signed-off-by:
Christian Brauner <christian.brauner@mailbox.org> Acked-by:
-
Serge Hallyn authored
Generally we enforce that a [arch] seccomp section can only be used on [arch]. However, on amd64 we allow [i386] sections for i386 containers, and there we also take [all] sections and apply them for both 32- and 64-bit. Do that also for ppc64 and arm64. This allows seccomp-protected armhf containers to run on arm64. Signed-off-by:
-
Serge Hallyn authored
In which case lxc will not update the apparmor profile at all. Signed-off-by:
-
Sungbae Yoo authored
Update for commit 2b47bac3Signed-off-by:
-
fli authored
The commit: e5848d39 <netdev_move_by_index: support wlan> only made netdev_move_by_name support wlan, instead of netdev_move_by_index. Given netdev_move_by_name is a wrapper of netdev_move_by_index, so here replacing all of the call to lxc_netdev_move_by_index with lxc_netdev_move_by_name to let lxc-start support wlan phys. Signed-off-by:
fupan li <fupan.li@windriver.com> Acked-by:
-
Wolfgang Bumiller authored
Signed-off-by:
Wolfgang Bumiller <w.bumiller@proxmox.com> Acked-by:
-
Wolfgang Bumiller authored
If manual mounting with elevated permissions is required this can currently only be done in pre-start hooks or before starting LXC. In both cases the mounts would appear in the host's namespace. With this flag the namespace is unshared before the startup sequence, so that mounts performed in the pre-start hook don't show up on the host. Signed-off-by:
-
Tycho Andersen authored
v2: get rid of extra debug crap Signed-off-by:
-
Stéphane Graber authored
Signed-off-by:
-
- 20 Nov, 2015 1 commit
-
-
Stéphane Graber authored
This is currently breaking our daily image builds which happen in a perfectly clean environment without a Debian keyring and without anything in /var/cache/lxc Signed-off-by:
-
- 18 Nov, 2015 4 commits
-
-
Stéphane Graber authored
lxc_container struct: add comment about moving member fns
-
Stéphane Graber authored
Better handle preserve_ns behavior
-
Serge Hallyn authored
Signed-off-by: -
Stéphane Graber authored
Signed-off-by:
-
- 17 Nov, 2015 11 commits
-
-
Stéphane Graber authored
lxcapi_clone: restore the unexpanded config len
-
Serge Hallyn authored
Otherwise it gets shortened with the temporary len but never restored - which will only break API users which do a clone then continue to use the original container, meaning this is a hard one to detect. Signed-off-by: -
Serge Hallyn authored
It breaks container starts. This reverts commit 473ebc77.
-
Serge Hallyn authored
Commit b6b2b194 preserves the container's namespaces for possible later use in stop hook. But some kernels don't have /proc/pid/ns/ns for all the namespaces we may be interested in. So warn but continue if this is the case. Implement stgraber's suggested semantics. - User requests some namespaces be preserved: - If /proc/self/ns is missing => fail (saying kernel misses setns) - If /proc/self/ns/<namespace> entry is missing => fail (saying kernel misses setns for <namespace>) - User doesn't request some namespaces be preserved: - If /proc/self/ns is missing => log an INFO message (kernel misses setns) and continue - If /proc/self/ns/<namespace> entry is missing => log an INFO message (kernel misses setns for <namespace>) and continue Signed-off-by:
-
Stéphane Graber authored
lxc-ls: use /usr/bin/env to find an appropriate python3 to run
-
Stéphane Graber authored
Fetch Debian archive GPG keyrings when they're not available
-
Stéphane Graber authored
seccomp: handle inverted arch
-
Serge Hallyn authored
Closes #694 When we start cloning container c1 to c2, we first save c1's configuration in c2's as a starting point. We long ago cleared out the lxc.rootfs entry before saving it, so that if we are killed before we update the rootfs, c2's rootfs doesn't point to c1's. Because then lxc-destroy -n c2 would delete c1's rootfs. But when we introduced the unexpanded_config, we didn't update this code to clear the rootfs out of the unexpanded_config, which is what now actually gets saved in write_config(). Do so. Signed-off-by:
-
Christian Brauner authored
Local variables should not have the same name as global variables to avoid confusion. Signed-off-by:
-
Christian Brauner authored
When we create a random container directory with mkdtemp() we set the mode to 0770 otherwise do_lxcapi_clone() will complain about not being able to create the config. Signed-off-by:
Christian Brauner <christianvanbrauner@gmail.com> Acked-by:
-
Christian Brauner authored
When the clone failed we tried to destroy the container. This will lead to a segfault. Instead simply return -1. Also move the call to free_mnts() after the put label to free the user specified mounts even when we just goto put. Signed-off-by:
-
