Commits · b52e8e68a61866da2af86e85905ec850f8a8b7fc · Chen Yisong / lxc

09 May, 2019 3 commits

raw_syscalls: simplify assembly · b52e8e68

authored May 09, 2019

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Co-developed-by: David Howells <dhowells@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>

b52e8e68

Merge pull request #2983 from tenforward/japanese · c6494c4b
Christian Brauner authored May 09, 2019
```
Update Japanese lxc.container.conf(5)
```
c6494c4b

doc: Fix and improve Japanese translation · c425edc6

authored May 09, 2019

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Reviewed-by: Hiroaki Nakamura <hnakamur@gmail.com>

c425edc6

08 May, 2019 1 commit

doc: Update Japanese lxc.container.conf(5) · 7dd6ead9

authored May 08, 2019

This is the translation for the following description:
  - lxc.seccomp.notify.proxy (commit 8a643759)
  - host side veth device static routes (commit d4a7da46)
  - IPVLAN (commit c9f52382)
  - Layer 2 proxy mode (commit 6509154d)
  - gateway device route mode (commit a2f9a670)

and fix typo in English man page.
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

7dd6ead9

07 May, 2019 8 commits
- Merge pull request #2982 from Rachid-Koucha/patch-5 · b1045fd3
  Christian Brauner authored May 07, 2019
```
Devices created in rootfs instead of rootfs/dev
```
  b1045fd3
- Devices created in rootfs instead of rootfs/dev · 28eb86bd
  Rachid Koucha authored May 07, 2019
```
Added /dev in the mknod commands.
Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>
```
  28eb86bd
- Merge pull request #2981 from tomponline/tp-veth-gateway · 668084bb
  Christian Brauner authored May 07, 2019
```
network: Re-works veth gateway logic
```
  668084bb
- network: Re-works veth gateway logic · 009d6127
  tomponline authored May 07, 2019
```
Handles more errors and gives better error messages.
Signed-off-by: tomponline <thomas.parrott@canonical.com>
```
  009d6127
- Merge pull request #2979 from tomponline/tp-vlan-mtu · 1732294c
  Christian Brauner authored May 07, 2019
```
network: Makes vlan network interfaces set mtu before upscript called
```
  1732294c
- Merge pull request #2978 from tomponline/tp-ipvlan-mtu · 2c07c966
  Christian Brauner authored May 07, 2019
```
network: Adds custom mtu support for ipvlan interfaces
```
  2c07c966
- network: Makes vlan network interfaces set mtu before upscript called · 3e2a7b08
  tomponline authored May 07, 2019
```
This is consistent with veth and ipvlan types.

Also makes the debug message for success occur after up script has run.

Also makes device clean up on error more thorough and consistent.
Signed-off-by: tomponline <thomas.parrott@canonical.com>
```
  3e2a7b08
- network: Adds custom mtu support for ipvlan interfaces · 006e135e
  tomponline authored May 07, 2019
```
Signed-off-by: tomponline <thomas.parrott@canonical.com>
```
  006e135e
06 May, 2019 4 commits
- Merge pull request #2976 from brauner/2019-05-06/bugfixes · 19a50320
  Stéphane Graber authored May 06, 2019
```
seccomp: document path calculation
```
  19a50320
- Merge pull request #2977 from brauner/2019-05-06/pidfd_send_signal · 7e30d659
  Stéphane Graber authored May 06, 2019
```
raw_syscalls: add initial support for pidfd_send_signal()
```
  7e30d659
- raw_syscalls: add initial support for pidfd_send_signal() · d9bb2fba
  Christian Brauner authored May 06, 2019
```
Well, I added this syscall so we better use it. :)
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  d9bb2fba
- seccomp: document path calculation · 18847d37
  Christian Brauner authored May 06, 2019
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  18847d37
05 May, 2019 2 commits
- Merge pull request #2974 from brauner/master · 192023dd
  Stéphane Graber authored May 05, 2019
```
tree-wide: make socket SOCK_CLOEXEC
```
  192023dd
- Merge pull request #2975 from brauner/2019-05-04/returns_twice · 3ade8167
  Stéphane Graber authored May 05, 2019
```
compiler: add __returns_twice attribute
```
  3ade8167
04 May, 2019 2 commits

compiler: add __returns_twice attribute · 633cb8be

authored May 04, 2019

The returns_twice attribute tells the compiler that a function may return more
than one time. The compiler will ensure that all registers are dead before
calling such a function and will emit a warning about the variables that may be
clobbered after the second return from the function. Examples of such functions
are setjmp and vfork. The longjmp-like counterpart of such function, if any,
might need to be marked with the noreturn attribute.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

633cb8be

Merge pull request #2973 from tomponline/tp-gw-dev · 0854538f
Christian Brauner authored May 04, 2019
```
network: Adds gateway device route mode
```
0854538f

03 May, 2019 5 commits
- Merge pull request #2968 from tomponline/tp-ipvlan-l2proxy · 9e8c3ebe
  Christian Brauner authored May 03, 2019
```
network: Static routes for IPVLAN with L2PROXY
```
  9e8c3ebe
- network: Adds ipvlan static routes for l2proxy mode · b670016a
  tomponline authored May 01, 2019
```
Signed-off-by: tomponline <thomas.parrott@canonical.com>
```
  b670016a
- tree-wide: make socket SOCK_CLOEXEC · ad9429e5
  Christian Brauner authored May 03, 2019
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  ad9429e5
- network: Adds gateway device route mode · a2f9a670
  tomponline authored May 03, 2019
```
Adds ability to specify "dev" as the gateway value, which will cause a device route to be set as default gateway.
Signed-off-by: tomponline <thomas.parrott@canonical.com>
```
  a2f9a670
- Merge pull request #2964 from tomponline/tp-l2proxy · 5b94d538
  Christian Brauner authored May 03, 2019
```
network: Adds layer 2 (ARP/NDP) proxy mode
```
  5b94d538
02 May, 2019 5 commits

Merge pull request #2972 from brauner/2019-05-02/seccomp_notify_mem_fd · 9e1accb9
Stéphane Graber authored May 02, 2019
```
seccomp: send process memory fd
```
9e1accb9
Merge pull request #2971 from hallyn/2019-05-01/nsshare.2 · 99b68bdb
Christian Brauner authored May 02, 2019
```
namespaces: allow a pathname to a nsfd for namespace to share
```
99b68bdb

seccomp: send process memory fd · 5ed06d3a

authored May 02, 2019

There's an inherent race when reading a process's memory. The easiest way is to
have liblxc get an fd and check that the race was one, send it to the caller
(They are free to ignore it if they don't use recvmsg()).
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

5ed06d3a

namespaces: allow a pathname to a nsfd for namespace to share · 39e6fd36
Serge Hallyn authored May 01, 2019
```
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
```
39e6fd36

network: Adds layer 2 (ARP/NDP) proxy mode · 6509154d

authored Apr 30, 2019

Adds the lxc.net.[i].l2proxy flag that can be either 0 or 1.

Defaults to 0.

This, when used with lxc.net.[i].link, will add IP neighbour proxy entries on the linked device
for any IPv4 and IPv6 addresses on the container's network device.

Additionally, for IPv6 addresses it will check the following sysctl values and fail with an error if not set:

	net.ipv6.conf.[link].proxy_ndp=1
	net.ipv6.conf.[link].forwarding=1
Signed-off-by: tomponline <thomas.parrott@canonical.com>

6509154d

01 May, 2019 6 commits
- Merge pull request #2969 from brauner/2019-05-01/seccomp_fixes · 0b5afd32
  Stéphane Graber authored May 01, 2019
```
seccomp: ensure fields are set to 0
```
  0b5afd32
- seccomp: ensure fields are set to 0 · 37046066
  Christian Brauner authored May 01, 2019
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  37046066
- Merge pull request #2950 from tomponline/tp-ipvlan · ea84ddf9
  Christian Brauner authored May 01, 2019
```
network: Adds IPVLAN support
```
  ea84ddf9
- network: Adds IPVLAN support · c9f52382
  tomponline authored Apr 26, 2019
```
Example usage:

	lxc.net[i].type=ipvlan
	lxc.net[i].ipvlan.mode=[l3|l3s|l2] (defaults to l3)
	lxc.net[i].ipvlan.flags=[bridge|private|vepa] (defaults to bridge)
	lxc.net[i].link=eth0
	lxc.net[i].flags=up
Signed-off-by: tomponline <thomas.parrott@canonical.com>
```
  c9f52382
- Merge pull request #2967 from brauner/2019-05-01/seccomp_notifier_api_removal · 28805eb0
  Stéphane Graber authored Apr 30, 2019
```
seccomp: remove alignment requirements
```
  28805eb0
- seccomp: remove alignment requirements · 2a621ece
  Christian Brauner authored May 01, 2019
```
since apparently there are insane programming languages out there that just
silently remove packed members in structs.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  2a621ece
30 Apr, 2019 4 commits
- Merge pull request #2966 from brauner/2019-05-01/seccomp_notifier_api_removal · 2bad9476
  Stéphane Graber authored Apr 30, 2019
```
seccomp: don't commit to an api just yet
```
  2bad9476
- seccomp: don't commit to an api just yet · ebc1c319
  Christian Brauner authored May 01, 2019
```
I'm not sure that I want to be married (to this layout) just yet.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  ebc1c319
- Merge pull request #2965 from brauner/2019-05-01/seccomp_notifier_fixes · 0b8bb8db
  Stéphane Graber authored Apr 30, 2019
```
seccomp: notifier fixes
```
  0b8bb8db
- seccomp: notifier fixes · 2ac0f627
  Christian Brauner authored May 01, 2019
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  2ac0f627