Commits · b5e75029967ac1ed25bfa93ecd5100a2152c4789 · Chen Yisong / lxc · GitLab

03 Feb, 2021 2 commits
- Merge pull request #3649 from brauner/2021-02-03/attach_via_pidfds · b5e75029
  Stéphane Graber authored Feb 03, 2021
```
attach: attach to namespaces via pidfds
```
  b5e75029
- attach: attach to namespaces via pidfds · 9b31ab58
  Christian Brauner authored Feb 03, 2021
```
This is a feature we've enabled in kernel v5.8 and v5.9.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  9b31ab58
02 Feb, 2021 38 commits
- Merge pull request #3647 from brauner/2021-02-02/fixes · 07f89a4f
  Stéphane Graber authored Feb 02, 2021
```
cgroup2: only rely on command socket when getting cgroup values
```
  07f89a4f
- cgroups: improve parameter vetting · b7aeda96
  Christian Brauner authored Feb 03, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  b7aeda96
- tests: support pure unified cgroup layouts in cgpath test · 7d013ccc
  Christian Brauner authored Feb 02, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  7d013ccc
- test: add logging to device_add_remove · a4f24357
  Christian Brauner authored Feb 02, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  a4f24357
- freezer: remove lxc_cmd_freeze() and lxc_cmd_unfreeze() calls · ea299bfc
  Christian Brauner authored Feb 02, 2021
```
We're now handling them better.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  ea299bfc
- commands: use __cgroup_unfreeze() directly · 9d47970b
  Christian Brauner authored Feb 02, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  9d47970b
- cgroups: export __cgroup_unfreeze() for use in commands · c9c814f4
  Christian Brauner authored Feb 02, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  c9c814f4
- cgroups: use lxc_cmd_get_limiting_cgroup2_fd() · ae4fcc7b
  Christian Brauner authored Feb 02, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  ae4fcc7b
- commands: add missing lxc_cmd_get_limiting_cgroup2_fd() implementation · 6f7f2966
  Christian Brauner authored Feb 02, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  6f7f2966
- cgpath: add logging · 44322ead
  Christian Brauner authored Feb 02, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  44322ead
- attach: explicitly close seccomp notifier fd · c5bac506
  Christian Brauner authored Feb 02, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  c5bac506
- cgroups: switch back to returning ints · 5ef7547f
  Christian Brauner authored Feb 02, 2021
```
Whick makes for easier error checking and fallback code.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  5ef7547f
- attach: check for ENOCGROUP2 explicitly · 29619d41
  Christian Brauner authored Feb 02, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  29619d41
- cgroups: return ENOCGROUP2 from cgroup_attach() · 6b55ce0e
  Christian Brauner authored Feb 02, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  6b55ce0e
- cgroups: stricter argument vetting for cgroup_attach() · 6407e1c2
  Christian Brauner authored Feb 02, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  6407e1c2
- cgroups: move down cgroup_attach() · 029d8e88
  Christian Brauner authored Feb 02, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  029d8e88
- lxccontainer: use correct error checks · 739af847
  Christian Brauner authored Feb 02, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  739af847
- cgroups: vet parameters · b57f9b13
  Christian Brauner authored Feb 02, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  b57f9b13
- cgroups: remove unused conf argument · bfe2971a
  Christian Brauner authored Feb 02, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  bfe2971a
- cgroups: rewind() file before polling again · 281c3645
  Christian Brauner authored Feb 02, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  281c3645
- lxccontainer: use cgroup_freeze() and cgroup_unfreeze() · 97d7b200
  Christian Brauner authored Feb 02, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  97d7b200
- freezer: make methods return bool · 4639029c
  Christian Brauner authored Feb 02, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  4639029c
- cgroups: add cgroup_freeze() and cgroup_unfreeze() · c8af3332
  Christian Brauner authored Feb 02, 2021
```
These are unified hierarchy only methods which don't need to initialize a full
cgroup driver. Instead, they rely on the command socket to retrieve a cgroup2
file descriptor to the container's cgroup.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  c8af3332
- freezer: use lxc_cmd_notify_state_listeners() · 419847a8
  Christian Brauner authored Feb 02, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  419847a8
- commands_utils: add lcx_cmd_notify_state_listeners() · 241670e7
  Christian Brauner authored Feb 02, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  241670e7
- cgroups: annotate cgroup_get()/cgroup_set() · 751a624f
  Christian Brauner authored Feb 02, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  751a624f
- cgroups: move functions after methods · be835470
  Christian Brauner authored Feb 02, 2021
```
This makes it more obvious that they are separate.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  be835470
- lxccontainer: use cgroup_set() · 69edb51d
  Christian Brauner authored Feb 02, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  69edb51d
- lxccontainer: use correct variable ordering · efb4b3e8
  Christian Brauner authored Feb 02, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  efb4b3e8
- cgroups: add croup_set() · 983b1db0
  Christian Brauner authored Feb 02, 2021
```
This is a unified hierarchy only method which doesn't need to initialize a full
cgroup driver. Instead, it relies on the command socket to retrieve a cgroup2
file descriptor to the container's cgroup.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  983b1db0
- cgroups: reorder cgroup_get() arguments · 3baf0fc8
  Christian Brauner authored Feb 02, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  3baf0fc8
- lxccontainer: use cgroup_get() · a29cc280
  Christian Brauner authored Feb 02, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  a29cc280
- cgroups: add cgroup_get() · b1356424
  Christian Brauner authored Feb 02, 2021
```
This is a unified hierarchy only method which doesn't need to initialize a full
cgroup driver. Instead, it relies on the command socket to retrieve a cgroup2
file descriptor to the container's cgroup.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  b1356424
- file_utils: add lxc_read_try_buf_at() · 2b5e0b8b
  Christian Brauner authored Feb 02, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  2b5e0b8b
- macro: abuse ENOMEDIUM as ENOCGROUP2 · 6de35cd9
  Christian Brauner authored Feb 02, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  6de35cd9
- Merge pull request #3646 from brauner/2021-02-02/fixes · b22ae843
  Stéphane Graber authored Feb 02, 2021
```
attach & cgroup hardening
```
  b22ae843
- cgroups: switch controller delegation to fd-only operations · ac01a9b8
  Christian Brauner authored Feb 02, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  ac01a9b8
- cgroups: add unified_cgroup_fd() helper · 6d153543
  Christian Brauner authored Feb 02, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  6d153543