Update man pages

lxc-user-nic command cannot use common options.
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

Add -P lxcpath and --version to lxc-ls manpage

lxc-ls takes -P lxcpath and --version as arguments but it did not specify these
options on the manpages.
Signed-off-by: Christian Brauner <christianvanbrauner@gmail.com>

seccomp: simplify and fix rule parsing

1) Two checks on amd64 for whether compat_ctx has already
been generated were redundant, as compat_ctx is generally
generated before entering the parsing loop.

2) With introduction of reject_force_umount the check for
whether the syscall has the same id on both native and
compat archs results in false behavior as this is an
internal keyword and thus produces a -1 on
seccomp_syscall_resolve_name_arch().
The result was that it was added to the native architecture
twice and never to the 32 bit architecture, causing it to
have no effect on 32 bit containers on 64 bit hosts.

3) I do not see a reason to care about whether the syscalls
have the same number on the two architectures. On the one
hand this check was there to avoid adding it to two archs
(and effectively leaving one arch unprotected), while on
the other hand it seemed to be okay to add it to the
same arch *twice*.

The entire architecture checking branches are now reduced to
three simple cases: 'native', 'non-native' and 'all'. With
'all' adding to both architectures regardless of the syscall
ID.

Also note that libseccomp had a bug in its architecture
checking, so architecture related filters weren't working as
expected before version 2.2.2, which may have contributed to
the confusion in the original architecture-related code.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

A user could otherwise over-mount /proc and prevent the apparmor profile
or selinux label from being written which combined with a modified
/bin/sh or other commonly used binary would lead to unconfined code
execution.

Reported-by: Roman Fiedler
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

This prevents an unprivileged user to use LXC to create arbitrary file
on the filesystem.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-ubuntu-cloud: support passing vendor-data

vendor-data is supported in Ubuntu cloud images in trusty and later.
This allows the user to pass it in on create or clone.
Signed-off-by: Scott Moser <smoser@ubuntu.com>

Use /dev/loop-control if it exists

The Fedora 22 squashfs doesn't appear to work, the Fedora 21 isn't
available, so lets use the fedora archive mirror and pull the good old
Fedora 20 squashfs.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Apparently the paths have changed on the rsync server.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Switch to Fedora 22 for now.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

This fixes some typos, missing newlines and unflushed output leading to
duplicate entries when piped (similar to what we had in lxc-info).

Reported-by: Marc Gariépy
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

fix container creation from ansible lxc_containers module

Signed-off-by: Alex Punco <punco@selectel.ru>

Loop devices can be added on the fly when needed, they're
not always created beforehand. The loop-control device can
be used to find and allocate the next available number
instead of going through the /dev directory contents (which
is now only a fallback mechanism).
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

debian template: reconfigure locales

Signed-off-by: feng xiahou <xiahoufeng@yahoo.com>

As the commit 31a882ef, an unprivileged container can use aufs.
This patch removes the check for unpriv aufs, and change the path of
xino file as an unprivileged user can mount aufs.
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Update for commit 1940bff4, and fix typo in English man
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-plamo supports LXC_CACHE_PATH that is introduced at commit 6dc6f80bSigned-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

config: miscellaneous signals for lxc.*signal

The yum in Centos 5.11 does not know about '--releasever', which is u…

Wait on correct container name

Add Korean man pages

 debootstrap failed when $GREP_OPTIONS color is set

Per pitti's suggestion, use After= to force lxc to wait for lxc-net to finish
running.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Reviewed-By: Martin Pitt <martin.pitt@ubuntu.com>

 debootstrap failed when $GREP_OPTIONS is set, so we need to unset it in the template

Signed-off-by: <feng xiahou xiahoufeng@yahoo.com>

V2 changes:
 - Keep using /var/lib for the lease file, but making it respect localstatedir
 - Don't pass an empty --conf-file as that confuses dnsmasq when
   /etc/dnsmasq.conf doesn't exist or isn't readable.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

also label and consolidate error conditions for
better readability
Signed-off-by: Arjun Sreedharan <arjun024@gmail.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

lxc_user_nic was segfaulting:
lxc-user-nic[9761]: segfault at 29 ip 00007f3fb2346872 sp 00007ffdd17b2dd0 error 4 in libc-2.21.so[7f3fb22c2000+1c0000

This patch fixes it.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Added support for groups in lxc-usernet

Signed-off-by: Henrik Kjölhede <hkjolhede@gmail.com>

Update centos.common.conf.in