- 20 Apr, 2018 19 commits
-
-
Christian Brauner authored
Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
This commit deals with different kernel and userspace layouts and nesting. Here are three examples: 1. 64bit kernel and 64bit userspace running 32bit containers 2. 64bit kernel and 32bit userspace running 64bit containers 3. 64bit kernel and 64bit userspace running 32bit containers running 64bit containers Two things to lookout for: 1. The compat arch that is detected might have already been present in the main context. So check that it actually hasn't been and only then add it. 2. The contexts don't need merging if the architectures are the same and also can't be. With these changes I can run all crazy/weird combinations with proper seccomp isolation. Closes #654. Link: https://bugs.chromium.org/p/chromium/issues/detail?id=832366Reported-by:
Chirantan Ekbote <chirantan@chromium.org> Reported-by:
Sonny Rao <sonnyrao@chromium.org> Signed-off-by:
-
Jakub Skokan authored
Signed-off-by:Jakub Skokan <jakub.skokan@havefun.cz>
-
Christian Brauner authored
When starting application containers without a mapping for container root are started, a dummy bind-mount target for lxc-init needs to be created. This will not always work directly under "/" when e.g. permissions are missing due to the ownership and/or mode of "/". We can try to work around this by using the P_tmpdir as defined in POSIX which should usually land us in /tmp where basically everyone can create files. Signed-off-by: -
Christian Brauner authored
We should always default to mounting devpts with gid=5 but we should fallback to mounting without gid=5. This let's us cover use-cases such as container started with only a single mapping e.g.: lxc.idmap = u 1000 1000 1 lxc.idmap = g 1000 1000 1 Closes #2257. Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Closes #2248. Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
C0deAi authored
Closes #2262. Signed-off-by:
C0deAi <techsupport@mycode.ai> Signed-off-by:
-
C0deAi authored
Closes #2262. Signed-off-by:
-
C0deAi authored
Value stored is never read. Closes #2262. Signed-off-by:
-
Christian Brauner authored
Closes #1704. Signed-off-by: -
Fabrice Fontaine authored
Commit c06ed219 has broken compilation with a static libcap and a shared gnutls. This results in a build failure on init_lxc_static if gnutls is a shared library as init_lxc_static is built with -all-static option (see src/lxc/Makefile.am) and AC_CHECK_LIB adds gnutls to LIBS. This commit fix the issue by removing default behavior of AC_CHECK_LIB and handling manually GNUTLS_LIBS and HAVE_LIBGNUTLS Fixes: - http://autobuild.buildroot.net/results/b655d6853c25a195df28d91512b3ffb6c654fc90Signed-off-by:
Fabrice Fontaine <fontaine.fabrice@gmail.com>
-
Christian Brauner authored
lxc_make_tmpfile() uses mkstemp() internally, and thus expects the template to contain 'XXXXXX' and be writable. Signed-off-by:
Thomas Moschny <thomas.moschny@gmx.de> Signed-off-by:
-
Christian Brauner authored
lxc_make_tmpfile() uses mkstemp() internally, and thus expects the template to contain 'XXXXXX' and be writable. Signed-off-by:
-
Guido Jäkel authored
On NFS, avoid random names of the root pin file due to "NFS silly renaming" but use a fixed hidden name instead.
-
Tycho Andersen authored
The problem here is that these two clauses were ordered backwards: we first check if the signal came from not the init pid, and if it did, then we give a notice and return. The comment notes that this is intended to protect against SIGCHLD, but we don't in fact know if the signal is a SIGCHLD yet, because that's tested in the next hunk. The symptom is that if I e.g. send SIGTERM from the outside world to the container init, it ignores it and gives this notice. If we re-order these clauses, it forwards non SIGCHLD signals, and ignores SIGCHLD signals from things that aren't the real container process. Signed-off-by:Tycho Andersen <tycho@tycho.ws>
-
- 03 Apr, 2018 8 commits
-
-
KATOH Yasufumi authored
Signed-off-by:KATOH Yasufumi <karma@jazz.email.ne.jp>
-
Fengtu Wang authored
Signed-off-by:
Fengtu Wang <wangfengtu@huawei.com> Signed-off-by:
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
If they aren't available fallback to BSD flock()s. Closes #2245. Signed-off-by: -
Felix Abecassis authored
Signed-off-by:Felix Abecassis <fabecassis@nvidia.com>
-
Felix Abecassis authored
Don't use the -r option of jq, since it will strip the double quotes. Fixes: #2195 Signed-off-by: -
Christian Brauner authored
Closes #2241. Signed-off-by: -
Christian Brauner authored
Closes #2242. Signed-off-by:
-
- 28 Mar, 2018 1 commit
-
-
Stéphane Graber authored
Signed-off-by:Stéphane Graber <stgraber@ubuntu.com>
-
- 27 Mar, 2018 5 commits
-
-
Stéphane Graber authored
Allow passing action scripts to CRIU
-
Eytan Heidingsfeld authored
Closes #2236. Signed-off-by:
Eytan Heidingsfeld <eytanh@gmail.com> Signed-off-by:
-
Christian Brauner authored
configure.ac: Support redhatenterpriseserver
-
Stéphane Graber authored
Signed-off-by: -
Stéphane Graber authored
Signed-off-by:
-
- 26 Mar, 2018 4 commits
-
-
Stéphane Graber authored
start: always make us dumpable
-
Christian Brauner authored
Otherwise lxc.hook.mount hooks that try to inspect /proc/<pid>/* will fail. Cc: Jonathan Calmels <jcalmels@nvidia.com> Signed-off-by: -
Stéphane Graber authored
conf: simplify autodev
-
Christian Brauner authored
This function was way more syscall heavy than it needed to be. Signed-off-by:
-
- 24 Mar, 2018 1 commit
-
-
Stéphane Graber authored
hooks: fix dhclient hook when an AppArmor profile is active
-
- 23 Mar, 2018 2 commits
-
-
Stéphane Graber authored
Signed-off-by: -
Stéphane Graber authored
lxccontainer: truncate config file
-
