Commits · d64c225f26d2784d68a13dedd5e75520e5effbe5 · Chen Yisong / lxc

17 May, 2021 1 commit

start: move idmapped mount setup later · d64c225f

authored May 14, 2021

At the prior location we we're placed between sending and receiving
networking information over the data socket causing the startup to fail.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

d64c225f

12 May, 2021 4 commits
- conf: tweak rootfs handling · e9aab3d4
  Christian Brauner authored May 12, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  e9aab3d4
- conf: don't unmount procfs and sysfs · a96aa89b
  Christian Brauner authored May 12, 2021
```
Fixes: #3838
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  a96aa89b
- conf: allow xdev when setting up /dev · 3628ccc5
  Christian Brauner authored May 12, 2021
```
Fixes: #3838
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  3628ccc5
- cgroups: clean up cgroup_ops on initialization error · f0023791
  Christian Brauner authored May 11, 2021
```
Fixes: #3836
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  f0023791
11 May, 2021 1 commit
- oss-fuzz: add basic cgroup_init()/cgroup_exit() fuzzing · 96c30187
  Christian Brauner authored May 04, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  96c30187
10 May, 2021 7 commits

Merge pull request #3835 from brauner/2021-05-10.fixes.apparmor.stable-4.0 · f8764e8a
Stéphane Graber authored May 10, 2021
```
confile: convert AppArmor and SELinux confile parsing from errors to …
```
f8764e8a
confile: convert AppArmor and SELinux confile parsing from errors to warnings · 05cd29da
Christian Brauner authored May 10, 2021
```
Fixes: https://github.com/lxc/lxc/issues/3765#issuecomment-836792820Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
05cd29da

tests: fix lxc-test-arch-parse for make dist · aedfce1f

authored May 10, 2021

Fixes: https://jenkins.linuxcontainers.org/job/lxc-build-tarballs/2762/consoleSigned-off-by: Christian Brauner <christian.brauner@ubuntu.com>

aedfce1f

tests: add tests for supported architectures · 7d24ac5a

authored May 09, 2021

Ensure that we detect all supported architectures and don't regress
recognizing them.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

7d24ac5a

confile: re-add aarch64 architecture · 2acc916d

authored May 09, 2021

Apparenty we dropped this when we cleaned up architecture handling.

Fixes: #3832
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

2acc916d

Reflow ZFS check to follow the style of the overlayfs return. · 4ab0047c
Jeff Cook authored May 09, 2021
```
Per https://github.com/lxc/lxc/pull/3831#discussion_r628865713Signed-off-by: Jeff Cook <jeff@jeffcook.io>
```
4ab0047c
Skip rootfs pinning for ZFS roots. · 4502dfce
Jeff Cook authored May 08, 2021
```
Signed-off-by: Jeff Cook <jeff@jeffcook.io>
```
4502dfce

08 May, 2021 1 commit
- doc: document new idmap= option for lxc.rootfs.options · eb438f19
  Christian Brauner authored May 07, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  eb438f19
06 May, 2021 1 commit

conf: handle kernels with CAP_SETFCAP · 91ad9b94

authored May 06, 2021

LXC is being very clever and sometimes maps the caller's uid into the
child userns. This means that the caller can technically write fscaps
that are valid in the ancestor userns (which can be a security issue in
some scenarios) so newer kernels require CAP_SETFCAP to do this. Until
newuidmap/newgidmap are updated to account for this simply write the
mapping directly in this case.

Cc: stable-4.0
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

91ad9b94

04 May, 2021 16 commits

Release LXC 4.0.9 · 37485abd
Stéphane Graber authored May 04, 2021
```
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
```
37485abd

attach: introduce explicit personality macro · 97d46fd3

authored May 04, 2021

Introduce LXC_ATTACH_DETECT_PERSONALITY to make it explicit what is
happening instead of using -1.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

97d46fd3

conf: add personality_t · 84fc7c27

authored May 04, 2021

Catch errors in personality handling better.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

84fc7c27

attach_options: unbreak header · 70cf1461

authored May 04, 2021

In a moment of idioticity I switch -1 with 0xffffffff in the header
definition but we use -1 to autodetect.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

70cf1461

conf: rework lxc_config_parse_arch() · 2ce89d7f

authored May 04, 2021

Fix architecture parsing. So far we couldn't really differ between "want
default architecture" and "failed to parse requested architecture"
because the -1 return value means both. Fix this by using the return
value only to indicate success or failure and return the parsed
personality in a return argument.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

2ce89d7f

conf: tweak setup_personality() · 77f626c5

authored May 04, 2021

Use the dedicated LXC_ARCH_UNCHANGED macro everywhere instead of relying
on -1 being correct.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

77f626c5

tree-wide: make personality codepaths unconditional · 5ae15884

authored May 04, 2021

Now that we have the infra to make personality handling unconitional
remove the ifndefs everywhere.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

5ae15884

syscalls: wrap personality syscall if undefined · 7389642a

authored May 04, 2021

There's no need to making personality handling conditional as it has
been around for such a long time that only weird systems wouldn't have
support for it. And especially if the user requested a specific
personality to be set but the system doesn't support the personality
syscall we should loudly fail instead of moving on.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

7389642a

commands: log at debug not info level when receiving file descriptors · 9cc5d48b

authored May 04, 2021

Don't spam the logs because we do receive a lot of file descriptors.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

9cc5d48b

confile: make per_name struct static · 2c1754e3
Christian Brauner authored May 04, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
2c1754e3

string_utils: get around GCC-11 false positives · 4056542b

authored May 03, 2021

by getting rid of stpncpy

Tested with gcc (GCC) 11.1.1 20210428 (Red Hat 11.1.1-1)

Closes https://github.com/lxc/lxc/issues/3752Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

4056542b

github: also pass the j option to make · 15e2d139
Evgeny Vereshchagin authored May 03, 2021
```
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
```
15e2d139

github: remove the dh-* packages · f0292a36

authored May 03, 2021

We don't build any packages there so it seems we don't need
those packages any more. Apart from that, it should make the
script work on Ubuntu Hirsute where dh-systemd was merged into
debhelper and is no longer available.
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

f0292a36

github: Run apt-get update in sanitizer test · fb831517
Stéphane Graber authored May 03, 2021
```
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
```
fb831517
conf: fix console chmod error log messages · bdd90796
Aaron Thompson authored May 01, 2021
```
Signed-off-by: Aaron Thompson <dev@aaront.org>
```
bdd90796

oss-fuzz: always turn off logging on OSS-Fuzz · d3162efa

authored Apr 30, 2021

Apparently /proc/self/cmd can't be used (reliably) on OSS-Fuzz to figure out
whether the code is run inside the fuzz targets, which causes the
fuzz targets to fill the filesystem with log files.

Related: https://github.com/google/oss-fuzz/issues/5509
Should address https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33835Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

d3162efa

30 Apr, 2021 3 commits

Release LXC 4.0.8 · c53580ec
Stéphane Graber authored Apr 30, 2021
```
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
```
c53580ec

cgroups: fix fallback attach codepath · 9b30530b

authored Apr 30, 2021

When we attach to an old server the server can return ENOSYS instead of
ENOCGROUP2 which causes LXC to abort the attach unnecessary. Fix this!
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

9b30530b

storage: fix dup_cloexec() call · 88bc42b4
Christian Brauner authored Apr 30, 2021
```
Fixes: Coverity 1477399
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
88bc42b4

29 Apr, 2021 6 commits
- Release LXC 4.0.7 · a751b90b
  Stéphane Graber authored Apr 29, 2021
```
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
```
  a751b90b
- api-extensions: add entry for idmapped_mounts · eece5386
  Christian Brauner authored Apr 28, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  eece5386
- storage/dir: cleanup mount code · 28602de3
  Christian Brauner authored Apr 28, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  28602de3
- storage/dir: remove error handling down · 510026de
  Christian Brauner authored Apr 28, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  510026de
- storage/dir: source can't be empty · 4a398f8c
  Christian Brauner authored Apr 28, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  4a398f8c
- storage/dir: use "source" and "target" as terms · af25ca30
  Christian Brauner authored Apr 28, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  af25ca30