Commits · da0fdceb6dfc31f415a8deb7aca4bcaa5b9f4dfb · Chen Yisong / lxc

07 Aug, 2020 3 commits
- Merge pull request #3512 from stgraber/master · da0fdceb
  Christian Brauner authored Aug 07, 2020
```
lxc-download fixes
```
  da0fdceb
- lxc-download: Fix retry loop · e14546e3
  Stéphane Graber authored Aug 07, 2020
```
Closes #3511
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
```
  e14546e3
- Revert "templates/lxc-download.in: use GPG option --receive-keys instead of --recv-keys" · 459fef26
  Stéphane Graber authored Aug 07, 2020
```
This reverts commit 409040e7.

Testing of both options show identical behavior but receive-keys does
not exist on older releases, so let's revert this.

Closes #3510
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
```
  459fef26
06 Aug, 2020 7 commits
- Merge pull request #3509 from brauner/2020-08-06/fixes · dc9074bb
  Stéphane Graber authored Aug 06, 2020
```
api-extension: add missing seccomp_proxy_send_notify_fd extension
```
  dc9074bb
- api-extension: add missing seccomp_proxy_send_notify_fd extension · 0dd2e321
  Christian Brauner authored Aug 06, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  0dd2e321
- Merge pull request #3508 from brauner/2020-08-06/fixes · 2a35d949
  Stéphane Graber authored Aug 06, 2020
```
seccomp: add seccomp_notify_fd_active api extension
```
  2a35d949
- seccomp: send notify fd as part of the message · ec49d30f
  Christian Brauner authored Aug 06, 2020
```
Since we haven't made this official api yet: YOLO
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  ec49d30f
- seccomp: add seccomp_notify_fd_active api extension · 21405769
  Christian Brauner authored Aug 06, 2020
```
which allows to retrieve an active seccomp notifier fd from a running
container.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  21405769
- Merge pull request #3507 from brauner/2020-08-06/fixes · 05af17d7
  Stéphane Graber authored Aug 06, 2020
```
seccomp: don't close the mainloop, simply remove the handler
```
  05af17d7
- seccomp: don't close the mainloop, simply remove the handler · eb551cef
  Christian Brauner authored Aug 06, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  eb551cef
05 Aug, 2020 5 commits
- Merge pull request #3506 from brauner/2020-08-05/safe_native_terminal_allocation · c6018400
  Stéphane Graber authored Aug 05, 2020
```
macro: define TIOCGPTPEER if missing
```
  c6018400
- conf: use openat() instead of open_tree() · cfca9ccd
  Christian Brauner authored Aug 05, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  cfca9ccd
- macro: define TIOCGPTPEER if missing · 07002a08
  Christian Brauner authored Aug 05, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  07002a08
- Merge pull request #3505 from brauner/2020-08-05/safe_native_terminal_allocation · 1f15c1c3
  Stéphane Graber authored Aug 05, 2020
```
terminal: safely allocate pts devices from inside the container
```
  1f15c1c3
- terminal: safely allocate pts devices from inside the container · f797f05e
  Christian Brauner authored Aug 05, 2020
```
This was a year long journey which seems to finally have come to an end.

Closes: #1620.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  f797f05e
04 Aug, 2020 1 commit
- Merge pull request #3504 from brauner/2020-08-04/fixes · 2d19c5e1
  Stéphane Graber authored Aug 03, 2020
```
conf: ensure that the idmap pointer itself is freed
```
  2d19c5e1
03 Aug, 2020 1 commit
- conf: ensure that the idmap pointer itself is freed · 7e621263
  Christian Brauner authored Aug 04, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  7e621263
28 Jul, 2020 2 commits

Merge pull request #3501 from ffontaine/master · f3bbb01f
Christian Brauner authored Jul 28, 2020
```
syscall: don't fail if __NR_signalfd is not defined
```
f3bbb01f

syscall: don't fail if __NR_signalfd is not defined · 3341e204

authored Jul 28, 2020

lxc fails to build if __NR_signalfd is not defined since version 4.0.0
and
https://github.com/lxc/lxc/commit/bed09c9cc0bec7bbd2442fcce4a2a0f03994cb09

However, some architectures don't define __NR_signalfd but only
__NR_signalfd4. This is the case for example for nios2 or csky:
https://github.com/bminor/glibc/blob/f9ac84f92f151e07586c55e14ed628d493a5929d/sysdeps/unix/sysv/linux/nios2/arch-syscall.h
https://github.com/bminor/glibc/blob/f9ac84f92f151e07586c55e14ed628d493a5929d/sysdeps/unix/sysv/linux/csky/arch-syscall.h

Fixes:
 - http://autobuild.buildroot.org/results/75096a48d2dbda57459523db3ed0952e63f93535Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

3341e204

27 Jul, 2020 4 commits

Merge pull request #3500 from brauner/2020-07-27/seccomp_notify_cleanup · 79c66a2a
Stéphane Graber authored Jul 27, 2020
```
seccomp: add missing header
```
79c66a2a

seccomp: add missing header · e4353a7f

authored Jul 27, 2020

Fixes: https://launchpadlibrarian.net/490341075/buildlog_snap_ubuntu_bionic_amd64_lxd-latest-edge_BUILDING.txt.gzSigned-off-by: Christian Brauner <christian.brauner@ubuntu.com>

e4353a7f

Merge pull request #3499 from brauner/2020-07-27/seccomp_notify_cleanup · 64cbd48a
Stéphane Graber authored Jul 27, 2020
```
seccomp: remove seccomp fd from event loop after task exited
```
64cbd48a

seccomp: remove seccomp fd from event loop after task exited · b2acb9dc

authored Jul 27, 2020

Linux v5.8 will land my patch where seccomp notifies when a filter goes unused,
i.e. when the last task using a given seccomp filter has exited. This wasn't
possible before and so we accumulated file descriptors in the container's event
loop whenever we attached to the container.
I'm not sure whether the task exiting before we could handle its syscall should
cause us to report and error or not. For now, let's simply close the event loop
and not report an error.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

b2acb9dc

25 Jul, 2020 2 commits
- Merge pull request #3498 from brauner/master · aaab14d0
  Stéphane Graber authored Jul 25, 2020
```
selinux: remove security_context_t usage as it's deprecated
```
  aaab14d0
- selinux: remove security_context_t usage as it's deprecated · c18de522
  Christian Brauner authored Jul 25, 2020
```
Link: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1888705Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  c18de522
23 Jul, 2020 11 commits
- Merge pull request #3497 from brauner/2020-07-23/fix_snap_compilation · d312ef68
  Stéphane Graber authored Jul 23, 2020
```
autotools: fix Makefile
```
  d312ef68
- Merge pull request #3496 from brauner/2020-07-18/mount_pid · c10c8a61
  Stéphane Graber authored Jul 23, 2020
```
new mount api support: basics
```
  c10c8a61
- Makefile: fix Makefile · 7a728639
  Christian Brauner authored Jul 23, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  7a728639
- log: don't break logging by hiding symbols · 18780b90
  Christian Brauner authored Jul 22, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  18780b90
- attach: use new mount api · 657256e0
  Christian Brauner authored Jul 22, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  657256e0
- mount_utils: add mount_filesystem() helper · 14df7021
  Christian Brauner authored Jul 22, 2020
```
that translates between the two mount apis.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  14df7021
- mount_utils: add mount utils · 7f88a1a2
  Christian Brauner authored Jul 22, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  7f88a1a2
- syscalls: add fsmount() · 7f1d397b
  Christian Brauner authored Jul 22, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  7f1d397b
- syscalls: add fsconfig() · 9edfcaa8
  Christian Brauner authored Jul 22, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  9edfcaa8
- syscalls: add fspick() · 749bc404
  Christian Brauner authored Jul 22, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  749bc404
- syscalls: add fsopen() · 49b21cd7
  Christian Brauner authored Jul 22, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  49b21cd7
22 Jul, 2020 4 commits
- Merge pull request #3492 from brauner/2020-07-18/visibility_hidden · 8bdacc22
  Stéphane Graber authored Jul 22, 2020
```
tree-wide: hide unnecessary symbols
```
  8bdacc22
- Merge pull request #3495 from siv0/boot_id_remount_apparmor_fix · 07f25184
  Stéphane Graber authored Jul 22, 2020
```
apparmor: Allow ro remount of boot_id
```
  07f25184
- apparmor: Allow ro remount of boot_id · 3646e8ac
  Stoiko Ivanov authored Jul 22, 2020
```
The rule added in 86384507 did not cover all
necessary mount calls for /proc/sys/kernel/random/boot_id
(in src/lxc/conf.c: lxc_setup_boot_id) - the ro remount is missing.
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
```
  3646e8ac
- start: simplify gotos · 945daa24
  Christian Brauner authored Jul 22, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  945daa24