Commits · dea31fe2c5fcb2ca1ffba09587363f6bf080eb91 · Chen Yisong / lxc

28 Jan, 2019 4 commits
- Merge pull request #2807 from brauner/2019-01-27/mount_entries · dea31fe2
  Stéphane Graber authored Jan 28, 2019
```
conf: check for successful mount entry parse
```
  dea31fe2
- Merge pull request #2814 from tenforward/japanese · 91046ccd
  Christian Brauner authored Jan 28, 2019
```
doc: Add lxc.seccomp.allow_nesting to Japanese lxc.container.conf(5)
```
  91046ccd
- doc: Add lxc.seccomp.allow_nesting to Japanese lxc.container.conf(5) · 7a8f46e9
  KATOH Yasufumi authored Jan 28, 2019
```
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
```
  7a8f46e9
- Merge pull request #2813 from brauner/2019-01-27/bugfixes_2 · ca5a24d3
  Serge Hallyn authored Jan 27, 2019
```
compiler: remove deprecated and unneeded header
```
  ca5a24d3
27 Jan, 2019 15 commits

prlimit: remove deprecated and unneeded header · acad8485
Christian Brauner authored Jan 27, 2019
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
acad8485
compiler: remove deprecated and unneeded header · 0f3a3e1a
Christian Brauner authored Jan 27, 2019
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
0f3a3e1a
Merge pull request #2812 from Rachid-Koucha/patch-7 · 7c9f712d
Christian Brauner authored Jan 27, 2019
```
/etc/resolv.conf grows indefinitely
```
7c9f712d

/etc/resolv.conf grows indefinitely · 567f8915

authored Jan 27, 2019

This file grows indefinitely : upon each DHCP lease renew,
the "nameserver ..dns..." line is added at the end of the file.
Make a "grep" in the file to make sure that the same line
does not already exist.
Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

567f8915

conf: append 0 0 to nesting helpers mount entries · dc691e34

authored Jan 27, 2019

Otherwise musl's getmntent_r() parser will fail.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

dc691e34

Merge pull request #2811 from Rachid-Koucha/patch-6 · 8f2cce18
Christian Brauner authored Jan 27, 2019
```
Create /var/run
```
8f2cce18

Create /var/run · c65973ad

authored Jan 27, 2019

Some programs like "who" need this directory
to work (this permits the of /var/run/utmp file).
Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

c65973ad

Merge pull request #2810 from Rachid-Koucha/patch-6 · accd6717
Christian Brauner authored Jan 27, 2019
```
Use BUSYBOX_EXE variable in configure_busybox()
```
accd6717

Use BUSYBOX_EXE variable in configure_busybox() · 4765b926

authored Jan 27, 2019

As "which busybox" is stored in BUSYBOX_EXE 
global variable at startup, use it wherever it is
needed.
Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

4765b926

conf: check for successful mount entry parse · 9d03d857

authored Jan 27, 2019

Since liblxc is completely in control of the mount entry file we should
only consider a parse successful when EOF is reached.

Closes #2798.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

9d03d857

Merge pull request #2809 from Rachid-Koucha/patch-6 · adbde0cc
Christian Brauner authored Jan 27, 2019
```
Installation of default.script for udhcpc
```
adbde0cc

Installation of default.script for udhcpc · 1c9bca6b

authored Jan 27, 2019

The busybox template installs default.script in /usr/share/udhcpc/.
But the pathname of "default.script" may vary from one busybox
build to another. As the pathname is displayed in udhcpc's help,
grab it from it.
Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

1c9bca6b

Merge pull request #2744 from adamkasztenny/patch-1 · 3309e10c
Christian Brauner authored Jan 27, 2019
```
Add template-options to help output
```
3309e10c
Merge pull request #2804 from Rachid-Koucha/patch-4 · 51db0046
Christian Brauner authored Jan 27, 2019
```
Avoid hardcoded string length
```
51db0046

Avoid hardcoded string length · db1228b3

authored Jan 27, 2019

Use strlen() on "state" variable instead of harcoded
value 6.
Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

db1228b3

26 Jan, 2019 6 commits

Merge pull request #2803 from Rachid-Koucha/patch-4 · 60014557
Christian Brauner authored Jan 27, 2019
```
Avoid risk of "too far memory read"
```
60014557
Merge pull request #2802 from Rachid-Koucha/patch-3 · f87c3a22
Christian Brauner authored Jan 27, 2019
```
Avoid double lxc-freeze/unfreeze
```
f87c3a22

Avoid risk of "too far memory read" · 71fc9c04

authored Jan 27, 2019

As we call "lxc_add_state_client(fd, handler, (lxc_state_t *)req->data)"
which supposes that the last parameter is a table of MAX_STATE
entries when calling memcpy():
memcpy(newclient->states, states, sizeof(newclient->states))
Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

71fc9c04

Merge pull request #2801 from Rachid-Koucha/patch-2 · 81f22990
Christian Brauner authored Jan 26, 2019
```
Update freezer.c
```
81f22990

Avoid double lxc-freeze/unfreeze · 2341916a

authored Jan 26, 2019

If we call lxc-freeze multiple times for an already frozen container, LXC
triggers useless freezing by writing into the "freezer.state" cgroup file.
This is the same when we call lxc-unfreeze multiple times.
Checking the current state with a LXC_CMD_GET_STATE
(calling c->state) would permit to check if the container is FROZEN
or not.
Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

2341916a

Update freezer.c · 9eb9ce3e

authored Jan 26, 2019

Suppressed hard coded values for state and array's maximum index.
Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

9eb9ce3e

21 Jan, 2019 4 commits

Merge pull request #2794 from brauner/2019-01-21/revert_seccomp_fuckup · 5283a118
Wolfgang Bumiller authored Jan 21, 2019
```
Revert "seccomp: add rules for specified architecture only"
```
5283a118

Revert "seccomp: add rules for specified architecture only" · 3e9671a1

authored Jan 21, 2019

This reverts commit f1bcfc79.

The reverted branch breaks starting all seccomp confined containers. Not
even a containers with our standard seccomp profile starts correctly.
This is strong evidence that these changes have never been tested even
with a standard workload. That is unacceptable!

We are still happy to merge that feature but going forward we want tests
that verify that standard workloads and new features work correctly.
seccomp is a crucial part of our security story and I will not let the
be compromised by missing tests!
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

3e9671a1

Merge pull request #2786 from lifeng68/fix_seccomp · b6825c4b
Christian Brauner authored Jan 21, 2019
```
seccomp: add rules for specified architecture only 
```
b6825c4b

seccomp: add rules for specified architecture only · f1bcfc79

authored Jan 16, 2019

If the architecture is specified in the seccomp configuration, like:
```
2
whitelist errno 1
[x86_64]
accept allow
accept4 allow
```
We shoud add rules only for amd64 instead of add rules for
x32/i386/amd64.

1. If the [arch] was not specified in seccomp config, add seccomp rules
for all all compat architectures.
2. If the [arch] specified in seccomp config irrelevant to native host
arch, the rules will be ignored.
3. If specified [all] in seccomp config, add seccomp rules for all
compat architectures.
4. If specified [arch] as same as native host arch, add seccomp rules
for the native host arch.
5. If specified [arch] was not native host arch, but compat to host
arch, add seccomp rules for the specified arch only, NOT add seccomp
rules for native arch.
Signed-off-by: LiFeng <lifeng68@huawei.com>

f1bcfc79

18 Jan, 2019 4 commits
- Merge pull request #2792 from kubiko/fix-android-hooks · 0a0e05aa
  Christian Brauner authored Jan 18, 2019
```
Fixing hooks functionality Android where 'sh' is placed under /system
```
  0a0e05aa
- Merge pull request #2791 from kubiko/handle-android-loop · 6f16ac1f
  Christian Brauner authored Jan 18, 2019
```
Handle alternative loop device location on Android
```
  6f16ac1f
- Handle alternative loop device location on Android · b11738d7
  ondra authored Jan 11, 2019
```
Signed-off-by: ondra <ondrak@localhost.localdomain>
```
  b11738d7
- Fixing hooks functionality Android where 'sh' is placed under /system/bin · ecfa5693
  ondra authored Jan 11, 2019
```
Signed-off-by: ondra <ondrak@localhost.localdomain>
```
  ecfa5693
17 Jan, 2019 4 commits
- Merge pull request #2788 from tanyifeng/fix_mem_leak · 8d832e7b
  Christian Brauner authored Jan 17, 2019
```
conf.c: fix memory leak and mount error
```
  8d832e7b
- Merge pull request #2789 from lifeng68/fix_memory_leak · 86439b23
  Christian Brauner authored Jan 17, 2019
```
Fix memory leak in cgroup_exit
```
  86439b23
- Fix memory leak in cgroup_exit · 96a03c1f
  LiFeng authored Jan 17, 2019
```
Add free memory pointed by struct cgroup_ops *ops
Signed-off-by: LiFeng <lifeng68@huawei.com>
```
  96a03c1f
- conf.c: fix memory leak and mount error · a3ed9b81
  t00416110 authored Jan 17, 2019
```
1. cleanup namespace memory
2. fix bug when ro mount not setted, mount propagation will be skipped.
Signed-off-by: t00416110 <tanyifeng1@huawei.com>
```
  a3ed9b81
16 Jan, 2019 1 commit
- Merge pull request #2785 from lifeng68/fix_return · 20b4a592
  Christian Brauner authored Jan 16, 2019
```
start: __lxc_start return -1 when start fails
```
  20b4a592
15 Jan, 2019 1 commit
- start: __lxc_start return -1 when start fails · 575ea467
  LiFeng authored Jan 15, 2019
```
Signed-off-by: LiFeng <lifeng68@huawei.com>
```
  575ea467
11 Jan, 2019 1 commit
- Merge pull request #2781 from brauner/hn-veth-uid · bd72001f
  Wolfgang Bumiller authored Jan 11, 2019
```
network: prefix veth interface name with uid info
```
  bd72001f