Commits · e2e70bd5a2ddd93a5606b32eb58a2f5143d74682 · Chen Yisong / lxc

19 May, 2021 4 commits
- Merge pull request #3843 from brauner/2021-05-17.idmapped.lxc.mount.entry · e2e70bd5
  Stéphane Graber authored May 19, 2021
```
conf: support idmapped lxc.mount.entry entries
```
  e2e70bd5
- confile: free mount data · df5e747d
  Christian Brauner authored May 18, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  df5e747d
- conf: add sequence when setting up idmapped mounts · 5a782dca
  Christian Brauner authored May 19, 2021
```
Make sure we catch any weird behavior.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  5a782dca
- conf: support idmapped lxc.mount.entry entries · 1b82d721
  Christian Brauner authored May 17, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  1b82d721
18 May, 2021 2 commits
- Merge pull request #3844 from CecilHarvey/master · 966dad24
  Christian Brauner authored May 18, 2021
```
Skip rootfs pinning for read-only file system.
```
  966dad24
- Skip rootfs pinning for read-only file system. · e859a5ee
  Wei Mingzhi authored May 18, 2021
```
Signed-off-by: Wei Mingzhi <weimingzhi@baidu.com>
```
  e859a5ee
17 May, 2021 2 commits
- conf: rename struct mount_opt flag member s/flag/legacy_flag/ · 1e4bce2c
  Christian Brauner authored May 17, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  1e4bce2c
- tree-wide: s/parse_mntopts/parse_mntopts_legacy/ · d94eb390
  Christian Brauner authored May 17, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  d94eb390
14 May, 2021 2 commits

Merge pull request #3842 from brauner/2021-05-14.fixes · 73936a0d
Stéphane Graber authored May 14, 2021
```
start: move idmapped mount setup later
```
73936a0d

start: move idmapped mount setup later · e4564b7e

authored May 14, 2021

At the prior location we we're placed between sending and receiving
networking information over the data socket causing the startup to fail.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

e4564b7e

12 May, 2021 4 commits
- Merge pull request #3840 from brauner/2021-05-12.fixes.rootfs · 5b70f02e
  Stéphane Graber authored May 12, 2021
```
conf: fix containers without rootfs
```
  5b70f02e
- conf: tweak rootfs handling · c119f018
  Christian Brauner authored May 12, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  c119f018
- conf: don't unmount procfs and sysfs · f6c5aab0
  Christian Brauner authored May 12, 2021
```
Fixes: #3838
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  f6c5aab0
- conf: allow xdev when setting up /dev · 89606dfb
  Christian Brauner authored May 12, 2021
```
Fixes: #3838
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  89606dfb
11 May, 2021 2 commits
- Merge pull request #3837 from brauner/2021-05-10.fixes.cgroup · 3bd21f4e
  Stéphane Graber authored May 11, 2021
```
cgroups: clean up cgroup_ops on initialization error
```
  3bd21f4e
- cgroups: clean up cgroup_ops on initialization error · e3d78fdc
  Christian Brauner authored May 11, 2021
```
Fixes: #3836
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  e3d78fdc
10 May, 2021 3 commits
- Merge pull request #3826 from brauner/2021-05-04.fuzz.cgroup · fb6991e5
  Stéphane Graber authored May 10, 2021
```
oss-fuzz: add basic cgroup_init()/cgroup_exit() fuzzing
```
  fb6991e5
- Merge pull request #3834 from brauner/2021-05-10.fixes · bff268e7
  Stéphane Graber authored May 10, 2021
```
tests: fix lxc-test-arch-parse for make dist
```
  bff268e7
- tests: fix lxc-test-arch-parse for make dist · 4fb70d07
  Christian Brauner authored May 10, 2021
```
Fixes: https://jenkins.linuxcontainers.org/job/lxc-build-tarballs/2762/consoleSigned-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  4fb70d07
09 May, 2021 6 commits
- Merge pull request #3833 from brauner/2021-05-09.fixes · ccd43350
  Stéphane Graber authored May 09, 2021
```
confile: re-add aarch64 architecture
```
  ccd43350
- tests: add tests for supported architectures · 90658f16
  Christian Brauner authored May 09, 2021
```
Ensure that we detect all supported architectures and don't regress
recognizing them.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  90658f16
- confile: re-add aarch64 architecture · cae2b16f
  Christian Brauner authored May 09, 2021
```
Apparenty we dropped this when we cleaned up architecture handling.

Fixes: #3832
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  cae2b16f
- Merge pull request #3831 from sjuxax/zfs-fix · 1910c228
  Christian Brauner authored May 09, 2021
```
Skip rootfs pinning for ZFS roots.
```
  1910c228
- Reflow ZFS check to follow the style of the overlayfs return. · 0dd4788a
  Jeff Cook authored May 09, 2021
```
Per https://github.com/lxc/lxc/pull/3831#discussion_r628865713Signed-off-by: Jeff Cook <jeff@jeffcook.io>
```
  0dd4788a
- Skip rootfs pinning for ZFS roots. · 4bc6ecbf
  Jeff Cook authored May 08, 2021
```
Signed-off-by: Jeff Cook <jeff@jeffcook.io>
```
  4bc6ecbf
07 May, 2021 2 commits
- Merge pull request #3829 from brauner/2021-05-07.fixes · 5b508c37
  Stéphane Graber authored May 07, 2021
```
doc: document new idmap= option for lxc.rootfs.options
```
  5b508c37
- doc: document new idmap= option for lxc.rootfs.options · 1852be90
  Christian Brauner authored May 07, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  1852be90
06 May, 2021 2 commits

Merge pull request #3827 from brauner/2021-05-06.cap_setfcap · ce86ae55
Stéphane Graber authored May 06, 2021
```
conf: handle kernels with CAP_SETFCAP
```
ce86ae55

conf: handle kernels with CAP_SETFCAP · 86c78011

authored May 06, 2021

LXC is being very clever and sometimes maps the caller's uid into the
child userns. This means that the caller can technically write fscaps
that are valid in the ancestor userns (which can be a security issue in
some scenarios) so newer kernels require CAP_SETFCAP to do this. Until
newuidmap/newgidmap are updated to account for this simply write the
mapping directly in this case.

Cc: stable-4.0
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

86c78011

04 May, 2021 11 commits

oss-fuzz: add basic cgroup_init()/cgroup_exit() fuzzing · 74951960
Christian Brauner authored May 04, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
74951960
Merge pull request #3825 from brauner/2021-05-04.fixes · 78af4d9c
Stéphane Graber authored May 04, 2021
```
lxc.arch fixes
```
78af4d9c

attach: introduce explicit personality macro · 3a881819

authored May 04, 2021

Introduce LXC_ATTACH_DETECT_PERSONALITY to make it explicit what is
happening instead of using -1.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

3a881819

conf: add personality_t · 64a04c84

authored May 04, 2021

Catch errors in personality handling better.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

64a04c84

attach_options: unbreak header · 7fd384d1

authored May 04, 2021

In a moment of idioticity I switch -1 with 0xffffffff in the header
definition but we use -1 to autodetect.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

7fd384d1

conf: rework lxc_config_parse_arch() · 7c43fa56

authored May 04, 2021

Fix architecture parsing. So far we couldn't really differ between "want
default architecture" and "failed to parse requested architecture"
because the -1 return value means both. Fix this by using the return
value only to indicate success or failure and return the parsed
personality in a return argument.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

7c43fa56

conf: tweak setup_personality() · 9c601e1f

authored May 04, 2021

Use the dedicated LXC_ARCH_UNCHANGED macro everywhere instead of relying
on -1 being correct.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

9c601e1f

tree-wide: make personality codepaths unconditional · 38608992

authored May 04, 2021

Now that we have the infra to make personality handling unconitional
remove the ifndefs everywhere.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

38608992

syscalls: wrap personality syscall if undefined · 3857c4eb

authored May 04, 2021

There's no need to making personality handling conditional as it has
been around for such a long time that only weird systems wouldn't have
support for it. And especially if the user requested a specific
personality to be set but the system doesn't support the personality
syscall we should loudly fail instead of moving on.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

3857c4eb

commands: log at debug not info level when receiving file descriptors · 1d74176d

authored May 04, 2021

Don't spam the logs because we do receive a lot of file descriptors.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

1d74176d

confile: make per_name struct static · 5f2a6ec4
Christian Brauner authored May 04, 2021
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
5f2a6ec4