- 18 Jul, 2020 18 commits
-
-
Christian Brauner authored
Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Closes: #3473. Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Closes: #3473. Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Johannes Kastl authored
Signed-off-by:Johannes Kastl <kastl@b1-systems.de>
-
Johannes Kastl authored
Signed-off-by: -
Johannes Kastl authored
templates/lxc-download.in: fix wrong if condition (use the result of the gpg command, not the result when executing the result of the gpg command) Signed-off-by: -
Alexander Livenets authored
In `start.c:1284`, no_new_privs flag is set after LSM label is set. Also, in `lxc.container.conf` documentation it is written that: ``` Note that PR_SET_NO_NEW_PRIVS is applied after the container has changed into its intended AppArmor profile or SElinux context. ``` This commit fixes the behavior of `lxc_attach` by moving `PR_SET_NO_NEW_PRIVS` set logic after LSM for the process is configured; Closes #3393 Signed-off-by:Alexander Livenets <a.livenets@gmail.com>
-
Christian Brauner authored
Closes: Coverity 1465044. Closes: Coverity 1465046. Signed-off-by: -
Christian Brauner authored
Fixes: Coverity 1465045. Signed-off-by: -
Christian Brauner authored
Signed-off-by:
-
- 03 Jul, 2020 1 commit
-
-
Wolfgang Bumiller authored
Signed-off-by:Wolfgang Bumiller <w.bumiller@proxmox.com>
-
- 28 Jun, 2020 1 commit
-
-
Stéphane Graber authored
Signed-off-by:Stéphane Graber <stgraber@ubuntu.com>
-
- 25 Jun, 2020 3 commits
-
-
Christian Brauner authored
We're ignoring commands that we don't know about. They used to be fatal. Not anymore. Closes: #3459. Signed-off-by: -
Stéphane Graber authored
Closes #3457 Signed-off-by: -
Robert Vogelgesang authored
Stopping a lxc container with without waiting on it was broken in master. This patch fixes it. Signed-off-by:Robert Vogelgesang <vogel@folz.de>
-
- 20 Jun, 2020 5 commits
-
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Stéphane Graber authored
The previous change made things confusing by impliying there may be a secondary when VLAN/IPVLAN/bridge members can only have a single parent device. Signed-off-by:
-
- 18 Jun, 2020 3 commits
-
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
We can't do anything about the established kernel API but we can at least not propagate the terminology. Signed-off-by: -
Christian Brauner authored
Signed-off-by:
-
- 15 Jun, 2020 9 commits
-
-
Gaurav Singh authored
Signed-off-by:Gaurav Singh <gaurav1086@gmail.com>
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
It's now a wrapper around userns_exec_mapped_root() which allows us to avoid fork() + exec() lxc-usernsexec makes things way nicer to test with ASAN etc. Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
If we set O_RDWR we won't be able to open directories and if we set O_PATH we won't be able to chown. Signed-off-by: -
Christian Brauner authored
Closes: #3443. Signed-off-by: -
Thomas Parrott authored
Signed-off-by:Thomas Parrott <thomas.parrott@canonical.com>
-
Thomas Parrott authored
Signed-off-by:
-
