Commits · ee1b16bcbd6d570bbfde9d7cefd960cddedbbf6e · Chen Yisong / lxc

09 Feb, 2018 3 commits

fix userns helper error handling · ee1b16bc

authored Feb 09, 2018

In both of these cases if there is actually an error, we won't close the
pipe and the api call will hang. Instead, let's be sure to close the pipe
before waiting, so that it doesn't hang.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>

ee1b16bc

Merge branch 'duguhaotian-new' into lxc/master · 2df70fba
Christian Brauner authored Feb 09, 2018

2df70fba
conf: fix log message · 90f20466
duguhaotian authored Feb 09, 2018
```
Signed-off-by: duguhaotian <duguhaotian@gmail.com>
```
90f20466

08 Feb, 2018 14 commits
- Merge pull request #2143 from brauner/2018-02-08/fix_cgroup_ns · 17eba7a2
  Stéphane Graber authored Feb 08, 2018
```
start: check for cgroup namespace support
```
  17eba7a2
- start: check for cgroup namespace support · 7bd05339
  Christian Brauner authored Feb 08, 2018
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  7bd05339
- Merge pull request #2142 from hallyn/2018-02-08/priv · e3fe3512
  Christian Brauner authored Feb 08, 2018
```
2018 02 08/priv
```
  e3fe3512
- Restore most cases of am_guest_unpriv · e0010464
  Serge Hallyn authored Feb 08, 2018
```
The only cases where we really need to be privileged with respect
to the host is when we are trying to mknod, and in some cases
to do with a physical network device.  This patch leaves the
detection of the network device cases as a TODO.

This should fix the currently broken case of starting a privileged
container with at least one veth nic, nested inside an unprivileged
container.

Cc: Tycho Andersen <tycho@tycho.ws>
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
```
  e0010464
- define am_guest_unpriv · 477aa378
  Serge Hallyn authored Feb 08, 2018
```
Sometimes we want to know whether we are privileged wrt our
namespaces, and sometimes we want to know whether we are priv
wrt init_user_ns.
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
```
  477aa378
- Merge pull request #2125 from brauner/2018-02-02/add_namespace_configs · 5596585d
  Stéphane Graber authored Feb 08, 2018
```
confile: add lxc.namespace.share.[namespace], lxc.namespace.keep, lxc.namespace.clone
```
  5596585d
- Merge pull request #2137 from brauner/2018-02-07/fix_unprivileged_flag · dfb7073f
  Stéphane Graber authored Feb 08, 2018
```
tools/lxc-ls: fix logic for unpriv containers
```
  dfb7073f
- Merge pull request #2140 from brauner/2018-02-08/cgfsng_fix_ro_remount · d99e66cd
  Stéphane Graber authored Feb 08, 2018
```
cgfsng: add required remount flags
```
  d99e66cd
- cgfsng: add required remount flags · 5285689c
  Christian Brauner authored Feb 08, 2018
```
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9566d6742852c527bf5af38af5cbb878dad75705Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  5285689c
- Merge branch 'marcosps-selinux_simplification' into lxc/master · ca20a3b3
  Christian Brauner authored Feb 08, 2018
  
  ca20a3b3
- lsm: fix missing @ in function documentation · 08fccae2
  Marcos Paulo de Souza authored Feb 07, 2018
```
Signed-off-by: Marcos Paulo de Souza <marcos.souza.org@gmail.com>
```
  08fccae2
- selinux: simplify check for default label · 1be8cb04
  Marcos Paulo de Souza authored Feb 07, 2018
```
Signed-off-by: Marcos Paulo de Souza <marcos.souza.org@gmail.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  1be8cb04
- Merge branch 'marcosps-issue_870' into lxc/master · 5c80e9fc
  Christian Brauner authored Feb 08, 2018
  
  5c80e9fc
- cgroups: add check for lxc.cgroup.use · 9ea09fb4
  Marcos Paulo de Souza authored Feb 07, 2018
```
Closes #870.
Signed-off-by: Marcos Paulo de Souza <marcos.souza.org@gmail.com>
```
  9ea09fb4
07 Feb, 2018 8 commits

tools/lxc-ls: fix logic for unpriv containers · f71634fc
Christian Brauner authored Feb 07, 2018
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
f71634fc

templates: CentOS fixes · ff5976cd

authored Feb 07, 2018

Issues fixed:
- lxc-centos died about a missing /run directory
- lxc-centos complained about some config files it couldn't modify
- the new container got stuck at startup time for a minute
  (literally), waiting for systemd-remount-fs startup script

Of course it still works for RHEL 6, CentOS 6 and 7 as well. I did not
verify earlier CentOS or RHEL releases.
Signed-off-by: Harald Dunkel <harald.dunkel@aixigo.de>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

ff5976cd

Merge branch 'lifeng68-remount_cgroup' into lxc/master · 08fbe494
Christian Brauner authored Feb 07, 2018

08fbe494
cgfsng: non-functional changes · 886cac86
Christian Brauner authored Feb 07, 2018
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
886cac86

cgfsng: do MS_REMOUNT · f8c40ffa

authored Feb 07, 2018

Perform MS_REMOUNT on mounts with MS_RDONLY.
Signed-off-by: LiFeng <lifeng68@huawei.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

f8c40ffa

Merge branch 'lifeng68-use_env_vars_in_container' into lxc/master · c112f06d
Christian Brauner authored Feb 07, 2018

c112f06d
attach: non-functional changes · 3d55242a
Christian Brauner authored Feb 07, 2018
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
3d55242a

attach: set the container's environment variables · 7385273f

authored Feb 07, 2018

Set the same environment variables that were used when starting the container
when attaching to the container.
Signed-off-by: LiFeng <lifeng68@huawei.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

7385273f

06 Feb, 2018 7 commits
- doc: add lxc.namespace.clone + lxc.namespace.keep · 46186acd
  Christian Brauner authored Feb 05, 2018
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  46186acd
- start: resolve clone flags · 8bc8c715
  Christian Brauner authored Feb 02, 2018
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  8bc8c715
- confile: add lxc.namespace.keep · abeb5bba
  Christian Brauner authored Feb 02, 2018
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  abeb5bba
- confile: add lxc.namespace.clone · 1d8d3676
  Christian Brauner authored Feb 02, 2018
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  1d8d3676
- confile: lxc.namespace.* -> lxc.namespace.share.* · b074bbf1
  Christian Brauner authored Feb 02, 2018
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  b074bbf1
- Merge pull request #2117 from brauner/2018-01-26/cgroup_v2_support · 3fb8253d
  Serge Hallyn authored Feb 06, 2018
```
cgroups: add unified hierarchy support
```
  3fb8253d
- Merge pull request #2044 from brauner/2017-12-16/lxc_ls_add_unprivileged_field · d8eb058d
  Serge Hallyn authored Feb 06, 2018
```
tools: add UNPRIVILEGED field in fancy output mode
```
  d8eb058d
05 Feb, 2018 5 commits

Merge pull request #2130 from tych0/sigterm-handling · af3f9cc9
Serge Hallyn authored Feb 05, 2018
```
Sigterm handling
```
af3f9cc9
Merge pull request #2129 from tych0/sigterm-sigkill · 05f2fed7
Christian Brauner authored Feb 05, 2018
```
lxc-init: use SIGKILL after alarm timeout
```
05f2fed7
lxc.init: ignore SIGHUP · 186dfb16
Tycho Andersen authored Feb 05, 2018
```
see comment for details.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>
```
186dfb16

monitor: send SIGTERM to the container when SIGHUP is received · d4b5d7a8

authored Feb 05, 2018

For the ->execute() case, we want to make sure the application dies when
SIGHUP is received. The next patch will ignore SIGHUP in the lxc monitor,
because tasks inside the container send SIGHUP to init to have it reload
its config sometimes, and we don't want to do that with init.lxc, since it
might actually kill the container if it forwards SIGHUP to the child and
the child can't handle it.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>

d4b5d7a8

lxc-init: use SIGKILL after alarm timeout · 60e324aa

authored Feb 05, 2018

d76e3e1a inadvertently switched the alarm timeout from sigterm to sigkill.
We really want sigkill here, so let's bring it back.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>

60e324aa

02 Feb, 2018 2 commits

Merge pull request #2126 from flx42/nvidia-visible-devices-change-null-semantic · e6bd446c
Christian Brauner authored Feb 02, 2018
```
hooks: change the semantic of NVIDIA_VISIBLE_DEVICES=""
```
e6bd446c

hooks: change the semantic of NVIDIA_VISIBLE_DEVICES="" · b8724383

authored Feb 02, 2018

With LXC, you can override the value of an environment variable to
null, but you can't unset an existing variable.

The NVIDIA hook was previously activated when NVIDIA_VISIBLE_DEVICES
was set to null. As a result, it was not possible to disable the hook
by overriding the environment variable in the configuration.

The hook can now be disabled by setting NVIDIA_VISIBLE_DEVICES to
null or to the new special value "void".
Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>

b8724383

01 Feb, 2018 1 commit
- Merge pull request #2120 from stgraber/master · b046bbab
  Christian Brauner authored Feb 01, 2018
```
debian: We must use iproute on wheezy
```
  b046bbab