Commits · f8dd0275593f14fa58c3393bb56e83e8d74cae09 · Chen Yisong / lxc

24 Mar, 2016 5 commits
- utils: split null_stdfds() to open_devnull() and set_stdfds() · f8dd0275
  Aleksandr Mezin authored Mar 24, 2016
```
Signed-off-by: Aleksandr Mezin <mezin.alexander@gmail.com>
```
  f8dd0275
- start: use LXC_SYNC_ERROR to report errors. · d1ccb562
  Aleksandr Mezin authored Mar 24, 2016
```
This gives more meaningful error message than "invalid sequence".
Signed-off-by: Aleksandr Mezin <mezin.alexander@gmail.com>
```
  d1ccb562
- sync: add LXC_SYNC_ERROR to report errors from another process. · ea720ff1
  Aleksandr Mezin authored Mar 24, 2016
```
Signed-off-by: Aleksandr Mezin <mezin.alexander@gmail.com>
```
  ea720ff1
- Merge pull request #914 from brauner/2016-03-23/Purcarea_Bogdan · 28711463
  Christian Brauner authored Mar 24, 2016
```
lxc-busybox: Touch /etc/fstab in the container rootfs
```
  28711463
- lxc-busybox: Touch /etc/fstab in the container rootfs · 6ab1ca03
  Bogdan Purcareata authored Mar 22, 2016
```
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@nxp.com>
```
  6ab1ca03
23 Mar, 2016 2 commits

Merge pull request #911 from brauner/2016-03-23/Purcarea_Bogdan · 173e8205
Serge Hallyn authored Mar 23, 2016
```
open_without_symlink: Don't SYSERROR on something else than ELOOP
```
173e8205

open_without_symlink: Don't SYSERROR on something else than ELOOP · 88e078ba

authored Mar 23, 2016

The open_without_symlink routine has been specifically created to prevent
mounts with synlinks as source or destination. Keep SYSERROR'ing in that
particular scenario, but leave error handling to calling functions for the
other ones - e.g. optional bind mount when the source dir doesn't exist
throws a nasty error.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@nxp.com>

88e078ba

22 Mar, 2016 4 commits
- change version to 2.0.0.rc13 in configure.ac · 684753c2
  Stéphane Graber authored Mar 22, 2016
```
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
```
  684753c2
- Merge pull request #908 from tych0/fix-907 · 1becda46
  Christian Brauner authored Mar 22, 2016
```
Fix 907
```
  1becda46
- c/r: rename restore & friends to __criu_restore · b7088add
  Tycho Andersen authored Mar 22, 2016
```
Hopefully this will avoid name collisions with any user binaries, since
criu is just an implementation detail.

Closes #907
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
```
  b7088add
- lxc-checkpoint: make things static when they can be · fa25c39a
  Tycho Andersen authored Mar 22, 2016
```
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
```
  fa25c39a
21 Mar, 2016 4 commits

Merge pull request #906 from tych0/fix-console-none-migration · f036e5ce
Serge Hallyn authored Mar 21, 2016
```
Fix console none migration
```
f036e5ce

c/r: don't fail if there is no console_fd on restore · 97e4f1a9

authored Mar 21, 2016

If we set lxc.console=none, this fd won't exist, so let's not fail if it
doesn't. We already partially handled this case correctly, so let's
actually handle it correctly :)
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>

97e4f1a9

c/r: don't pass --ext-mount-map flag when console=none · 36d2096c

authored Mar 21, 2016

We don't pass anything on the restore side since we didn't save anything,
but the restore side will expect something if we pass this. Instead, let's
not pass anything.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>

36d2096c

change version to 2.0.0.rc12 in configure.ac · ecd852f3
Stéphane Graber authored Mar 21, 2016
```
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
```
ecd852f3

18 Mar, 2016 4 commits
- Merge pull request #902 from tych0/better-criu-logging · 56d6e75b
  Stéphane Graber authored Mar 18, 2016
```
Better criu logging
```
  56d6e75b
- c/r: print criu's stdout when it fails · 3d9a5c85
  Tycho Andersen authored Mar 18, 2016
```
In particular, when CRIU fails before it has its log completely initialized
(e.g. if the log directory doesn't exist, or if the argument parser fails),
it prints this to stdout. Let's log that.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
```
  3d9a5c85
- c/r: log the exact command we exec · cf4b07a5
  Tycho Andersen authored Mar 18, 2016
```
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
```
  cf4b07a5
- change version to 2.0.0.rc11 in configure.ac · 72e7e168
  Stéphane Graber authored Mar 17, 2016
```
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
```
  72e7e168
17 Mar, 2016 11 commits

Merge pull request #901 from stgraber/master · c3794888
Christian Brauner authored Mar 17, 2016
```
download: Bump to compat level 3
```
c3794888
download: Bump to compat level 3 · 9fd38724
Stéphane Graber authored Mar 17, 2016
```
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
```
9fd38724
Merge pull request #900 from tych0/dont-always-create-console · c9013d03
Stéphane Graber authored Mar 17, 2016
```
autodev: don't always create /dev/console
```
c9013d03

autodev: don't always create /dev/console · 0728ebf4

authored Mar 17, 2016

In particular, only create /dev/console when it is set to "none".
Otherwise, we will bind mount a pts device later, so let's just leave it.

Also, when bind mounting the pts device, let's create /dev/console if it
doesn't exist, since it may not already exist due to the above :)

v2: s/ot/to
v3: add O_EXCL so we actually get EEXIST, use the right condition for
    mount_console (we want to compare against console.path, not
    console.name, and console.path can be null)
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>

0728ebf4

Merge pull request #899 from hallyn/2016-03-16/cgroupauto.2 · 16ec15b2
Stéphane Graber authored Mar 17, 2016
```
cgfsng: include sys/mount.h
```
16ec15b2

cgfsng: two fixes for cgroup-full · 5b6f9369

authored Mar 16, 2016

We need to pass nosuid+nexec+nodev to remount to stop the kernel
from denying it.

When remounting the container's path read-write, use the right dest
path.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

5b6f9369

include bdev.h · 3e32591c

authored Mar 16, 2016

for the define of RELATIME for android
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

3e32591c

use hierarchy base path not just controller cgroup · ef4413fa
Serge Hallyn authored Mar 16, 2016
```
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
```
ef4413fa

cgfsng: include sys/mount.h · f0368a9f

authored Mar 16, 2016

to hopefully define RELATIME for android
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

f0368a9f

Merge pull request #898 from hallyn/2016-03-16/cgroupauto · 3860edcb
Stéphane Graber authored Mar 16, 2016
```
2016 03 16/cgroupauto
```
3860edcb
no variable decl in for loop · a8de4c49
Serge Hallyn authored Mar 16, 2016
```
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
```
a8de4c49

16 Mar, 2016 4 commits

cgroups: try to load cgmanager first · 9ec45e7f

authored Mar 15, 2016

If cgmanager is running, use it.  This allows the admin to simply
stop cgmanager if they don't want to use it.  The other way there
is no way to choose to use cgmanager.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

9ec45e7f

implement lxc.mount.auto = cgroup for cgfsng · 8aa1044f

authored Mar 15, 2016

Also add testcase for each of the cgroup{,-full}:{rw,ro,mixed} cases.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

8aa1044f

Merge pull request #897 from hallyn/2016-03-16/aa · e97069ad
Christian Brauner authored Mar 16, 2016
```
Prevent access to pci devices
```
e97069ad

Prevent access to pci devices · 4845c17a

authored Mar 16, 2016

Prevent privileged containers from messing with the host's pci devices
directly.  Refuse access under /proc/bus, and drop cap_sys_rawio.  Some
containers may need to re-enable cap_sys_rawio (i.e. if they run an
X server).

It may be desirable to break some of this stuff into files which can be
separately included (or not included), but this patch isn't the right
place for that.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

4845c17a

15 Mar, 2016 6 commits
- Merge pull request #896 from hallyn/2016-03-15/nest · b3e4df8a
  Stéphane Graber authored Mar 15, 2016
```
2016 03 15/nest
```
  b3e4df8a
- nesting: remove the nesting hint from configuration templates · e6bff191
  Serge Hallyn authored Mar 15, 2016
```
we're having it inserted in every config by the lxcapi_create
itself.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
```
  e6bff191
- nesting: document how to enable nesting in container configurations · 49a2ed80
  Serge Hallyn authored Mar 15, 2016
```
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
```
  49a2ed80
- Merge pull request #895 from tych0/fix-android-build · 01283774
  Stéphane Graber authored Mar 15, 2016
```
build: fix build on android (and ppc)
```
  01283774
- build: fix build on android (and ppc) · f03280a7
  Tycho Andersen authored Mar 15, 2016
```
The problem here is that dev_t on most platforms is `long unsigned`, but on
android (and ppc?) it's `long long unsigned`. Let's just upcast to `long
long unsigned` and use that format string to keep the compilers happy.

Safety first!
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
```
  f03280a7
- Merge pull request #893 from tych0/dont-require-dev-console-none · 75d0c7b3
  Stéphane Graber authored Mar 15, 2016
```
Dont require dev console none
```
  75d0c7b3