Commits · ff074c81940cd6c81533d50aed84c86210db69cf · Chen Yisong / lxc

17 Nov, 2016 1 commit

container start: clone newcgroup immediately · ff074c81

authored Jun 25, 2016

rather than waiting and later unsharing.

This "makes the creation of a new cgroup early enough that the existing
cgroup mounts are visible.  Which means any fancy permission checks
I dream will work on a future version of liblxc."

This also includes what should be a tiny improvement regarding netns,
though it's conceivable it'll break something.  Remember that with new
kernels we need to unshare netns after we've become the root user in the
new userns, so that netns files are owned by that root.  But we were
passing the unfiltered handler->clone_flags to the original clone().
This just resulted in a temporary extra netns generation, but still
worked since our target netns, which we passed our devices into, was
created late enough.
Signed-off-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>

ff074c81

26 Oct, 2016 26 commits

tests: add lxc_error() and lxc_debug() · 8511da27
Christian Brauner authored Oct 26, 2016
```
Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
```
8511da27
Tweak libtool handling to work with Android · 0a98f3df
Stéphane Graber authored Oct 25, 2016
```
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
```
0a98f3df

c/r: use snprintf to compute device name · f28b1f68

authored Oct 24, 2016

This will never actually overflow, because %d is 32 bits and eth is 128
bytes long, but safety first :)
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>

f28b1f68

c/r: drop duplicate hunk from macvlan case · 4d411134
Tycho Andersen authored Oct 24, 2016
```
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
```
4d411134
ubuntu: Fix package upgrades requiring proc · 9e747ddb
Stéphane Graber authored Oct 24, 2016
```
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
```
9e747ddb
c/r: add checkpoint/restore support for macvlan interfaces · ed19e98a
Tycho Andersen authored Sep 22, 2016
```
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
```
ed19e98a

c/r: remember to increment netnr · 1bcf81d7

authored Oct 12, 2016

We need this for calculating the name of unnamed interfaces in the config.
But we also need to remember to increment it :)
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>

1bcf81d7

c/r: use --external instead of --veth-pair · 841635f4

authored Oct 12, 2016

--veth-pair has been deprecated as of 2.6, let's use the new --external
instead.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>

841635f4

Use libtool for liblxc.so · 4082d0de

authored Oct 21, 2016

This should allow proper filtering of build flags for libraries and make
it easier to use PIE/PIC.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

4082d0de

tools: correct the argument typo in lxc_copy · 0a93fd77

authored Oct 21, 2016

Correct the backingstorage typo in lxc_copy.
Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com>

0a93fd77

s390x: Fix seccomp handling of personalities · 99f252a8

authored Oct 20, 2016

There are no personalities for s390x, so don't list itself as one.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

99f252a8

lxc-alpine: do not drop setfcap · 2b6a9830
Jakub Jirutka authored Oct 18, 2016
```
Signed-off-by: Jakub Jirutka <jakub@jirutka.cz>
```
2b6a9830
alpine: Fix installing extra packages · d8953e37
roedie authored Oct 18, 2016
```
Signed-off-by: Sander Klein <github@roedie.nl>
```
d8953e37
tools: better error reporting for lxc-start · 35946774
Christian Brauner authored Oct 14, 2016
```
Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
```
35946774

tools: make overlay valid backend · f42cf2df

authored Oct 14, 2016

So far, users could only create overlay snapshots by specifying -B overlayfs
and not with -B overlay. This adds support for -B overlay.
Signed-off-by: Christian Brauner <christian.brauner@canonical.com>

f42cf2df

tools: fix coding style in lxc_attach · 1c8df138
Christian Brauner authored Oct 14, 2016
```
Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
```
1c8df138

tests: fix image download for s390x · 01c05c82

authored Oct 14, 2016

Make release selection more flexible.
Update the KNOWN_RELEAES list, add yakkety and remove vivid.
Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com>

01c05c82

Drop leftover references to lxc_strerror(). · 31802090

authored Oct 13, 2016

lxc_strerror() was dropped long time ago, in 2009 to be exact.

Related commit:
https://github.com/lxc/lxc/commit/7cee8789514fb42d6a48d50b904e24284f5526e3Signed-off-by: Jafar Al-Gharaibeh <to.jafar@gmail.com>

31802090

archlinux: Fix resolving · b91f0fae
Stéphane Graber authored Oct 13, 2016
```
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
```
b91f0fae
archlinux: Do DHCP on eth0 · 2b67aaee
Stéphane Graber authored Oct 13, 2016
```
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
```
2b67aaee
lxc-alpine: mount /dev/shm as tmpfs · 51ee5e0c
Jakub Jirutka authored Oct 12, 2016
```
Signed-off-by: Jakub Jirutka <jakub@jirutka.cz>
```
51ee5e0c

log: sanity check the returned value from snprintf() · 934ecd08

authored Oct 10, 2016

The returned value from snprintf() should be checked carefully.

This bug can be leveraged to execute arbitrary code through carefully
constructing the payload, e.g,

lxc-freeze -n `python -c "print 'AAAAAAAA' + 'B'*959"` -P PADPAD -o /tmp/log

This command running on Ubuntu 14.04 (x86-64) can cause a segment fault.
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>

934ecd08

mark the python examples as having utf-8 encoding · 51ee3c58

authored Oct 08, 2016

this allows running them also under Python2, which otherwise
would choke on Stéphane's name and error out with
 SyntaxError: Non-ASCII character '\xc3' in file …
Signed-off-by: Evgeni Golov <evgeni@debian.org>

51ee3c58

add Documentation entries to lxc and lxc@ units · 8d45c62c
Evgeni Golov authored Oct 08, 2016
```
Signed-off-by: Evgeni Golov <evgeni@debian.org>
```
8d45c62c
tests: add test for detect_ramfs_rootfs() · ac920ef6
Christian Brauner authored Sep 06, 2016
```
Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
```
ac920ef6
utils: make detect_ramfs_rootfs() return bool · 32a2ca49
Christian Brauner authored Sep 06, 2016
```
Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
```
32a2ca49

05 Oct, 2016 3 commits
- change version to 2.0.5 in configure.ac · 357e023b
  Stéphane Graber authored Oct 05, 2016
```
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
```
  357e023b
- tools: lxc-checkconfig conditionalize devpts check · 3a61be8e
  Christian Brauner authored Sep 29, 2016
```
Only check for DEVPTS_MULTIPLE_INSTANCES on kernels < 4.7.
Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
```
  3a61be8e
- Define LXC_DEVEL to detect development releases · 51a43951
  Stéphane Graber authored Oct 04, 2016
```
This can be used by downstreams to improve their "feature" checks.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
```
  51a43951
03 Oct, 2016 7 commits
- Fix spelling of CentOS in the templates · fbe7891b
  Roman Mueller authored Sep 28, 2016
```
Signed-off-by: Roman Mueller <roman.mueller@gmail.com>
```
  fbe7891b
- utils: lxc_deslashify() free memory · f9f676d7
  Christian Brauner authored Sep 26, 2016
```
Make sure we always free any memory that was allocated by the call to
lxc_normalize_path().
Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
```
  f9f676d7
- Fix for ALTLinux container creation in all branches · 3d5658d1
  Denis Pynkin authored Sep 26, 2016
```
Use 'apt-conf' virtual package for ALTLinux default packages set
Signed-off-by: Denis Pynkin <denis_pynkin@epam.com>
```
  3d5658d1
- tests: add unit tests for lxc_deslashify() · 29cbbb02
  Christian Brauner authored Sep 25, 2016
```
Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
```
  29cbbb02
- tools: lxc_deslashify() handle special cases · 0f0bf497
  Christian Brauner authored Sep 25, 2016
```
Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
```
  0f0bf497
- utils: fix lxc_string_split() · 304b20df
  Christian Brauner authored Sep 25, 2016
```
Make sure we don't return uninitialized memory.
Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
```
  304b20df
- Fix null derefence if attach is called without access to any tty · 07d11275
  Oliver Matthews authored Sep 25, 2016
```
Signed-off-by: Oliver Matthews <oliver@codersoffortune.net>
```
  07d11275
23 Sep, 2016 3 commits

c/r: detatch from controlling tty on restore · a6013704
Tycho Andersen authored Sep 21, 2016
```
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
```
a6013704

conf: try to retrieve mtu from veth · eb39afe5

authored Sep 21, 2016

When the mtu cannot be retrieved from netdev->link try from veth device.
Signed-off-by: Christian Brauner <christian.brauner@canonical.com>

eb39afe5

conf: retrieve mtu from netdev->link · 8d9e6d77

authored Sep 21, 2016

When mtu is not set, try to retrieve mtu from netdev->link.
Signed-off-by: Christian Brauner <christian.brauner@canonical.com>

8d9e6d77