mir/lxc
2
0
Fork 0
mirror of git://github.com/lxc/lxc synced 2025-09-03 07:19:32 +00:00
Code Issues Releases Wiki Activity
10,668 Commits 8 Branches 122 Tags
30538e7aedf7d75b51a1742568ab286162e6474d
Commit Graph

10668 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Christian Brauner
9843495025 lxccontainer: don't pass NULL pointer 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:23:54 +02:00
Christian Brauner
74e9fc1357 lxccontainer: fail when container can't be loaded 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:23:53 +02:00
Christian Brauner
471ec4611c lxccontainer: remove useless {} 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:23:52 +02:00
Christian Brauner
4c693145ff lxccontainer: use free_disarm() in list_all_containers() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:23:50 +02:00
Christian Brauner
042070c237 lxc-usernsexec: small tweaks 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:23:49 +02:00
Christian Brauner
10d871ac4d tree-wide: fix list_entry() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:23:47 +02:00
Maximilian Blenk
5f5fead6d4 attach: Fix -c command 
Currently, the -c command (to set the selinux context) seems to be
broken because the passed context is ignored and always overwritten by
the context specified in the config file. The intention behind the -c
imho was to be able to manually overwrite this behavior. This patch
ensures that the selinux context will be set if passed via the command
line.

Signed-off-by: Maximilian Blenk <Maximilian.Blenk@bmw.de>
 2021-10-14 17:23:46 +02:00
Christian Brauner
51551eae02 lxccontainer: tweak some array handling helpers 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:23:45 +02:00
Christian Brauner
f6eb82534c lxccontainer: improve add_to_clist() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:23:43 +02:00
Christian Brauner
05fa65b9b7 lxccontainer: improve add_to_array() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:23:42 +02:00
Christian Brauner
1b861f1c31 conf: port groups to new list type 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:23:41 +02:00
Christian Brauner
519fd9ef83 conf: port hooks to new list type 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:23:40 +02:00
Christian Brauner
1c14681034 conf: port apparmor to new list type 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:23:38 +02:00
Christian Brauner
e1bef9f3c8 conf: port mounts to new list type 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:23:37 +02:00
Christian Brauner
05f914122a cgroups: fix bpf device list 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:23:35 +02:00
Christian Brauner
7034f8b53f network: port ipv6 routes to new list type 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:23:33 +02:00
Christian Brauner
5bd1e99c6d network: port ipv4 routes to new list type 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:23:32 +02:00
Christian Brauner
83f2603419 cgroups: fix cgroup settings sorting 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:23:30 +02:00
Christian Brauner
383f9ac068 lxccontainer: align initialization 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:23:29 +02:00
Christian Brauner
18a65c946f tree-wide: s/ipv{4,6}_list/ipv{4,6}_addresses/g 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:23:27 +02:00
Christian Brauner
9e9d3bdb09 network: port ipv6 addresses to new list type 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:23:26 +02:00
Christian Brauner
f005570576 network: port ipv4 to new list type 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:23:24 +02:00
Christian Brauner
ff6da820fd conf: simplify and port caps to new list type 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:23:23 +02:00
Christian Brauner
0b2f87feba cgroup: remove unneeded forward declaration 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:23:22 +02:00
Christian Brauner
4d7f6d45b3 terminal: remove unused struct member 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:23:20 +02:00
Christian Brauner
d2a4cb3307 conf: port environment to new list type 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:23:19 +02:00
Christian Brauner
2e76a39e39 conf: remove unused variables 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:23:17 +02:00
Christian Brauner
bbf41da564 conf: switch to parse_mount_attrs() even for legacy mount() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:23:16 +02:00
Christian Brauner
7c855bf843 conf: support recursive propagation options properly 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:23:15 +02:00
Christian Brauner
a79107249b conf: rework recursive mount option handling 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:23:14 +02:00
Christian Brauner
9014ae58fa rootfs: remove "options" member 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:23:11 +02:00
Christian Brauner
fa27894965 conf: remove unused mountflags nember 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:23:10 +02:00
Christian Brauner
edffcd81b3 conf: port id_map to new list type 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:23:09 +02:00
Christian Brauner
82c5fb5331 conf: port cgroup settings to new list type 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:23:08 +02:00
Christian Brauner
95fb101e72 conf: port procs to new list type 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:23:03 +02:00
Christian Brauner
44ace6d0ce conf: port sysctls to new list type 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:23:01 +02:00
Christian Brauner
168be7b8fb conf: port rlimits to new list type 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:23:00 +02:00
Christian Brauner
1fc03f382d conf: port state_clients to new list type 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:59 +02:00
Christian Brauner
b988c5c989 mainloop: port handlers to new list type 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:57 +02:00
Christian Brauner
c2c0105ca8 cgroups: port bpf devices to new list type 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:55 +02:00
Christian Brauner
222ae84c88 tree-wide: port network handling to new list type 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:51 +02:00
Christian Brauner
a6926a0f6d list: add new kernel-based list implementation 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:50 +02:00
Maximilian Blenk
fe4704417a tools: fix elevated privilege handler in lxc-attach 
Make sure to return an error when the user requests an LSM profile to be
set while also requesting that elevated LSM privileges are to be used.

Signed-off-by: Maximilian Blenk <Maximilian.Blenk@bmw.de>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:48 +02:00
Christian Brauner
4cbbd1ce28 confile: rework lxc_fill_elevated_privileges() 
Cc: Maximilian Blenk <Maximilian.Blenk@bmw.de>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:46 +02:00
Christian Brauner
4e4f2816ff attach_options: add LXC_ATTACH_LSM_LABEL to LXC_ATTACH_LSM flags 
Cc: Maximilian Blenk <Maximilian.Blenk@bmw.de>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:44 +02:00
Christian Brauner
c87c0d4bcf tools: align struct initialization 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:43 +02:00
Christian Brauner
2cea425831 tools: fix variable declarations in lxc-attach 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:41 +02:00
Maximilian Blenk
bfcbb08223 attach: allow LSM attach without new mnt namespace 
Currently, the -c command (to set the selinux context) seems to be
broken because lxc-attach expects that also a new mount namespace
is specified via command line. This commit remove the check for the new
mount namespace to fix this issue. Please note that the
--elevated-privileges option is not affected by this issue.

Signed-off-by: Maximilian Blenk <Maximilian.Blenk@bmw.de>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:39 +02:00
Christian Brauner
251bd80cf3 confile: return negative errno everywhere 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:38 +02:00
Maximilian Blenk
61dd752523 config: enable seccomp profile only when compiled with libseccomp 
Make lxc fail if seccomp.profile is specified but lxc is compiled
without seccomp support. Currently, seccomp.profile is silently ignored
if is specified in such a scenario. This could lead to the false
impression that the seccomp filter is applied while it actually isn't.

Signed-off-by: Maximilian Blenk <Maximilian.Blenk@bmw.de>
 2021-10-14 17:22:36 +02:00