mir/lxc
2
0
Fork 0
mirror of git://github.com/lxc/lxc synced 2025-09-05 14:59:37 +00:00
Code Issues Releases Wiki Activity
10,389 Commits 8 Branches 122 Tags
8c89dd0cfd85579431036c5ff2e225226a4b31e9
Commit Graph

10389 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Christian Brauner
8c89dd0cfd tools/lxc_autostart: fix failed count 
Don't include skipped containers in the failed count.

Fixes: #3857
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-06-14 12:02:22 +02:00
Christian Brauner
ef68581ce4 lsm/apparmor: actually report an error when we fail to wire AppArmor profile 
Link: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1931064
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-06-08 14:49:08 +02:00
Christian Brauner
88a5ffc936 lxc: add lpthread to lxc.pc 
Fixes: #3853
Suggested-by: Tycho Andersen <tycho@tycho.pizza>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-06-08 14:49:05 +02:00
Pablo Correa Gómez
71def1ad00 Update lxc-net to support nftables 
Closes #3093
Closes #3602

Add support for nftables firewall rules if `nft` command line
interface is available in the system

Signed-off-by: Pablo Correa Gómez <ablocorrea@hotmail.com>
 2021-06-08 14:49:01 +02:00
Christian Brauner
d41b0293f5 network: please broken compilers 
Some users report that compilation fails because of reports that this
variable can be used uninitialized. Initialize it to silence the
compiler.

Fixes: https://github.com/lxc/lxc/issues/3850
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-28 12:48:39 +02:00
Stéphane Graber
7cf81ec6f1 README: Update IRC 
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
 2021-05-28 12:48:38 +02:00
Christian Brauner
93be53b39d start: simplify startup synchronization 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-28 12:48:37 +02:00
Christian Brauner
5b5c4e0c9c start: reorder START_SYNC_POST_CONFIGURE 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-28 12:48:36 +02:00
Christian Brauner
837f9fe51e start: use barrier instead of wake/wait pair 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-28 12:48:35 +02:00
Christian Brauner
87dcc8d414 conf: use explicit signage in bit field 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-28 12:48:34 +02:00
Christian Brauner
2765b5c442 conf: move file descriptor synchronization with parent into single function 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-28 12:48:33 +02:00
Christian Brauner
e8e538a54d conf: move file descriptor synchronization with child into single function 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-28 12:48:32 +02:00
Christian Brauner
1c662b823f cgroups: rework check whether legacy hierarchy is writable 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-28 12:48:31 +02:00
Christian Brauner
d4034c931f conf: fix mount option parsing 
Fixes: Coverity 1484906
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-28 12:48:30 +02:00
Christian Brauner
08eab8c005 confile: free mount data 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-28 12:48:28 +02:00
Christian Brauner
ceb0675657 conf: add sequence when setting up idmapped mounts 
Make sure we catch any weird behavior.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-28 12:48:27 +02:00
Christian Brauner
bf310548a0 conf: support idmapped lxc.mount.entry entries 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-28 12:48:25 +02:00
Wei Mingzhi
80cb4de65e Skip rootfs pinning for read-only file system. 
Signed-off-by: Wei Mingzhi <weimingzhi@baidu.com>
 2021-05-28 12:48:22 +02:00
Christian Brauner
835721f9e5 conf: rename struct mount_opt flag member s/flag/legacy_flag/ 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-28 12:48:20 +02:00
Christian Brauner
407dcc8a15 tree-wide: s/parse_mntopts/parse_mntopts_legacy/ 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-28 12:48:16 +02:00
Christian Brauner
d64c225f26 start: move idmapped mount setup later 
At the prior location we we're placed between sending and receiving
networking information over the data socket causing the startup to fail.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-17 11:05:40 +02:00
Christian Brauner
e9aab3d42d conf: tweak rootfs handling 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-12 16:17:17 +02:00
Christian Brauner
a96aa89b08 conf: don't unmount procfs and sysfs 
Fixes: #3838
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-12 16:17:16 +02:00
Christian Brauner
3628ccc5f2 conf: allow xdev when setting up /dev 
Fixes: #3838
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-12 16:17:15 +02:00
Christian Brauner
f002379124 cgroups: clean up cgroup_ops on initialization error 
Fixes: #3836
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-12 16:17:12 +02:00
Christian Brauner
96c3018762 oss-fuzz: add basic cgroup_init()/cgroup_exit() fuzzing 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-11 09:07:10 +02:00
Stéphane Graber
f8764e8a67 Merge pull request #3835 from brauner/2021-05-10.fixes.apparmor.stable-4.0 
confile: convert AppArmor and SELinux confile parsing from errors to …
 2021-05-10 12:12:33 -04:00
Christian Brauner
05cd29daad confile: convert AppArmor and SELinux confile parsing from errors to warnings 
Fixes: https://github.com/lxc/lxc/issues/3765#issuecomment-836792820
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-10 17:40:39 +02:00
Christian Brauner
aedfce1fc1 tests: fix lxc-test-arch-parse for make dist 
Fixes: https://jenkins.linuxcontainers.org/job/lxc-build-tarballs/2762/console
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-10 17:28:29 +02:00
Christian Brauner
7d24ac5a58 tests: add tests for supported architectures 
Ensure that we detect all supported architectures and don't regress
recognizing them.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-10 13:02:43 +02:00
Christian Brauner
2acc916dd8 confile: re-add aarch64 architecture 
Apparenty we dropped this when we cleaned up architecture handling.

Fixes: #3832
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-10 13:02:42 +02:00
Jeff Cook
4ab0047c8e Reflow ZFS check to follow the style of the overlayfs return. 
Per https://github.com/lxc/lxc/pull/3831#discussion_r628865713

Signed-off-by: Jeff Cook <jeff@jeffcook.io>
 2021-05-10 13:02:41 +02:00
Jeff Cook
4502dfce02 Skip rootfs pinning for ZFS roots. 
Signed-off-by: Jeff Cook <jeff@jeffcook.io>
 2021-05-10 13:02:38 +02:00
Christian Brauner
eb438f1914 doc: document new idmap= option for lxc.rootfs.options 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-08 12:14:16 +02:00
Christian Brauner
91ad9b94bc conf: handle kernels with CAP_SETFCAP 
LXC is being very clever and sometimes maps the caller's uid into the
child userns. This means that the caller can technically write fscaps
that are valid in the ancestor userns (which can be a security issue in
some scenarios) so newer kernels require CAP_SETFCAP to do this. Until
newuidmap/newgidmap are updated to account for this simply write the
mapping directly in this case.

Cc: stable-4.0
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-06 18:50:04 +02:00
Stéphane Graber
37485abd46 Release LXC 4.0.9 
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
lxc-4.0.9 		2021-05-04 12:56:15 -04:00
Christian Brauner
97d46fd372 attach: introduce explicit personality macro 
Introduce LXC_ATTACH_DETECT_PERSONALITY to make it explicit what is
happening instead of using -1.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-04 17:43:52 +02:00
Christian Brauner
84fc7c27b7 conf: add personality_t 
Catch errors in personality handling better.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-04 17:43:50 +02:00
Christian Brauner
70cf146177 attach_options: unbreak header 
In a moment of idioticity I switch -1 with 0xffffffff in the header
definition but we use -1 to autodetect.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-04 17:43:49 +02:00
Christian Brauner
2ce89d7ff1 conf: rework lxc_config_parse_arch() 
Fix architecture parsing. So far we couldn't really differ between "want
default architecture" and "failed to parse requested architecture"
because the -1 return value means both. Fix this by using the return
value only to indicate success or failure and return the parsed
personality in a return argument.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-04 17:43:48 +02:00
Christian Brauner
77f626c571 conf: tweak setup_personality() 
Use the dedicated LXC_ARCH_UNCHANGED macro everywhere instead of relying
on -1 being correct.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-04 17:43:47 +02:00
Christian Brauner
5ae15884c9 tree-wide: make personality codepaths unconditional 
Now that we have the infra to make personality handling unconitional
remove the ifndefs everywhere.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-04 17:43:46 +02:00
Christian Brauner
7389642a70 syscalls: wrap personality syscall if undefined 
There's no need to making personality handling conditional as it has
been around for such a long time that only weird systems wouldn't have
support for it. And especially if the user requested a specific
personality to be set but the system doesn't support the personality
syscall we should loudly fail instead of moving on.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-04 17:43:45 +02:00
Christian Brauner
9cc5d48b3f commands: log at debug not info level when receiving file descriptors 
Don't spam the logs because we do receive a lot of file descriptors.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-04 17:43:43 +02:00
Christian Brauner
2c1754e3e3 confile: make per_name struct static 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-05-04 17:43:41 +02:00
Evgeny Vereshchagin
4056542b51 string_utils: get around GCC-11 false positives 
by getting rid of stpncpy

Tested with gcc (GCC) 11.1.1 20210428 (Red Hat 11.1.1-1)

Closes https://github.com/lxc/lxc/issues/3752

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-05-04 17:43:40 +02:00
Evgeny Vereshchagin
15e2d139c7 github: also pass the j option to make 
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-05-04 17:43:38 +02:00
Evgeny Vereshchagin
f0292a36f2 github: remove the dh-* packages 
We don't build any packages there so it seems we don't need
those packages any more. Apart from that, it should make the
script work on Ubuntu Hirsute where dh-systemd was merged into
debhelper and is no longer available.

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-05-04 17:43:36 +02:00
Stéphane Graber
fb83151777 github: Run apt-get update in sanitizer test 
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
 2021-05-04 17:43:35 +02:00
Aaron Thompson
bdd90796f8 conf: fix console chmod error log messages 
Signed-off-by: Aaron Thompson <dev@aaront.org>
 2021-05-04 17:43:34 +02:00