mir/lxc
2
0
Fork 0
mirror of git://github.com/lxc/lxc synced 2025-08-31 11:49:33 +00:00
Code Issues Releases Wiki Activity
9,560 Commits 8 Branches 122 Tags
9d6a3de70086d46f7562ac689d10ca1e36b237a1
Commit Graph

9560 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Eneas U de Queiroz
9d6a3de700 configure: skip libseccomp tests if it is disabled 
Move the block checking for libseccomp api compatibility inside
AM_COND_IF([ENABLE_SECCOMP] ... ).

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
 2021-01-22 19:37:14 +01:00
Eneas U de Queiroz
b1710cdb03 commands: fix check for seccomp notify support 
Use HAVE_SECCOMP_NOTIFY instead of HAVE_DECL_SECCOMP_NOTIFY_FD.
Currently the latter will be true if the declaration is found by
configure, even if 'configure --disable-seccomp' is used.

HAVE_SECCOMP_NOTIFY is defined in lxcseccomp.h if both HAVE_SECCOMP and
HAVE_DECL_SECCOMP_NOTIFY_FD are true, which is the correct behavior.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
 2021-01-22 19:37:08 +01:00
Stéphane Graber
1048d5e1f6 Release LXC 4.0.6 
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
lxc-4.0.6 		2021-01-11 19:19:17 -05:00
Motiejus Jakštys
1058884aec make lxc-net hermetic w.r.t. existing dnsmasq config 
lxc's dnsmasq will try to read system's dnsmasq if `--conf-file` is not
specified. This is likely not desirable, as lxc's dnsmasq should be
self-contained.

On my system the conflicting options are `--bind-interfaces` and
`--bind-dynamic`, since the same host is doing other DNS-y things
unrelated to lxc.

This is an incompatible change, since lxc's dnsmasq will stop honoring
system's `/etc/dnsmasq.conf`, and some systems may be relying on it.
Given that, I believe it should not depend on it by default, since
dnsmasq is lxc's implementation detail. However, if the user desires,
the old behavior could be brought back by setting
`LXC_DHCP_CONFILE=/etc/dnsmasq.conf` in `/etc/default/lxc-net`.

Signed-off-by: Motiejus Jakštys <motiejus@jakstys.lt>
 2021-01-11 17:36:16 +01:00
sirh3e
34a93d4190 Changed Version from 2.*.* to 4.*.* 
Signed-off-by: sirh3e <marvin.huber@bluewin.ch>
 2021-01-11 17:36:13 +01:00
Christian Brauner
952ab61826 conf: fix CAP_NET_ADMIN-based mount handling 
Fixes: e8b9c9ec6f ("unmounted proc/sys/net if dropping CAP_NET_ADMIN")
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-01-06 14:13:58 +01:00
Christian Brauner
2dfeec3d72 conf: add lxc_wants_cap() helper 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-01-06 14:13:57 +01:00
Christian Brauner
1865b6406b macro: define all capabilities 
Fixes: #3612
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-01-06 14:13:55 +01:00
Christian Brauner
ee79a696cf conf: add new capabilities CAP_{BLOCK_SUSPEND,PERFMON,BPF,CAP_CHECKPOINT_RESTORE} 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-01-06 14:13:53 +01:00
Christian Brauner
9ace6f7ce7 conf: define missing capabilities 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-01-06 14:13:52 +01:00
Christian Brauner
0d6d83fdd0 macro: use ascending order for capabilities 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-01-06 14:13:50 +01:00
Christian Brauner
a4a5fe2a24 cgroup2: move bpf device cgroup program to struct cgroup_ops 
Cc: stable-4.0
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-01-06 14:13:44 +01:00
Christian Brauner
1f253dbedf utils: allow cross-device resolution 
This is needed to enable containers without a rootfs.

Fixes: #3607
Cc: stable-4.0
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-01-06 14:13:42 +01:00
Christian Brauner
4028130680 confile: don't accidently alter lxc.cgroup.dir 
Cc: stable-4.0
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-01-06 14:13:40 +01:00
Christian Brauner
ef0e44603f confile: cleanup set_config_hooks() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-01-06 14:13:31 +01:00
Christian Brauner
6e8b98aaf8 conf: fix block-device based rootfs mounting 
Fixes: #3598
Cc: stable-4.0
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-15 12:04:12 +01:00
zhenr667
af9dd246df unmounted proc/sys/net if dropping CAP_NET_ADMIN 
Signed-off-by: Henry Zhang <henryzhang99@gmail.com>
 2020-12-15 12:04:11 +01:00
Christian Brauner
460bba6057 criu: cleanup load_tty_major_minor() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-15 12:04:10 +01:00
Christian Brauner
53c6fcb715 confile_utils: cleanup strprint() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-15 12:04:10 +01:00
Christian Brauner
d21c028a15 confile: cleanup set_config_net_l2proxy() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-15 12:04:09 +01:00
Christian Brauner
958b4cf755 conf: fix unchecked return value 
Fixes: Coverity: 1465854
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-15 12:04:09 +01:00
Christian Brauner
edf66942ea utils: fix unchecked return value 
Fixes: Coverity 1465853
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-15 12:04:08 +01:00
Christian Brauner
2f787f1fe2 cgroups/cgfsng: remove logically dead code 
Fixes: Coverity 1461761
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-15 12:04:08 +01:00
Christian Brauner
dc974796b1 storage/btrfs: add missing return 
Fixes: Coverity 1461749
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-15 12:04:07 +01:00
Christian Brauner
734138a352 network: use empty initializer 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-15 12:04:07 +01:00
Christian Brauner
6c5ee20c82 storage/lvm: cleanup do_lvm_create() 
Fixes: Coverity 1461741
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-15 12:04:06 +01:00
Christian Brauner
f4d45f9aa7 utils: cleanup get_rundir() 
Fixes: Coverity 1461740
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-15 12:04:06 +01:00
Christian Brauner
1b89b88a88 lxclock: cleanup lxclock_name() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-15 12:04:05 +01:00
Christian Brauner
64630ea205 lxclock: cleanup dump_stacktrace() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-15 12:04:05 +01:00
Christian Brauner
2f116a9030 lxclock: cleanup lxc_putlock() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-15 12:04:04 +01:00
Christian Brauner
42356060cb lxclock: cleanup lxcunlock() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-15 12:04:04 +01:00
Christian Brauner
952d8f4f6f lxclock: cleanup lxclock() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-15 12:04:03 +01:00
Christian Brauner
b91a3fb388 lxclock: cleanup lxclock_name() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-15 12:04:03 +01:00
Christian Brauner
06767316f7 lxclock: cleanup lxc_newlock() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-15 12:04:02 +01:00
Christian Brauner
b19fbb7faa lxclock: logically dead code 
Fixes: Coverity 1461722
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-15 12:04:02 +01:00
Christian Brauner
ecd804971d cmd/lxc_init: ignore return value 
Fixes: Coverity 1440390
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-15 12:04:01 +01:00
Christian Brauner
ca8cc21a91 confile_utils: cleanup sig_parse() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-15 12:04:01 +01:00
Christian Brauner
ef53e0d730 confile_utils: cleanup rt_sig_num() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-15 12:04:00 +01:00
Christian Brauner
08d724a39d confile_utils: cleanup sig_num() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-15 12:04:00 +01:00
Christian Brauner
bb956bfcf8 confile_utils: cleanup lxc_inherit_namespace() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-15 12:03:59 +01:00
Christian Brauner
60e7645af4 confile_utils: cleanup lxc_container_name_to_pid() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-15 12:03:58 +01:00
Christian Brauner
bffb57fcb4 lxc: add cleanup helpers 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-15 12:03:58 +01:00
Christian Brauner
3990a3812c confile_utils: cleanup new_hwaddr() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-15 12:03:57 +01:00
Christian Brauner
28afad7e68 confile_utils: cleanup network_ifname() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-15 12:03:57 +01:00
Christian Brauner
ccdd7c31c6 confile_utils: cleanup set_config_bool_item() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-15 12:03:56 +01:00
Christian Brauner
9055817198 confile_utils: cleanup set_config_string_item_max() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-15 12:03:56 +01:00
Christian Brauner
01dbd528cc confile_utils: cleanup set_config_string_item() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-15 12:03:55 +01:00
Christian Brauner
e7193aa4d4 confile_utils: cleanup lxc_ipvlan_flag_to_isolation() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-15 12:03:54 +01:00
Christian Brauner
a438604152 confile_utils: cleanup lxc_ipvlan_isolation_to_flag() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-15 12:03:54 +01:00
Christian Brauner
9d64e32916 confile_utils: cleanup lxc_ipvlan_isolation 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-15 12:03:53 +01:00