Note this results in nics named things like 'lxcuser-0p'. We'll
likely want to pass the requested name to lxc-user-nic, but let's
do that in a separate patch.
If we're not root, we can't create new network itnerfaces to pass
into the container. Instead wait until the container is started,
and ca
Note that since we don't drop CAP_SYS_ADMIN, root in the container can
remount proc or sys however they want to, however this at least improves
the default situation.
Signed-off-by: Dwight Engen
---
templates/lxc-oracle.in | 7 +--
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a
On Wed, Oct 23, 2013 at 01:02:57AM +, Serge Hallyn wrote:
> From: Serge Hallyn
>
> 1. lxcapi_create: don't try to unshare and mount for dir backed containers
>
> It's unnecessary, and breaks unprivileged lxc-create (since unpriv users
> cannot yet unshare(CLONE_NEWNS)).
>
> 2. api_create: c
On Wed, Oct 23, 2013 at 01:02:58AM +, Serge Hallyn wrote:
> From: Serge Hallyn
>
> It needs to be done from the handler, not the container, since
> the container may not have the rights.
>
> Signed-off-by: Serge Hallyn
Acked-by: Stéphane Graber
> Changelog:
> Jul 22: remove hardcoded
On Wed, Oct 23, 2013 at 01:02:59AM +, Serge Hallyn wrote:
> From: Serge Hallyn
>
> Signed-off-by: Serge Hallyn
We really should be working on a shared set of functions all templates
can source instead of re-inventing the wheel over and over again
(thinking about config, fstab, architecture
On Wed, Oct 23, 2013 at 10:52:37AM -0500, Serge Hallyn wrote:
> Note this results in nics named things like 'lxcuser-0p'. We'll
> likely want to pass the requested name to lxc-user-nic, but let's
> do that in a separate patch.
>
> If we're not root, we can't create new network itnerfaces to pass
Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: 9d65a4872917d4bed744aaddafc99046c588e7ae
https://github.com/lxc/lxc/commit/9d65a4872917d4bed744aaddafc99046c588e7ae
Author: KATOH Yasufumi
Date: 2013-10-23 (Wed, 23 Oct 2013)
Changed paths:
M src/lxc/lxcc
Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: a1e4c206d5373b8ecd7906bff37f2601d65f022c
https://github.com/lxc/lxc/commit/a1e4c206d5373b8ecd7906bff37f2601d65f022c
Author: KATOH Yasufumi
Date: 2013-10-23 (Wed, 23 Oct 2013)
Changed paths:
M templates/lx
Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: 09b15218a42cb77adcc6033929e3188c53cdc574
https://github.com/lxc/lxc/commit/09b15218a42cb77adcc6033929e3188c53cdc574
Author: KATOH Yasufumi
Date: 2013-10-23 (Wed, 23 Oct 2013)
Changed paths:
M doc/ja/lxc-c
Signed-off-by: Stéphane Graber
---
templates/lxc-debian.in | 7 +++
1 file changed, 7 insertions(+)
diff --git a/templates/lxc-debian.in b/templates/lxc-debian.in
index 4dd4910..645fe8d 100644
--- a/templates/lxc-debian.in
+++ b/templates/lxc-debian.in
@@ -207,6 +207,13 @@ copy_configuration
Quoting Stéphane Graber (stgra...@ubuntu.com):
> Signed-off-by: Stéphane Graber
Acked-by: Serge E. Hallyn
> ---
> templates/lxc-debian.in | 7 +++
> 1 file changed, 7 insertions(+)
>
> diff --git a/templates/lxc-debian.in b/templates/lxc-debian.in
> index 4dd4910..645fe8d 100644
> --- a/t
Quoting Dwight Engen (dwight.en...@oracle.com):
> Note that since we don't drop CAP_SYS_ADMIN, root in the container can
> remount proc or sys however they want to, however this at least improves
> the default situation.
>
> Signed-off-by: Dwight Engen
Acked-by: Serge E. Hallyn
> ---
> templa
Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: aea1cd3cb730117967c9671aa50f68d2b241c39e
https://github.com/lxc/lxc/commit/aea1cd3cb730117967c9671aa50f68d2b241c39e
Author: Stéphane Graber
Date: 2013-10-23 (Wed, 23 Oct 2013)
Changed paths:
M templates/l
Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: 8f47bc3f318b84886e86fe3e71e37c9a9d3b79d8
https://github.com/lxc/lxc/commit/8f47bc3f318b84886e86fe3e71e37c9a9d3b79d8
Author: Stéphane Graber
Date: 2013-10-23 (Wed, 23 Oct 2013)
Changed paths:
M src/lxc/con
Since we check /sys/kernel/security/ files when deciding whether
apparmor is enabled, and that might not be mounted in the container,
we cannot re-make the decision at apparmor_process_label_set() time.
Luckily we don't have to - just cache the decision made at
lsm_apparmor_drv_init().
Signed-off-
Those are a bit less obvious than those I pushed directly to master.
All those changes were required to build LXC under clang here.
With this, gcc can be replaced by clang to build LXC so long as you're
not using the python3 binding (as python extensions can't be built under
clang at the moment).
Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: 33662399da0d6d29a2a49b36fe5394741e068ef0
https://github.com/lxc/lxc/commit/33662399da0d6d29a2a49b36fe5394741e068ef0
Author: Dwight Engen
Date: 2013-10-23 (Wed, 23 Oct 2013)
Changed paths:
M templates/lxc-
Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: 7e6966e57264e993ee7856993cc5ee9ff31969a6
https://github.com/lxc/lxc/commit/7e6966e57264e993ee7856993cc5ee9ff31969a6
Author: Serge Hallyn
Date: 2013-10-23 (Wed, 23 Oct 2013)
Changed paths:
M src/lxc/lsm/ap
On Wed, Oct 23, 2013 at 08:54:13PM -0500, Serge Hallyn wrote:
> Since we check /sys/kernel/security/ files when deciding whether
> apparmor is enabled, and that might not be mounted in the container,
> we cannot re-make the decision at apparmor_process_label_set() time.
> Luckily we don't have to -
Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: 97c94afb5758366f5a49536c97e1dcd34c9760d9
https://github.com/lxc/lxc/commit/97c94afb5758366f5a49536c97e1dcd34c9760d9
Author: Stéphane Graber
Date: 2013-10-23 (Wed, 23 Oct 2013)
Changed paths:
M src/lxc/log
The addrlen parameter should be the actual length of socket's name for abstract
sockets. Otherwise socket gets padded with NULLs.
cat /proc/net/unix | grep lxc
[...]
: 0003 0001 03 226548
@lxc/ad055575fe28ddd5//var/lib/lxc^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
Quoting Stéphane Graber (stgra...@ubuntu.com):
> Those are a bit less obvious than those I pushed directly to master.
> All those changes were required to build LXC under clang here.
>
> With this, gcc can be replaced by clang to build LXC so long as you're
> not using the python3 binding (as pyth
list_active_containers parses /proc/net/unix which can contain multiple entries
for the same container;
: 0002 0001 0001 01 273672
@/var/lib/lxc/6/command
: 0002 0001 0001 01 274395
@/var/lib/lxc/5/command
: 0
On Wed, Oct 23, 2013 at 11:04:58PM -0500, Serge Hallyn wrote:
> Quoting Stéphane Graber (stgra...@ubuntu.com):
> > Those are a bit less obvious than those I pushed directly to master.
> > All those changes were required to build LXC under clang here.
> >
> > With this, gcc can be replaced by clang
Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: f371aca939bd8fab254de6f0a63d141f7550cf57
https://github.com/lxc/lxc/commit/f371aca939bd8fab254de6f0a63d141f7550cf57
Author: Stéphane Graber
Date: 2013-10-23 (Wed, 23 Oct 2013)
Changed paths:
M src/lxc/cap
25 matches
Mail list logo
