[lxc-devel] [GIT] lxc branch, master, updated. 7a82e9236d94619a1ad7aa6df9e2f10c81dbc344

Daniel Lezcano git at users.sourceforge.net
Tue Jul 20 12:52:00 UTC 2010 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "lxc".

The branch, master has been updated
       via  7a82e9236d94619a1ad7aa6df9e2f10c81dbc344 (commit)
       via  00dbc43e308bcccf5b2147e7fdb37bf9ca693fdc (commit)
       via  28f602ff477f5e5e924f2b931c6034b7df9e9851 (commit)
       via  05cda563bff2433c21acf5d13c364d581c34efd6 (commit)
       via  0ed9cc8b0000f7e1afbb7d7f404f6265e4d3b97e (commit)
       via  7d40e69bd7fd3e9eaf120be9f749245e7f48f997 (commit)
       via  b3357a6f5b90f1e342c270de66491afc412c1cf7 (commit)
      from  1c4a945262b8d110c3f8e0655ca50cb05d383c74 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 7a82e9236d94619a1ad7aa6df9e2f10c81dbc344
Author: Daniel Lezcano <dlezcano at fr.ibm.com>
Date:   Tue Jul 20 13:45:44 2010 +0200

    provide a script to set uid bit on cli
    
    Some file systems do not support the file posix capabilities.
    The following script set the setuid bit root on the different
    cli.
    
    Signed-off-by: Daniel Lezcano <dlezcano at fr.ibm.com>

commit 00dbc43e308bcccf5b2147e7fdb37bf9ca693fdc
Author: Daniel Lezcano <dlezcano at fr.ibm.com>
Date:   Tue Jul 20 13:45:44 2010 +0200

    fix console overwrite any file
    
    Prevent to specify a file not belonging to us as the output for the console
    
    Signed-off-by: Daniel Lezcano <dlezcano at fr.ibm.com>

commit 28f602ff477f5e5e924f2b931c6034b7df9e9851
Author: Daniel Lezcano <dlezcano at fr.ibm.com>
Date:   Tue Jul 20 13:45:44 2010 +0200

    fix log appending to any file
    
    With the capabilities, the open of the log file can be done on any
    file, making possible to modifify the content of the file.
    
    Let's drop the privilege when opening the file, so we ensure that is
    no longer possible.
    
    Signed-off-by: Daniel Lezcano <dlezcano at fr.ibm.com>

commit 05cda563bff2433c21acf5d13c364d581c34efd6
Author: Daniel Lezcano <dlezcano at fr.ibm.com>
Date:   Tue Jul 20 13:45:44 2010 +0200

    move the capabilities function to caps.c
    
    Move the reset of the capabilities to the caps.c file and
    initialize correctly the capabilities for lxc-init.
    
    Signed-off-by: Daniel Lezcano <dlezcano at fr.ibm.com>

commit 0ed9cc8b0000f7e1afbb7d7f404f6265e4d3b97e
Author: Daniel Lezcano <dlezcano at fr.ibm.com>
Date:   Tue Jul 20 13:45:44 2010 +0200

    initialize capabilities for lxc-start and lxc-execute
    
    Signed-off-by: Daniel Lezcano <dlezcano at fr.ibm.com>

commit 7d40e69bd7fd3e9eaf120be9f749245e7f48f997
Author: Daniel Lezcano <dlezcano at fr.ibm.com>
Date:   Tue Jul 20 13:45:44 2010 +0200

    add a macro to wrap a privilegied function
    
    This macro is a helper to call a function into a [un]privilegied section.
    
    Signed-off-by: Daniel Lezcano <dlezcano at fr.ibm.com>

commit b3357a6f5b90f1e342c270de66491afc412c1cf7
Author: Daniel Lezcano <dlezcano at fr.ibm.com>
Date:   Tue Jul 20 13:45:44 2010 +0200

    remove/restore effective capabilities
    
    This patch adds the functions to drop the 'effective' capabilities and
    restore them from the 'permitted' capabilities.
    
    When the command is run as 'root' we do nothing.
    When the command is run as 'lambda' user, we drop the effective capabilities
    When the command is run as 'root' but real uid is not root, we keep the capabilies,
    switch to real uid, and drop the effective capabilities.
    
    This approach is compatible for root user, lambda + file capabilities
    and lambda + setuid.
    
    Signed-off-by: Daniel Lezcano <dlezcano at fr.ibm.com>

-----------------------------------------------------------------------

Summary of changes:
 configure.ac                  |    1 +
 src/lxc/Makefile.am           |    6 +-
 src/lxc/caps.c                |  159 +++++++++++++++++++++++++++++++++++++++++
 src/lxc/{monitor.h => caps.h} |   47 ++++++++-----
 src/lxc/console.c             |   11 ++--
 src/lxc/log.c                 |    6 +-
 src/lxc/lxc-setuid.in         |  104 +++++++++++++++++++++++++++
 src/lxc/lxc_execute.c         |    5 +-
 src/lxc/lxc_init.c            |   30 ++------
 src/lxc/lxc_start.c           |    4 +
 10 files changed, 323 insertions(+), 50 deletions(-)
 create mode 100644 src/lxc/caps.c
 copy src/lxc/{monitor.h => caps.h} (53%)
 create mode 100644 src/lxc/lxc-setuid.in


hooks/post-receive
-- 
lxc

More information about the lxc-devel mailing list