[lxc-devel] [lxc/lxc] 529148: check whether rootfs is shared before running pre-...
GitHub
noreply at github.com
Tue Apr 1 20:01:30 UTC 2014
Branch: refs/heads/stable-1.0
Home: https://github.com/lxc/lxc
Commit: 5291485559d39c7f3480c7df76fc42c92a7b7b1d
https://github.com/lxc/lxc/commit/5291485559d39c7f3480c7df76fc42c92a7b7b1d
Author: Florian Klink <flokli at flokli.de>
Date: 2014-04-01 (Tue, 01 Apr 2014)
Changed paths:
M src/lxc/conf.c
Log Message:
-----------
check whether rootfs is shared before running pre-mount hooks
this expands c597baa8f9 and 2c6f3fc932.
Also move the block using detect_ramfs_rootfs() from setup_rootfs() to
lxc_setup()
Signed-off-by: Florian Klink <flokli at flokli.de>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Commit: 82d657b4126dfb8ff42bf14403a462547da50e93
https://github.com/lxc/lxc/commit/82d657b4126dfb8ff42bf14403a462547da50e93
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2014-04-01 (Tue, 01 Apr 2014)
Changed paths:
M configure.ac
M src/lxc/Makefile.am
M src/lxc/execute.c
Log Message:
-----------
move lxc-init to /sbin/init.lxc
Using the multiarch dir causes problems when running lxc-execute
on amd64 with an i386 container. /sbin/lxc-init is a more confusing
name and will show up in 'lxc<tab>'. /sbin/init.lxc should be quite
obvious as an init for lxc.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: 4bbafc12fe8b148fbb2ccbce40836395cd4efa27
https://github.com/lxc/lxc/commit/4bbafc12fe8b148fbb2ccbce40836395cd4efa27
Author: Bogdan Purcareata <bogdan.purcareata at freescale.com>
Date: 2014-04-01 (Tue, 01 Apr 2014)
Changed paths:
M src/lxc/confile.c
Log Message:
-----------
config_network_type: set macvlan default mode to private
If a default mode is not set, the container requires an explicit
mode specified in the config file, otherwise creating the
container fails.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata at freescale.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Commit: e50266134226f3e75196dfb63b59b363ccef9646
https://github.com/lxc/lxc/commit/e50266134226f3e75196dfb63b59b363ccef9646
Author: Dwight Engen <dwight.engen at oracle.com>
Date: 2014-04-01 (Tue, 01 Apr 2014)
Changed paths:
M config/Makefile.am
A config/yum/Makefile.am
A config/yum/lxc-patch.py
M configure.ac
M templates/lxc-oracle.in
Log Message:
-----------
add yum plugin to repatch rootfs on yum update
oracle-template: Split patching rootfs vs one time setup into separate
shell functions so the template can be run with --patch.
oracle-template: Update to install the yum plugin and itself (as lxc-patch)
into a container. The plugin just runs lxc-patch --patch <path> so it is
fairly generic, but in this case it is running a copy of the template inside
the container.
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Commit: 320ab1d6b9a1c8254da435010b7c98718f6c912b
https://github.com/lxc/lxc/commit/320ab1d6b9a1c8254da435010b7c98718f6c912b
Author: Dwight Engen <dwight.engen at oracle.com>
Date: 2014-04-01 (Tue, 01 Apr 2014)
Changed paths:
M lxc.spec.in
Log Message:
-----------
lxc.spec: adjust for move of libexecdir/lxc-init to sbin/lxc.init
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Commit: 20cfa342abae746fc3449d385c7c4653fb9bcff4
https://github.com/lxc/lxc/commit/20cfa342abae746fc3449d385c7c4653fb9bcff4
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: 2014-04-01 (Tue, 01 Apr 2014)
Changed paths:
M src/lxc/conf.c
M src/lxc/execute.c
M src/lxc/utils.c
M src/lxc/utils.h
Log Message:
-----------
Use on_path to find init.lxc
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Commit: b22b3e12b4c939e0c30d519d8a2b5c870584bb48
https://github.com/lxc/lxc/commit/b22b3e12b4c939e0c30d519d8a2b5c870584bb48
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: 2014-04-01 (Tue, 01 Apr 2014)
Changed paths:
M src/tests/lxc-test-unpriv
M src/tests/lxc-test-usernic.in
Log Message:
-----------
tests: Also propagate the https proxy
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Commit: a0718c498b8f0a816ec813b2bc573acd962d544b
https://github.com/lxc/lxc/commit/a0718c498b8f0a816ec813b2bc573acd962d544b
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: 2014-04-01 (Tue, 01 Apr 2014)
Changed paths:
M templates/lxc-download.in
Log Message:
-----------
download: Set a 30s timeout for wget request
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Commit: 1bca201391fd2eaef26c417044e1045f374392af
https://github.com/lxc/lxc/commit/1bca201391fd2eaef26c417044e1045f374392af
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2014-04-01 (Tue, 01 Apr 2014)
Changed paths:
M config/apparmor/profiles/lxc-default-with-nesting
Log Message:
-----------
apparmor: don't allow mounting cgroupfs by default
Leave the line to do it (commented out) as some users may not be
using cgmanager, and may in fact still need those mounts.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: 4dd83fb40522a9173f407e57d8d155bd3b603b1c
https://github.com/lxc/lxc/commit/4dd83fb40522a9173f407e57d8d155bd3b603b1c
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2014-04-01 (Tue, 01 Apr 2014)
Changed paths:
M .gitignore
M config/apparmor/Makefile.am
A config/apparmor/README
M config/apparmor/abstractions/container-base
A config/apparmor/abstractions/container-base.in
A config/apparmor/container-rules
A config/apparmor/container-rules.base
A config/apparmor/lxc-generate-aa-rules.py
M src/tests/Makefile.am
A src/tests/aa.c
Log Message:
-----------
apparmor: auto-generate the blacklist rules
This uses the generate-apparmor-rules.py script I sent out some time
ago to auto-generate apparmor rules based on a higher level set of
block/allow rules.
Add apparmor policy testcase to make sure that some of the paths we
expect to be denied (and allowed) write access to are in fact in
effect in the final policy.
With this policy, libvirt in a container is able to start its
default network, which previously it could not.
v2: address feedback from stgraber
put lxc-generate-aa-rules.py into EXTRA_DIST
add lxc-test-apparmor, container-base and container-rules to .gitignore
take lxc-test-apparmor out of EXTRA_DIST
make lxc-generate-aa-rules.py pep8-compliant
don't automatically generate apparmor rules
This is only bc we can't be guaranteed that python3 will be
available.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: 02837208e88b2c9f5283b6573a6df4e77a0c6e83
https://github.com/lxc/lxc/commit/02837208e88b2c9f5283b6573a6df4e77a0c6e83
Author: Guillaume ZITTA <lxc at zitta.fr>
Date: 2014-04-01 (Tue, 01 Apr 2014)
Changed paths:
M templates/lxc-gentoo.in
Log Message:
-----------
fix lxc-console not working by default
fix lxc-console not working by default
Signed-off-by: Guillaume ZITTA <lxc at zitta.fr>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Compare: https://github.com/lxc/lxc/compare/91a3c828da5a...02837208e88b
More information about the lxc-devel
mailing list