[lxc-devel] [lxc/lxc] f43644: attach: Support unprivileged containers

GitHub noreply at github.com
Tue Jan 21 04:27:29 UTC 2014 

  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: f4364484454c754ed905bfb85bd2727a0a5d0475
      https://github.com/lxc/lxc/commit/f4364484454c754ed905bfb85bd2727a0a5d0475
  Author: Stéphane Graber <stgraber at ubuntu.com>
  Date:   2014-01-20 (Mon, 20 Jan 2014)

  Changed paths:
    M src/lxc/attach.c
    M src/lxc/lxc_attach.c
    M src/lxc/lxccontainer.c

  Log Message:
  -----------
  attach: Support unprivileged containers

This change makes lxc-attach and the matching API functions work
properly with unprivileged containers.

The trick needed to make that possible was to always start with the
userns when attaching and also relocate the cgroup management code so
that the intermediate process is moved to the cgroup before attaching to
the container's namespace as doing so later would fail due to missing
permissions.

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>


  Commit: f407c5e4c142e870f01a7f0a52b58a7a30b6c865
      https://github.com/lxc/lxc/commit/f407c5e4c142e870f01a7f0a52b58a7a30b6c865
  Author: Stéphane Graber <stgraber at ubuntu.com>
  Date:   2014-01-20 (Mon, 20 Jan 2014)

  Changed paths:
    M src/lxc/utils.c

  Log Message:
  -----------
  utils: Drop trailing / in lxcpath

This fixes command line tools and functions which use
lxc_global_config_value o get lxcpath but don't strip the trailing /
leading to mismatching command path (as lxc_container_new does strip the
path).

As lxcpath is typically a const and so can't easily be changed by the
caller, add the trick directly into lxc_global_config_value (having to
juggle a bit in there too to avoid trying to alter a const).

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>


  Commit: 45e854dc86514a472ff1496d01321c77c12c0aa4
      https://github.com/lxc/lxc/commit/45e854dc86514a472ff1496d01321c77c12c0aa4
  Author: Stéphane Graber <stgraber at ubuntu.com>
  Date:   2014-01-20 (Mon, 20 Jan 2014)

  Changed paths:
    M lxc.spec.in
    M src/lxc/Makefile.am
    M src/lxc/conf.c
    M src/lxc/monitor.c
    M src/tests/lxc-test-usernic

  Log Message:
  -----------
  Move lxc-user-nic and lxc-monitord to libexec

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>


Compare: https://github.com/lxc/lxc/compare/dbfa71289dd3...45e854dc8651

More information about the lxc-devel mailing list