[lxc-devel] [lxc/lxc] 520369: seccomp: warn but continue on unresolvable syscall...
GitHub
noreply at github.com
Wed Jun 18 20:56:33 UTC 2014
Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: 52036991a0c482ab57c4f01340947aaf817d7ba7
https://github.com/lxc/lxc/commit/52036991a0c482ab57c4f01340947aaf817d7ba7
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2014-06-18 (Wed, 18 Jun 2014)
Changed paths:
M src/lxc/seccomp.c
Log Message:
-----------
seccomp: warn but continue on unresolvable syscalls
If a syscall is listed which is not resolvable, continue. This allows
us to keep a more complete list of syscalls in a global seccomp policy
without having to worry about older kernels not supporting the newer
syscalls.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: 41cf1ac30de569888c70b1f1b40d29993950ff2e
https://github.com/lxc/lxc/commit/41cf1ac30de569888c70b1f1b40d29993950ff2e
Author: Michael H. Warfield <mhw at WittsEnd.com>
Date: 2014-06-18 (Wed, 18 Jun 2014)
Changed paths:
M config/templates/Makefile.am
A config/templates/opensuse.common.conf.in
A config/templates/opensuse.userns.conf.in
M configure.ac
M templates/lxc-opensuse.in
Log Message:
-----------
Updated lxc-opensuse for common configuration changes.
Updated the lxc-opensuse template for the changes for the common
configuration used by the download template. Changed the default
network mode in the container to dhcp.
Signed-off-by: Michael H. Warfield <mhw at WittsEnd.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: f979ac15923809df97d9b7b16a1411d20f386777
https://github.com/lxc/lxc/commit/f979ac15923809df97d9b7b16a1411d20f386777
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2014-06-18 (Wed, 18 Jun 2014)
Changed paths:
M src/lxc/conf.c
M src/lxc/conf.h
M src/lxc/confile.c
M src/lxc/confile.h
M src/lxc/lxc_execute.c
M src/lxc/lxccontainer.c
M src/lxc/lxccontainer.h
Log Message:
-----------
Add a unexpanded lxc_conf
Currently when a container's configuration file has lxc.includes,
any future write_config() will expand the lxc.includes. This
affects container clones (and snapshots) as well as users of the
API who make an update and then c.save_config().
To fix this, separately track the expanded and unexpanded lxc_conf. The
unexpanded conf does not contain values read from lxc.includes. The
expanded conf does. Lxc functions mainly need the expanded conf to
figure out how to configure the container. The unexpanded conf is used
at write_config().
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: 4184c3e1723d2cc7295c1e81022c69f26595ec58
https://github.com/lxc/lxc/commit/4184c3e1723d2cc7295c1e81022c69f26595ec58
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2014-06-18 (Wed, 18 Jun 2014)
Changed paths:
M src/lxc/conf.c
M src/lxc/conf.h
M src/lxc/confile.c
Log Message:
-----------
Store alien config lines
Any config lines not starting with 'lxc.*' are ignored by lxc. That
can be useful for third party tools, however lxc-clone does not copy such
lines.
Fix that by tracking such lines in our unexpanded config file and
printing them out at write_config(). Note two possible shortcomings here:
1. we always print out all includes followed by all aliens. They are
not kept in order, nor ordered with respect to lxc.* lines.
2. we're still not storing comments. these could easily be added to
the alien lines, but i chose not to in particular since comments are
usually associated with other lines, so destroying the order would
destroy their value. I could be wrong about that, and if I am it's
a trivial fix.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Compare: https://github.com/lxc/lxc/compare/08182d4452a8...4184c3e1723d
More information about the lxc-devel
mailing list