[lxc-devel] [lxc/lxc] 2659c7: btrfs: support unprivileged create and clone
GitHub
noreply at github.com
Wed May 7 03:54:51 UTC 2014
Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: 2659c7cbd55beee72b9b1740f48f48ad9d7d89da
https://github.com/lxc/lxc/commit/2659c7cbd55beee72b9b1740f48f48ad9d7d89da
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2014-05-06 (Tue, 06 May 2014)
Changed paths:
M src/lxc/bdev.c
M src/lxc/lxc_create.c
M src/lxc/lxccontainer.c
Log Message:
-----------
btrfs: support unprivileged create and clone
btrfs subvolume ioctls are usable by unprivileged users, so allow
unprivileged containers to reside on btrfs.
This patch does not yet enable destroy.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: 44a706bdaf1471dbddb05e10269a0d413d224ab5
https://github.com/lxc/lxc/commit/44a706bdaf1471dbddb05e10269a0d413d224ab5
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2014-05-06 (Tue, 06 May 2014)
Changed paths:
M src/lxc/lxccontainer.c
Log Message:
-----------
btrfs: support unprivileged destroy
Do this by calling the bdev->destroy() hook from a user namespace
configured as the container's.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: cbf0bae67ca5c285c8770d893dfa1924eb5abfe9
https://github.com/lxc/lxc/commit/cbf0bae67ca5c285c8770d893dfa1924eb5abfe9
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2014-05-06 (Tue, 06 May 2014)
Changed paths:
M src/lxc/cgmanager.c
Log Message:
-----------
cgmanager: also handle named subsystems (like name=systemd)
Read /proc/self/cgroup instead of /proc/cgroups, so as to catch
named subsystems. Otherwise the contaienrs will not be fully
moved into the container cgroups.
Also free line which was being leaked.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: 25c7531cf0bab45e06fb2ebf05ce2f37c5c0f649
https://github.com/lxc/lxc/commit/25c7531cf0bab45e06fb2ebf05ce2f37c5c0f649
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2014-05-06 (Tue, 06 May 2014)
Changed paths:
M configure.ac
M src/lxc/cgmanager.c
Log Message:
-----------
cgmanager: use absolute cgroup path to switch cgroups at attach
If an unprivileged user does 'lxc-start -n u1' in one
login session, followed by 'lxc-attach -n u1' in another
session, the attach will fail if the sessions are in different
cgroups. The same is true of lxc-cgroup commands.
Address this by using the GetPidCgroupAbs and MovePidAbs
which work with the containers' cgroup path relative to
the cgproxy.
Since GetPidCgroupAbs is new to api version 3 in cgmanager,
use the old method if we are on an older cgmanager.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Tested-by: "S.Çağlar Onur" <caglar at 10ur.org>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Compare: https://github.com/lxc/lxc/compare/391260dcb2ae...25c7531cf0ba
More information about the lxc-devel
mailing list