[lxc-devel] [lxc/lxc] 7bd05e: Add missing MAX_STACKDEPTH define on MUTEX_DEBUGGI...
GitHub
noreply at github.com
Mon May 19 21:17:44 UTC 2014
Branch: refs/heads/stable-1.0
Home: https://github.com/lxc/lxc
Commit: 7bd05ece608ad5971b0ec9aaafcafad6e43291d4
https://github.com/lxc/lxc/commit/7bd05ece608ad5971b0ec9aaafcafad6e43291d4
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2014-05-19 (Mon, 19 May 2014)
Changed paths:
M src/lxc/lxclock.c
M src/lxc/utils.c
Log Message:
-----------
Add missing MAX_STACKDEPTH define on MUTEX_DEBUGGING build
Corrected a small oversight when locking related code was moved from
src/lxc/utils.c to src/lxc/lxclock.c.
Signed-off-by: Stephen M Bennett <stephen_m_bennett at hotmail.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Commit: 9dac0c291b7db04d70c9186a73a3d7a9156eb5cb
https://github.com/lxc/lxc/commit/9dac0c291b7db04d70c9186a73a3d7a9156eb5cb
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: 2014-05-19 (Mon, 19 May 2014)
Changed paths:
M src/python-lxc/lxc/__init__.py
Log Message:
-----------
python-lxc: minor fixes to __init__.py
Set a base class for the network object and set the encoding in the
header. Neither of those changes are required for python3 but they do
make it easier for anyone trying to make a python2 binding.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: 258eb399d041f45ec6157e9ea96315d338c1304f
https://github.com/lxc/lxc/commit/258eb399d041f45ec6157e9ea96315d338c1304f
Author: Christian Seiler <christian at iwakd.de>
Date: 2014-05-19 (Mon, 19 May 2014)
Changed paths:
M doc/lxc.container.conf.sgml.in
M src/lxc/cgfs.c
Log Message:
-----------
cgfs: don't mount /sys/fs/cgroup readonly
Ubuntu containers have had trouble with automatic cgroup mounting that
was not read-write (i.e. lxc.mount.auto = cgroup{,-full}:{ro,mixed}) in
containers without CAP_SYS_ADMIN. Ubuntu's mountall program reads
/lib/init/fstab, which contains an entry for /sys/fs/cgroup. Since
there is no ro option specified for that filesystem, mountall will try
to remount it readwrite if it is already mounted. Without
CAP_SYS_ADMIN, that fails and mountall will interrupt boot and wait for
user input on whether to proceed anyway or to manually fix it,
effectively hanging container bootup.
This patch makes sure that /sys/fs/cgroup is always a readwrite tmpfs,
but that the actual cgroup hierarchy paths (/sys/fs/cgroup/$subsystem)
are readonly if :ro or :mixed is used. This still has the desired
effect within the container (no cgroup escalation possible and programs
get errors if they try to do so anyway), while keeping Ubuntu
containers happy.
Signed-off-by: Christian Seiler <christian at iwakd.de>
Cc: Serge Hallyn <serge.hallyn at ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Commit: 5b5f1e16badea2c56400fa3584eacebfe6a306a2
https://github.com/lxc/lxc/commit/5b5f1e16badea2c56400fa3584eacebfe6a306a2
Author: Christian Seiler <christian at iwakd.de>
Date: 2014-05-19 (Mon, 19 May 2014)
Changed paths:
M src/lxc/conf.c
Log Message:
-----------
Factor out capability parsing logic
Currently, setup_caps and dropcaps_except both use the same parsing
logic for parsing capabilities (try to identify by name, but allow
numerical specification). Since this is a common routine, separate it
out to improve maintainability and reuseability.
Signed-off-by: Christian Seiler <christian at iwakd.de>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Commit: 385177f0ac1eecaeed0872b242b83dd10e31bf2f
https://github.com/lxc/lxc/commit/385177f0ac1eecaeed0872b242b83dd10e31bf2f
Author: Christian Seiler <christian at iwakd.de>
Date: 2014-05-19 (Mon, 19 May 2014)
Changed paths:
M doc/lxc.container.conf.sgml.in
M src/lxc/cgfs.c
M src/lxc/conf.c
M src/lxc/conf.h
M src/lxc/confile.c
Log Message:
-----------
lxc.mount.auto: improve defaults for cgroup and cgroup-full
If the user specifies cgroup or cgroup-full without a specifier (:ro,
:rw or :mixed), this changes the behavior. Previously, these were
simple aliases for the :mixed variants; now they depend on whether the
container also has CAP_SYS_ADMIN; if it does they resolve to the :rw
variants, if it doesn't to the :mixed variants (as before).
If a container has CAP_SYS_ADMIN privileges, any filesystem can be
remounted read-write from within, so initially mounting the cgroup
filesystems partially read-only as a default creates a false sense of
security. It is better to default to full read-write mounts to show the
administrator what keeping CAP_SYS_ADMIN entails.
If an administrator really wants both CAP_SYS_ADMIN and the :mixed
variant of cgroup or cgroup-full automatic mounts, they can still
specify that explicitly; this commit just changes the default without
specifier.
Signed-off-by: Christian Seiler <christian at iwakd.de>
Cc: Serge Hallyn <serge.hallyn at ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Commit: 52408176585eadc051e00954e7bb6d5fc49dc43c
https://github.com/lxc/lxc/commit/52408176585eadc051e00954e7bb6d5fc49dc43c
Author: KATOH Yasufumi <karma at jazz.email.ne.jp>
Date: 2014-05-19 (Mon, 19 May 2014)
Changed paths:
M doc/ja/lxc.container.conf.sgml.in
Log Message:
-----------
doc: Update Japanese lxc.container.conf(5) for mounting /sys/fs/cgroup rw
Update for commit b46f055
Signed-off-by: KATOH Yasufumi <karma at jazz.email.ne.jp>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Commit: 34e18618b5a777c5624dd6555d62998f63839d14
https://github.com/lxc/lxc/commit/34e18618b5a777c5624dd6555d62998f63839d14
Author: KATOH Yasufumi <karma at jazz.email.ne.jp>
Date: 2014-05-19 (Mon, 19 May 2014)
Changed paths:
M doc/ja/lxc.container.conf.sgml.in
Log Message:
-----------
doc: Update lxc.container.conf(5) for improving lxc.mount.auto
Update for commit 0769b82
Signed-off-by: KATOH Yasufumi <karma at jazz.email.ne.jp>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Commit: 32fb93d031c5d8dede14058841d2e96459eb9efc
https://github.com/lxc/lxc/commit/32fb93d031c5d8dede14058841d2e96459eb9efc
Author: Dwight Engen <dwight.engen at oracle.com>
Date: 2014-05-19 (Mon, 19 May 2014)
Changed paths:
M config/yum/lxc-patch.py
Log Message:
-----------
correct license on file to LGPL vs. GPL and fix address
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Commit: 8fd66bf2e7438d04e75c664144d35e23c98ba6ca
https://github.com/lxc/lxc/commit/8fd66bf2e7438d04e75c664144d35e23c98ba6ca
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2014-05-19 (Mon, 19 May 2014)
Changed paths:
M src/lxc/bdev.c
M src/lxc/lxc_create.c
M src/lxc/lxccontainer.c
Log Message:
-----------
btrfs: support unprivileged create and clone
btrfs subvolume ioctls are usable by unprivileged users, so allow
unprivileged containers to reside on btrfs.
This patch does not yet enable destroy.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: 1da5f1449530b3fc9e94f72db4f28fd67a18e1eb
https://github.com/lxc/lxc/commit/1da5f1449530b3fc9e94f72db4f28fd67a18e1eb
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2014-05-19 (Mon, 19 May 2014)
Changed paths:
M src/lxc/lxccontainer.c
Log Message:
-----------
btrfs: support unprivileged destroy
Do this by calling the bdev->destroy() hook from a user namespace
configured as the container's.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: 1fce15bc7fad1f88f17cfabc38ba1e2404498bc9
https://github.com/lxc/lxc/commit/1fce15bc7fad1f88f17cfabc38ba1e2404498bc9
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2014-05-19 (Mon, 19 May 2014)
Changed paths:
M src/lxc/cgmanager.c
Log Message:
-----------
cgmanager: also handle named subsystems (like name=systemd)
Read /proc/self/cgroup instead of /proc/cgroups, so as to catch
named subsystems. Otherwise the contaienrs will not be fully
moved into the container cgroups.
Also free line which was being leaked.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: 9c9f5795f5396c6fd5c861bf6d8af05f12f7999f
https://github.com/lxc/lxc/commit/9c9f5795f5396c6fd5c861bf6d8af05f12f7999f
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2014-05-19 (Mon, 19 May 2014)
Changed paths:
M configure.ac
M src/lxc/cgmanager.c
Log Message:
-----------
cgmanager: use absolute cgroup path to switch cgroups at attach
If an unprivileged user does 'lxc-start -n u1' in one
login session, followed by 'lxc-attach -n u1' in another
session, the attach will fail if the sessions are in different
cgroups. The same is true of lxc-cgroup commands.
Address this by using the GetPidCgroupAbs and MovePidAbs
which work with the containers' cgroup path relative to
the cgproxy.
Since GetPidCgroupAbs is new to api version 3 in cgmanager,
use the old method if we are on an older cgmanager.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Tested-by: "S.Çağlar Onur" <caglar at 10ur.org>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: b0cc26e9047f775efee87c62b4e2edfd7e499510
https://github.com/lxc/lxc/commit/b0cc26e9047f775efee87c62b4e2edfd7e499510
Author: Edvinas Klovas <edvinas at pnd.io>
Date: 2014-05-19 (Mon, 19 May 2014)
Changed paths:
M templates/lxc-archlinux.in
Log Message:
-----------
archlinux template: added sigpwr handling to systemd (lxc-stop)
archlinux is using systemd and systemd's configuration does not have any
services setup to handle sigpwr hook which is sent by lxc-stop command. By
enabling sigpwr service we make sure that lxc-stop will work.
Signed-off-by: Edvinas Klovas <edvinas at pnd.io>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: 5ec89b1c1148af1057a966665795fc14d31cad34
https://github.com/lxc/lxc/commit/5ec89b1c1148af1057a966665795fc14d31cad34
Author: Dwight Engen <dwight.engen at oracle.com>
Date: 2014-05-19 (Mon, 19 May 2014)
Changed paths:
M config/yum/Makefile.am
Log Message:
-----------
install lxc-patch.py 644 to fix rpmlint warning
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: 5f412a01124c4bf75d7d8f4c6b6a318eb387417c
https://github.com/lxc/lxc/commit/5f412a01124c4bf75d7d8f4c6b6a318eb387417c
Author: Dwight Engen <dwight.engen at oracle.com>
Date: 2014-05-19 (Mon, 19 May 2014)
Changed paths:
M src/python-lxc/examples/api_test.py
Log Message:
-----------
python3: remove assert since hwaddr isn't set by the download template
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: 631bf46d0734f6042753b5576791ad5f93f34af3
https://github.com/lxc/lxc/commit/631bf46d0734f6042753b5576791ad5f93f34af3
Author: KATOH Yasufumi <karma at jazz.email.ne.jp>
Date: 2014-05-19 (Mon, 19 May 2014)
Changed paths:
M doc/ja/lxc.container.conf.sgml.in
Log Message:
-----------
doc: Fix Japanese lxc.container.conf(5)
commit aafea1f was incomplete.
Signed-off-by: KATOH Yasufumi <karma at jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: bfe1cb2ece578c2c690ea2936c0faf9c4b4ec576
https://github.com/lxc/lxc/commit/bfe1cb2ece578c2c690ea2936c0faf9c4b4ec576
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2014-05-19 (Mon, 19 May 2014)
Changed paths:
M src/lxc/cgmanager.c
Log Message:
-----------
cgmanager: detect whether cgmanager supports name= subsystems
On older cgmanager the support was broken. So rather than
fail container starts altogether, just keep the old lxc behavior
in this case by not using name= subsystems.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: f88e51027cb7422460e6bd9725f3ca0d9b6e154d
https://github.com/lxc/lxc/commit/f88e51027cb7422460e6bd9725f3ca0d9b6e154d
Author: S.Çağlar Onur <caglar at 10ur.org>
Date: 2014-05-19 (Mon, 19 May 2014)
Changed paths:
M src/lxc/af_unix.h
M src/lxc/arguments.h
M src/lxc/attach.h
M src/lxc/attach_options.h
M src/lxc/caps.h
M src/lxc/cgroup.h
M src/lxc/commands.h
M src/lxc/conf.h
M src/lxc/confile.h
M src/lxc/console.h
M src/lxc/error.h
M src/lxc/genl.h
M src/lxc/list.h
M src/lxc/log.h
M src/lxc/lxc.h
M src/lxc/lxclock.h
M src/lxc/lxcseccomp.h
M src/lxc/lxcutmp.h
M src/lxc/mainloop.h
M src/lxc/monitor.h
M src/lxc/namespace.h
M src/lxc/network.h
M src/lxc/nl.h
M src/lxc/parse.h
M src/lxc/rtnl.h
M src/lxc/start.h
M src/lxc/state.h
M src/lxc/sync.h
M src/lxc/utils.h
M src/lxc/version.h.in
Log Message:
-----------
use same ifndef/define format for all headers
Signed-off-by: S.Çağlar Onur <caglar at 10ur.org>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: f5a81925acb6c999e0f2884f994e27556f871771
https://github.com/lxc/lxc/commit/f5a81925acb6c999e0f2884f994e27556f871771
Author: Edvinas Klovas <edvinas at pnd.io>
Date: 2014-05-19 (Mon, 19 May 2014)
Changed paths:
M templates/lxc-archlinux.in
Log Message:
-----------
archlinux template: fix lxc.root for btrfs backend
when using btrfs backend lxc-create first creates rootfs in /usr/lib/lxc/rootfs
directory before moving it to /var/lib/lxc or other directory supplied by the
command line. Archlinux template relied in $rootfs_path which made containers
created with btrfs backend have lxc.rootfs set to /usr/lib/lxc/rootfs. By using
$path instead of $rootfs_path we make sure that lxc.rootfs is always correct.
Signed-off-by: Edvinas Klovas <edvinas at pnd.io>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Commit: 3968c1a204483f67bcef644ea5fe37951be0ae92
https://github.com/lxc/lxc/commit/3968c1a204483f67bcef644ea5fe37951be0ae92
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2014-05-19 (Mon, 19 May 2014)
Changed paths:
M doc/lxc.container.conf.sgml.in
Log Message:
-----------
lxc.container.conf(5): update guidance for lxc.mount.entry mount target
For years it has been best practice to use a relative path as
the mount target. But the manpage hasn't reflect that. Fix it.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Dwight Engen <dwight.engen at oracle.com>
Commit: b25c1de6b13473326c8c6a2554209762eb60c2e3
https://github.com/lxc/lxc/commit/b25c1de6b13473326c8c6a2554209762eb60c2e3
Author: KATOH Yasufumi <karma at jazz.email.ne.jp>
Date: 2014-05-19 (Mon, 19 May 2014)
Changed paths:
M doc/ja/lxc.container.conf.sgml.in
Log Message:
-----------
doc: Update Japanese lxc.container.conf(5) for guidance of lxc.mount.entry
Update for commit 6191f4f
Signed-off-by: KATOH Yasufumi <karma at jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: fcde0e344add4aa4e9a78838f7a39e522c90a83e
https://github.com/lxc/lxc/commit/fcde0e344add4aa4e9a78838f7a39e522c90a83e
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: 2014-05-19 (Mon, 19 May 2014)
Changed paths:
M doc/ja/lxc.container.conf.sgml.in
Log Message:
-----------
Fix syntax error in japanese manpage
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Compare: https://github.com/lxc/lxc/compare/2c996827d525...fcde0e344add
More information about the lxc-devel
mailing list