[lxc-devel] [lxc/lxc] 2f8909: apparmor: silence 'silent' mount denials

GitHub noreply at github.com
Tue Nov 25 22:18:31 UTC 2014


  Branch: refs/heads/stable-1.0
  Home:   https://github.com/lxc/lxc
  Commit: 2f8909261fb43ea96f47df460abb92138932bc34
      https://github.com/lxc/lxc/commit/2f8909261fb43ea96f47df460abb92138932bc34
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2014-11-25 (Tue, 25 Nov 2014)

  Changed paths:
    M config/apparmor/abstractions/container-base.in

  Log Message:
  -----------
  apparmor: silence 'silent' mount denials

newer lxc uses 'silent' when remounting on shutdown.  Silence that denial too

Author: Jamie Strandboge <jamie at canonical.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: 551d4de06112c254ee6f19ccdb7e88b21f37688f
      https://github.com/lxc/lxc/commit/551d4de06112c254ee6f19ccdb7e88b21f37688f
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2014-11-25 (Tue, 25 Nov 2014)

  Changed paths:
    M src/lxc/log.c

  Log Message:
  -----------
  add file/func/line to debug info

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: d9bae9c84b21642876107f32ba6c51ff3350c372
      https://github.com/lxc/lxc/commit/d9bae9c84b21642876107f32ba6c51ff3350c372
  Author: Jamie Strandboge <jamie at canonical.com>
  Date:   2014-11-25 (Tue, 25 Nov 2014)

  Changed paths:
    M config/apparmor/abstractions/container-base
    M config/apparmor/abstractions/container-base.in

  Log Message:
  -----------
  apparmor: restrict signal and ptrace for processes

Restrict signal and ptrace for processes running under the container
profile. Rules based on AppArmor base abstraction. Add unix rules for
processes running under the container profile.

Signed-off-by: Jamie Strandboge <jamie at canonical.com>
Acked-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: 8ac62e20feb226f08ef04d8a43930e5eb6cc9417
      https://github.com/lxc/lxc/commit/8ac62e20feb226f08ef04d8a43930e5eb6cc9417
  Author: Stéphane Graber <stgraber at ubuntu.com>
  Date:   2014-11-25 (Tue, 25 Nov 2014)

  Changed paths:
    M src/tests/Makefile.am
    M src/tests/lxc-test-usernic.in

  Log Message:
  -----------
  tests: Fix unpriv test

Don't use $TUSER as it's not defined. Also don't include
lxc-test-usernic in extra_DIST.

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: c6234a0afed9e064fd9a8235874f893194796c2d
      https://github.com/lxc/lxc/commit/c6234a0afed9e064fd9a8235874f893194796c2d
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2014-11-25 (Tue, 25 Nov 2014)

  Changed paths:
    M src/lxc/cgmanager.c

  Log Message:
  -----------
  cgmanager: several fixes

These all fix various ways that cgroup actions could fail if an
unprivileged user's cgroup paths were not all the same for all
controllers.

1. in cgm_{g,s}et, use the right controller, not the first in the list,
   to get the cgroup path.

2. when we pass 'all' to cgmanager for a ${METHOD}_abs, make sure that all
   cgroup paths are the same.  That isn't necessary for methods not
   taking an absolute path, so split up the former
   cgm_supports_multiple_controllers() function into two booleans, one
   telling whether cgm supports it, and another telling us whether
   cgm supports it AND all controller cgroup paths are the same.

3. separately, do_cgm_enter with abs=true couldn't work if all
   cgroup paths were not the same.  So just ditch that helper and
   call lxc_cgmanager_enter() where needed, because the special
   cases would be more complicated.

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>


  Commit: 57f7174b86567009758e09761b6c16eb343b3e29
      https://github.com/lxc/lxc/commit/57f7174b86567009758e09761b6c16eb343b3e29
  Author: Andrey Vagin <avagin at gmail.com>
  Date:   2014-11-25 (Tue, 25 Nov 2014)

  Changed paths:
    M src/lxc/conf.c

  Log Message:
  -----------
  lxc: don't call pivot_root if / is on a ramfs

pivot_root can't be called if / is on a ramfs. Currently chroot is
called before pivot_root. In this case the standard well-known
'chroot escape' technique allows to escape a container.

I think the best way to handle this situation is to make following actions:
* clean all mounts, which should not be visible in CT
* move CT's rootfs into /
* make chroot into /

I don't have a host, where / is on a ramfs, so I can't test this patch.

Signed-off-by: Andrey Vagin <avagin at openvz.org>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>


  Commit: 454c016518d64347d1507ae8fcdf9d2720879087
      https://github.com/lxc/lxc/commit/454c016518d64347d1507ae8fcdf9d2720879087
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2014-11-25 (Tue, 25 Nov 2014)

  Changed paths:
    M src/tests/lxc-test-unpriv

  Log Message:
  -----------
  lxc-test-unpriv: don't clear out /etc/lxc/lxc-usernet

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>


  Commit: 5ecedb8929880e99076a824f625fd7eb9fd4271b
      https://github.com/lxc/lxc/commit/5ecedb8929880e99076a824f625fd7eb9fd4271b
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2014-11-25 (Tue, 25 Nov 2014)

  Changed paths:
    M src/tests/lxc-test-unpriv

  Log Message:
  -----------
  lxc-test-unpriv: test for different cgroups per subsystem

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>


  Commit: 6c68b9dc6b22178c60867f9f8252a8735db9d910
      https://github.com/lxc/lxc/commit/6c68b9dc6b22178c60867f9f8252a8735db9d910
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2014-11-25 (Tue, 25 Nov 2014)

  Changed paths:
    M src/lxc/confile.c

  Log Message:
  -----------
  fix lxc.mount.auto clearing

the way config_mount was structured, sending 'lxc.mount.auto = '
ended up actually clearing all lxc.mount.entrys.  Fix that by
moving the check for an empty value to after the subkey checks.
Then, actually do the clearing of auto_mounts in config_mount_auto.

The 'strlen(subkey)' check being removed was bogus - the subkey
either known to be 'lxc.mount.entry', else subkey would have been
NULL (and forced a return in the block above).

This would have been clearer if the config_mount() and helper
fns were structured like the rest of confile.c.  It's tempting
to switch it over, but there are subtleties in there so it's
not something to do without a lot of thought and testing.

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>


  Commit: 28f3d36f885e22fea0d397aaf861a5ab8310f46f
      https://github.com/lxc/lxc/commit/28f3d36f885e22fea0d397aaf861a5ab8310f46f
  Author: Stéphane Graber <stgraber at ubuntu.com>
  Date:   2014-11-25 (Tue, 25 Nov 2014)

  Changed paths:
    M src/lxc/conf.c

  Log Message:
  -----------
  conf.c: Define MS_PRIVATE for Android

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: c2398d17892a1905c14585adf2f3ba37b9d682ca
      https://github.com/lxc/lxc/commit/c2398d17892a1905c14585adf2f3ba37b9d682ca
  Author: Dongsheng Yang <yangds.fnst at cn.fujitsu.com>
  Date:   2014-11-25 (Tue, 25 Nov 2014)

  Changed paths:
    M src/lxc/network.c
    M src/lxc/network.h

  Log Message:
  -----------
  network: convert param ifname to const.

We should not modify ifname in lxc_netdev_move_by_name(),
making it as const in param list will make our code more
robust.

Signed-off-by: Dongsheng Yang <yangds.fnst at cn.fujitsu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>


  Commit: f5a49d033b63b867a744c1c4b82c9c353f3e958b
      https://github.com/lxc/lxc/commit/f5a49d033b63b867a744c1c4b82c9c353f3e958b
  Author: Dongsheng Yang <yangds.fnst at cn.fujitsu.com>
  Date:   2014-11-25 (Tue, 25 Nov 2014)

  Changed paths:
    M src/lxc/network.c

  Log Message:
  -----------
  network: check result of if_nametoindex().

When we want to get index of a ifname which does not
exist, we should return a -EINVAL in this case.

Signed-off-by: Dongsheng Yang <yangds.fnst at cn.fujitsu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>


  Commit: c374e4221c5921f041d64ee34a5ecdfdfdab9d40
      https://github.com/lxc/lxc/commit/c374e4221c5921f041d64ee34a5ecdfdfdab9d40
  Author: Dongsheng Yang <yangds.fnst at cn.fujitsu.com>
  Date:   2014-11-25 (Tue, 25 Nov 2014)

  Changed paths:
    M src/lxc/lxc_start.c

  Log Message:
  -----------
  lxc_start: ERROR if container is already running.

We should exit with a error when starting a running container.

Signed-off-by: Dongsheng Yang <yangds.fnst at cn.fujitsu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>


  Commit: c77c0644a372dc6d98791dde6f3020815da296bf
      https://github.com/lxc/lxc/commit/c77c0644a372dc6d98791dde6f3020815da296bf
  Author: Dongsheng Yang <yangds.fnst at cn.fujitsu.com>
  Date:   2014-11-25 (Tue, 25 Nov 2014)

  Changed paths:
    M src/lxc/conf.c
    M src/lxc/lxc_unshare.c
    M src/lxc/lxc_user_nic.c
    M src/lxc/network.c
    M src/lxc/network.h

  Log Message:
  -----------
  network: allow lxc_network_move_by_index() rename netdev in moving.

In netlink, we can set the dest_name of netdev when move netdev
between namespaces in one netlink request. And moving a netdev of
a src_name to a netdev with a dest_name is a common usecase.

So this patch add a parametaer to lxc_network_move_by_index() to
indicate the dest_name for the movement. NULL means same with
the src_name.

Signed-off-by: Dongsheng Yang <yangds.fnst at cn.fujitsu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>


  Commit: 42bb0b6ff1c594cd0eca242776cc2613340b0db0
      https://github.com/lxc/lxc/commit/42bb0b6ff1c594cd0eca242776cc2613340b0db0
  Author: Dongsheng Yang <yangds.fnst at cn.fujitsu.com>
  Date:   2014-11-25 (Tue, 25 Nov 2014)

  Changed paths:
    M src/lxc/network.c
    M src/lxc/network.h

  Log Message:
  -----------
  network: introduce a interface named lxc_netdev_isup().

When we need to know some info about a netdev, such as is_up or not,
we need to read the flag for the netdev.

This patch introduce a interface function named lxc_netdev_isup()
to check is a netdev up or down.

And introduce a network private function named netdev_get_flag()
to get flag for netdev by netlink.

Changelog: 10/15/2015: Return failure if name==NULL to avoid later strlen fun

Signed-off-by: Dongsheng Yang <yangds.fnst at cn.fujitsu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>


  Commit: 92de89dd5f3efc0002745738b5f7ae85998be0cd
      https://github.com/lxc/lxc/commit/92de89dd5f3efc0002745738b5f7ae85998be0cd
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2014-11-25 (Tue, 25 Nov 2014)

  Changed paths:
    M src/lxc/lxccontainer.c

  Log Message:
  -----------
  lxccontainer.c: rename enter_to_ns to enter_net_ns

because that's what it does

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>


  Commit: a2e99a58badd80814708faa81ecc4fd63f504dc7
      https://github.com/lxc/lxc/commit/a2e99a58badd80814708faa81ecc4fd63f504dc7
  Author: Dark Templar <dark_templar at hotbox.ru>
  Date:   2014-11-25 (Tue, 25 Nov 2014)

  Changed paths:
    M templates/lxc-gentoo.in

  Log Message:
  -----------
  Fix typo in lxc-gentoo template

Signed-off-by: Dark Templar <dark_templar at hotbox.ru>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>


  Commit: f9e6ac598b3956e745467c0df6f21c699968d7ad
      https://github.com/lxc/lxc/commit/f9e6ac598b3956e745467c0df6f21c699968d7ad
  Author: KATOH Yasufumi <karma at jazz.email.ne.jp>
  Date:   2014-11-25 (Tue, 25 Nov 2014)

  Changed paths:
    M src/lxc/cgfs.c
    M src/lxc/cgmanager.c
    M src/lxc/utils.c

  Log Message:
  -----------
  lxc_global_config_value can return the default lxc.cgroup.pattern whether root or non-root

>>> On Tue, 30 Sep 2014 19:48:09 +0000
    in message   "Re: [lxc-devel] [PATCH] lxc-config can show lxc.cgroup.(use|pattern)"
            Serge Hallyn-san wrote:

> I think it would be worth also augmenting
> lxc_global_config_value() to return a default lxc.cgroup.use
> for 'all', and a default lxc.cgroup.pattern ("/lxc/%n" for root
> or "%n" for non-root).

lxc.cgroup.pattern is like this? (^_^;)

Signed-off-by: KATOH Yasufumi <karma at jazz.email.ne.jp>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>


  Commit: c3c0a8b7e5bcce5c23102cabebb63bd40be5effd
      https://github.com/lxc/lxc/commit/c3c0a8b7e5bcce5c23102cabebb63bd40be5effd
  Author: Bogdan Purcareata <bogdan.purcareata at freescale.com>
  Date:   2014-11-25 (Tue, 25 Nov 2014)

  Changed paths:
    M templates/lxc-busybox.in

  Log Message:
  -----------
  busybox template: support for unprivileged containers

Apply the changes found in templates/lxc-download to the busybox template as
well. Change ownership of the config and fstab files to the unprivileged user,
and the ownership of the rootfs to root in the new user namespace.

Eliminate the "unsupported for userns" flag.

Signed-off-by: Bogdan Purcareata <bogdan.purcareata at freescale.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>


  Commit: 271257089d595e45678f665f379697a445eb69a9
      https://github.com/lxc/lxc/commit/271257089d595e45678f665f379697a445eb69a9
  Author: Bogdan Purcareata <bogdan.purcareata at freescale.com>
  Date:   2014-11-25 (Tue, 25 Nov 2014)

  Changed paths:
    M templates/lxc-busybox.in

  Log Message:
  -----------
  busybox template: mount fstab when available

When running unprivileged, lxc-create will touch a fstab file, with bind-mounts
for the ttys and other devices. Add this entry in the container config.

Signed-off-by: Bogdan Purcareata <bogdan.purcareata at freescale.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>


  Commit: 970ab4f0da77e3cebf6294e2e3543ec1b213288c
      https://github.com/lxc/lxc/commit/970ab4f0da77e3cebf6294e2e3543ec1b213288c
  Author: Dark Templar <dark_templar at hotbox.ru>
  Date:   2014-11-25 (Tue, 25 Nov 2014)

  Changed paths:
    M templates/lxc-gentoo.in

  Log Message:
  -----------
  Fix another gentoo template typo

I've found one more typo in the gentoo template, configuration in the
generated file /etc/conf.d/hostname was not valid, but it didn't impact
me due to "lxc.utsname" being set in the configuration file of container
and hostname service being not used. Anyway, I've made a patch and
sending it with this mail.

Signed-off-by: Dark Templar <dark_templar at hotbox.ru>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>


  Commit: 7495c7721d53c2c1a4e70d21e22d67851ba5e203
      https://github.com/lxc/lxc/commit/7495c7721d53c2c1a4e70d21e22d67851ba5e203
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2014-11-25 (Tue, 25 Nov 2014)

  Changed paths:
    M src/lxc/lxc_start.c

  Log Message:
  -----------
  lxc-start: return 0 rather than error if container is already running

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>


  Commit: 6abb0d4af4e6676cfaed6f6ff71bb968896bd4c3
      https://github.com/lxc/lxc/commit/6abb0d4af4e6676cfaed6f6ff71bb968896bd4c3
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2014-11-25 (Tue, 25 Nov 2014)

  Changed paths:
    M src/lxc/conf.c

  Log Message:
  -----------
  do_rootfs_setup: fix return bugs

Fix return value on bind mount failure.

If we've already mounted the rootfs, exit after the bind mount
rather than re-trying the rootfs mount.  The only case where
this happens is when root is starting a container in a user
namespace and with a block device backing store.

In that case, pre-mount hooks will be executed in the initial
user namespace.  That may be worth fixing.  Or it may be what
we want.  We should think about it and fix it.

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>


  Commit: 677a76dd64d2cded892374536b4447e161c6a665
      https://github.com/lxc/lxc/commit/677a76dd64d2cded892374536b4447e161c6a665
  Author: Dark Templar <dark_templar at hotbox.ru>
  Date:   2014-11-25 (Tue, 25 Nov 2014)

  Changed paths:
    M src/lxc/legacy/lxc-ls.in

  Log Message:
  -----------
  Make legacy lxc-ls more robust

Behave well when /etc/lxc/${name} is a symlink to directory

Signed-off-by: Dark Templar <dark_templar at hotbox.ru>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>


  Commit: be97c20dbedf7e966a770e05983d749f55e918e2
      https://github.com/lxc/lxc/commit/be97c20dbedf7e966a770e05983d749f55e918e2
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2014-11-25 (Tue, 25 Nov 2014)

  Changed paths:
    M src/lxc/conf.c
    M src/lxc/conf.h
    M src/lxc/start.c

  Log Message:
  -----------
  lxc-start: don't re-try to mount rootfs if we already did so

If we are root using a user namespace and are mounting a blockdev as rootfs,
then we do this before unsharing the userns, because we are not allowed to
do it in a userns.  But after unsharing the userns, we unconditionally
retried mounting the rootfs, resulting in failure.  stop that.

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: fb4cf517ae6ec90dcee7ddf9495d8c9cfe2b902b
      https://github.com/lxc/lxc/commit/fb4cf517ae6ec90dcee7ddf9495d8c9cfe2b902b
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2014-11-25 (Tue, 25 Nov 2014)

  Changed paths:
    M src/lxc/utils.c

  Log Message:
  -----------
  lxc_global_config_value: simplify the theme

Rather than try to free all the not-being-returned items at
each if clause where we assign one to return value, just NULL
the one we are returning so we can safely free all the
values.  This should fix the newly reported coverity memory
leak

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: aea0e3ecea15e4d0b551d22c0789e5d1dd75a72a
      https://github.com/lxc/lxc/commit/aea0e3ecea15e4d0b551d22c0789e5d1dd75a72a
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2014-11-25 (Tue, 25 Nov 2014)

  Changed paths:
    M src/lxc/attach.c

  Log Message:
  -----------
  attach: don't use confstr(_CS_PATH)

It is not system-definable, rather glibc sets that to bin:/usr/bin, which is
simply too restrictive.  So just always set our preferred path.

This was reported at:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1384327

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: fa3cf24a00d2b6924fa54dbd6cf25d28f652936b
      https://github.com/lxc/lxc/commit/fa3cf24a00d2b6924fa54dbd6cf25d28f652936b
  Author: Simon Deziel <simon.deziel at gmail.com>
  Date:   2014-11-25 (Tue, 25 Nov 2014)

  Changed paths:
    M templates/lxc-ubuntu.in

  Log Message:
  -----------
  Create the apt proxy in the cache instead of the 1st container

This addresses https://github.com/lxc/lxc/issues/280.

Signed-off-by: Simon Deziel <simon at sdeziel.info>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: 9c16751c3a9e77ed50434cdccd56673a0c3a373e
      https://github.com/lxc/lxc/commit/9c16751c3a9e77ed50434cdccd56673a0c3a373e
  Author: Sergio Jimenez <tripledes at gmail.com>
  Date:   2014-11-25 (Tue, 25 Nov 2014)

  Changed paths:
    M src/lxc/conf.c
    M src/lxc/confile.c
    M src/tests/get_item.c

  Log Message:
  -----------
  Fixed mismatch on ipvX gateway

Signed-off-by: Sergio Jimenez <tripledes at gmail.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: 54a6935335f8ef2bb4c56fbc9ab0f9aea6863e69
      https://github.com/lxc/lxc/commit/54a6935335f8ef2bb4c56fbc9ab0f9aea6863e69
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2014-11-25 (Tue, 25 Nov 2014)

  Changed paths:
    M src/lxc/attach.c

  Log Message:
  -----------
  attach: don't ignore sigint/sigkill if stdin is redirected

If attach is being done over passed-in fds, then we shouldn't
mess with the caller's signal table to ignore ctrl-c over the
fd.

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: 691050ea63bab0d44c23211ceee3eab4e004b11b
      https://github.com/lxc/lxc/commit/691050ea63bab0d44c23211ceee3eab4e004b11b
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2014-11-25 (Tue, 25 Nov 2014)

  Changed paths:
    M src/lxc/cgmanager.c

  Log Message:
  -----------
  cgmanager: fix 'attach' with "all" controller support

"all" is not a supported keyword for cgmanager's get_pid_cgroup.
Pass the first mounted cgroup subsystem instead of passing "all" when
getting the container's cgorup to attach to.

Also, make sure that the target cgroup is in fact in all identical
cgroups before attaching with 'all".  If not, then we must attach to
each cgroup separately, or else we will not be in all the same cgroups
as the target container.

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: 0fbc4a54aee17f99697acf43bfe66b1e6e0f6030
      https://github.com/lxc/lxc/commit/0fbc4a54aee17f99697acf43bfe66b1e6e0f6030
  Author: Silvio Fricke <silvio.fricke at gmail.com>
  Date:   2014-11-25 (Tue, 25 Nov 2014)

  Changed paths:
    M src/lxc/utils.c

  Log Message:
  -----------
  lxc/utils: bugfix freed pointer return value

We allocate a pointer and save this address in a static variable. After
this we freed this pointer and return.

Here a cuttout of a valgrind report:

	[...]
	==11568== Invalid read of size 1
	==11568==    at 0x4C2D524: strlen (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
	==11568==    by 0x5961C9B: puts (in /usr/lib/libc-2.20.so)
	==11568==    by 0x400890: main (lxc_config.c:73)
	==11568==  Address 0x6933e21 is 1 bytes inside a block of size 32 free'd
	==11568==    at 0x4C2B200: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
	==11568==    by 0x4E654F2: lxc_global_config_value (utils.c:415)
	==11568==    by 0x4E92177: lxc_get_global_config_item (lxccontainer.c:2287)
	==11568==    by 0x400883: main (lxc_config.c:71)
	[...]

Signed-off-by: Silvio Fricke <silvio.fricke at gmail.com>


  Commit: cf6df0064f6d3ca3e629a3391aff8e09f40e07d7
      https://github.com/lxc/lxc/commit/cf6df0064f6d3ca3e629a3391aff8e09f40e07d7
  Author: TAMUKI Shoichi <tamuki at linet.gr.jp>
  Date:   2014-11-25 (Tue, 25 Nov 2014)

  Changed paths:
    M config/templates/plamo.common.conf.in
    M templates/lxc-plamo.in

  Log Message:
  -----------
  lxc-plamo: mount tmpfs on /dev/shm

Do mkdir $rootfs/dev/shm and then mount tmpfs on /dev/shm.

Signed-off-by: TAMUKI Shoichi <tamuki at linet.gr.jp>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>


  Commit: 93b3ce1a194bdec701734eaa0a181d6ffe419bfc
      https://github.com/lxc/lxc/commit/93b3ce1a194bdec701734eaa0a181d6ffe419bfc
  Author: Stéphane Graber <stgraber at ubuntu.com>
  Date:   2014-11-25 (Tue, 25 Nov 2014)

  Changed paths:
    M doc/lxc.sgml.in

  Log Message:
  -----------
  Fix the lxc manpage a bit

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>


  Commit: 12a6a8e5a1d95f416e77ba6e02d8fd4ba1259d6d
      https://github.com/lxc/lxc/commit/12a6a8e5a1d95f416e77ba6e02d8fd4ba1259d6d
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2014-11-25 (Tue, 25 Nov 2014)

  Changed paths:
    M src/lxc/lxc_info.c

  Log Message:
  -----------
  lxc_info: flush stdout before calling routines which may fork

Otherwise both resulting takss will print what they had flushed when they
exit.

This fixes https://bugs.launchpad.net/bugs/1389244

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Tested-by: Tycho Andersen <tycho.andersen at canonical.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: a208038f97658d4b507ad7646694cc00103b954d
      https://github.com/lxc/lxc/commit/a208038f97658d4b507ad7646694cc00103b954d
  Author: Joel Nider <JOELN at il.ibm.com>
  Date:   2014-11-25 (Tue, 25 Nov 2014)

  Changed paths:
    M src/lxc/conf.c
    M src/lxc/conf.h
    M src/lxc/lxc_user_nic.c

  Log Message:
  -----------
  conf.c: change 'instanciate' to 'instantiate'

This is a multipart message in MIME format.

Fixes a small (but consistent) spelling mistake in conf.c

Signed-off-by: Joel Nider <joeln at il.ibm.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: 79716c066a9f7209c19136c50ee6ddbd2243900a
      https://github.com/lxc/lxc/commit/79716c066a9f7209c19136c50ee6ddbd2243900a
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2014-11-25 (Tue, 25 Nov 2014)

  Changed paths:
    M templates/lxc-cirros.in

  Log Message:
  -----------
  lxc-cirros: support creating+running unprivileged

Support creation and use of lxc-cirros by unprivileged users.

If we detect we are an unprivileged user, then insist that we
be in a userns with a id mapping.

If we are in a userns, then don't extract /dev when extracting
the rootfs.

If we are not root, then save the tarball to ~/.cache/lxc/cirros
instead of /var/cache/lxc/cirros.

If we are not roo, then include entries to auto-mount proc and sys,
as well as bind-mount devices.

Cc: Scott Moser <smoser at ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: f50be15b1fb15e5eeb173619f727618f732b7461
      https://github.com/lxc/lxc/commit/f50be15b1fb15e5eeb173619f727618f732b7461
  Author: 謝致邦 <Yeking at Red54.com>
  Date:   2014-11-25 (Tue, 25 Nov 2014)

  Changed paths:
    M templates/lxc-openmandriva.in

  Log Message:
  -----------
  Fix lxc-openmandriva.in typo.

Signed-off-by: 謝致邦 <Yeking at Red54.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: bfcaac5bfc360e2dbfa4ed7690eaf8073cc607aa
      https://github.com/lxc/lxc/commit/bfcaac5bfc360e2dbfa4ed7690eaf8073cc607aa
  Author: 謝致邦 <Yeking at Red54.com>
  Date:   2014-11-25 (Tue, 25 Nov 2014)

  Changed paths:
    M templates/lxc-centos.in

  Log Message:
  -----------
  Fix lxc-centos.in typo.

Signed-off-by: 謝致邦 <Yeking at Red54.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: c537d06b31194ccc2b51241b64d54a4d63bbc5e6
      https://github.com/lxc/lxc/commit/c537d06b31194ccc2b51241b64d54a4d63bbc5e6
  Author: Silvio Fricke <silvio.fricke at gmail.com>
  Date:   2014-11-25 (Tue, 25 Nov 2014)

  Changed paths:
    M doc/lxc-create.sgml.in

  Log Message:
  -----------
  lxc-create -t option is not optional

Closes: #355

Signed-off-by: Silvio Fricke <silvio.fricke at gmail.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: f1503ae8d56748d55028a6dc9ab5efa6dbc1fb64
      https://github.com/lxc/lxc/commit/f1503ae8d56748d55028a6dc9ab5efa6dbc1fb64
  Author: KATOH Yasufumi <karma at jazz.email.ne.jp>
  Date:   2014-11-25 (Tue, 25 Nov 2014)

  Changed paths:
    M doc/ja/lxc.sgml.in

  Log Message:
  -----------
  doc: Update kernel and cgroup info in Japanese lxc(7)

Update for commit 0dcbd62

Signed-off-by: KATOH Yasufumi <karma at jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


Compare: https://github.com/lxc/lxc/compare/69783413e858...f1503ae8d567


More information about the lxc-devel mailing list