[lxc-devel] [lxc/lxc] 2f8909: apparmor: silence 'silent' mount denials
GitHub
noreply at github.com
Tue Nov 25 22:18:31 UTC 2014
Branch: refs/heads/stable-1.0
Home: https://github.com/lxc/lxc
Commit: 2f8909261fb43ea96f47df460abb92138932bc34
https://github.com/lxc/lxc/commit/2f8909261fb43ea96f47df460abb92138932bc34
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2014-11-25 (Tue, 25 Nov 2014)
Changed paths:
M config/apparmor/abstractions/container-base.in
Log Message:
-----------
apparmor: silence 'silent' mount denials
newer lxc uses 'silent' when remounting on shutdown. Silence that denial too
Author: Jamie Strandboge <jamie at canonical.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: 551d4de06112c254ee6f19ccdb7e88b21f37688f
https://github.com/lxc/lxc/commit/551d4de06112c254ee6f19ccdb7e88b21f37688f
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2014-11-25 (Tue, 25 Nov 2014)
Changed paths:
M src/lxc/log.c
Log Message:
-----------
add file/func/line to debug info
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: d9bae9c84b21642876107f32ba6c51ff3350c372
https://github.com/lxc/lxc/commit/d9bae9c84b21642876107f32ba6c51ff3350c372
Author: Jamie Strandboge <jamie at canonical.com>
Date: 2014-11-25 (Tue, 25 Nov 2014)
Changed paths:
M config/apparmor/abstractions/container-base
M config/apparmor/abstractions/container-base.in
Log Message:
-----------
apparmor: restrict signal and ptrace for processes
Restrict signal and ptrace for processes running under the container
profile. Rules based on AppArmor base abstraction. Add unix rules for
processes running under the container profile.
Signed-off-by: Jamie Strandboge <jamie at canonical.com>
Acked-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: 8ac62e20feb226f08ef04d8a43930e5eb6cc9417
https://github.com/lxc/lxc/commit/8ac62e20feb226f08ef04d8a43930e5eb6cc9417
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: 2014-11-25 (Tue, 25 Nov 2014)
Changed paths:
M src/tests/Makefile.am
M src/tests/lxc-test-usernic.in
Log Message:
-----------
tests: Fix unpriv test
Don't use $TUSER as it's not defined. Also don't include
lxc-test-usernic in extra_DIST.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: c6234a0afed9e064fd9a8235874f893194796c2d
https://github.com/lxc/lxc/commit/c6234a0afed9e064fd9a8235874f893194796c2d
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2014-11-25 (Tue, 25 Nov 2014)
Changed paths:
M src/lxc/cgmanager.c
Log Message:
-----------
cgmanager: several fixes
These all fix various ways that cgroup actions could fail if an
unprivileged user's cgroup paths were not all the same for all
controllers.
1. in cgm_{g,s}et, use the right controller, not the first in the list,
to get the cgroup path.
2. when we pass 'all' to cgmanager for a ${METHOD}_abs, make sure that all
cgroup paths are the same. That isn't necessary for methods not
taking an absolute path, so split up the former
cgm_supports_multiple_controllers() function into two booleans, one
telling whether cgm supports it, and another telling us whether
cgm supports it AND all controller cgroup paths are the same.
3. separately, do_cgm_enter with abs=true couldn't work if all
cgroup paths were not the same. So just ditch that helper and
call lxc_cgmanager_enter() where needed, because the special
cases would be more complicated.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Commit: 57f7174b86567009758e09761b6c16eb343b3e29
https://github.com/lxc/lxc/commit/57f7174b86567009758e09761b6c16eb343b3e29
Author: Andrey Vagin <avagin at gmail.com>
Date: 2014-11-25 (Tue, 25 Nov 2014)
Changed paths:
M src/lxc/conf.c
Log Message:
-----------
lxc: don't call pivot_root if / is on a ramfs
pivot_root can't be called if / is on a ramfs. Currently chroot is
called before pivot_root. In this case the standard well-known
'chroot escape' technique allows to escape a container.
I think the best way to handle this situation is to make following actions:
* clean all mounts, which should not be visible in CT
* move CT's rootfs into /
* make chroot into /
I don't have a host, where / is on a ramfs, so I can't test this patch.
Signed-off-by: Andrey Vagin <avagin at openvz.org>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Commit: 454c016518d64347d1507ae8fcdf9d2720879087
https://github.com/lxc/lxc/commit/454c016518d64347d1507ae8fcdf9d2720879087
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2014-11-25 (Tue, 25 Nov 2014)
Changed paths:
M src/tests/lxc-test-unpriv
Log Message:
-----------
lxc-test-unpriv: don't clear out /etc/lxc/lxc-usernet
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Commit: 5ecedb8929880e99076a824f625fd7eb9fd4271b
https://github.com/lxc/lxc/commit/5ecedb8929880e99076a824f625fd7eb9fd4271b
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2014-11-25 (Tue, 25 Nov 2014)
Changed paths:
M src/tests/lxc-test-unpriv
Log Message:
-----------
lxc-test-unpriv: test for different cgroups per subsystem
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Commit: 6c68b9dc6b22178c60867f9f8252a8735db9d910
https://github.com/lxc/lxc/commit/6c68b9dc6b22178c60867f9f8252a8735db9d910
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2014-11-25 (Tue, 25 Nov 2014)
Changed paths:
M src/lxc/confile.c
Log Message:
-----------
fix lxc.mount.auto clearing
the way config_mount was structured, sending 'lxc.mount.auto = '
ended up actually clearing all lxc.mount.entrys. Fix that by
moving the check for an empty value to after the subkey checks.
Then, actually do the clearing of auto_mounts in config_mount_auto.
The 'strlen(subkey)' check being removed was bogus - the subkey
either known to be 'lxc.mount.entry', else subkey would have been
NULL (and forced a return in the block above).
This would have been clearer if the config_mount() and helper
fns were structured like the rest of confile.c. It's tempting
to switch it over, but there are subtleties in there so it's
not something to do without a lot of thought and testing.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Commit: 28f3d36f885e22fea0d397aaf861a5ab8310f46f
https://github.com/lxc/lxc/commit/28f3d36f885e22fea0d397aaf861a5ab8310f46f
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: 2014-11-25 (Tue, 25 Nov 2014)
Changed paths:
M src/lxc/conf.c
Log Message:
-----------
conf.c: Define MS_PRIVATE for Android
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: c2398d17892a1905c14585adf2f3ba37b9d682ca
https://github.com/lxc/lxc/commit/c2398d17892a1905c14585adf2f3ba37b9d682ca
Author: Dongsheng Yang <yangds.fnst at cn.fujitsu.com>
Date: 2014-11-25 (Tue, 25 Nov 2014)
Changed paths:
M src/lxc/network.c
M src/lxc/network.h
Log Message:
-----------
network: convert param ifname to const.
We should not modify ifname in lxc_netdev_move_by_name(),
making it as const in param list will make our code more
robust.
Signed-off-by: Dongsheng Yang <yangds.fnst at cn.fujitsu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Commit: f5a49d033b63b867a744c1c4b82c9c353f3e958b
https://github.com/lxc/lxc/commit/f5a49d033b63b867a744c1c4b82c9c353f3e958b
Author: Dongsheng Yang <yangds.fnst at cn.fujitsu.com>
Date: 2014-11-25 (Tue, 25 Nov 2014)
Changed paths:
M src/lxc/network.c
Log Message:
-----------
network: check result of if_nametoindex().
When we want to get index of a ifname which does not
exist, we should return a -EINVAL in this case.
Signed-off-by: Dongsheng Yang <yangds.fnst at cn.fujitsu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Commit: c374e4221c5921f041d64ee34a5ecdfdfdab9d40
https://github.com/lxc/lxc/commit/c374e4221c5921f041d64ee34a5ecdfdfdab9d40
Author: Dongsheng Yang <yangds.fnst at cn.fujitsu.com>
Date: 2014-11-25 (Tue, 25 Nov 2014)
Changed paths:
M src/lxc/lxc_start.c
Log Message:
-----------
lxc_start: ERROR if container is already running.
We should exit with a error when starting a running container.
Signed-off-by: Dongsheng Yang <yangds.fnst at cn.fujitsu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Commit: c77c0644a372dc6d98791dde6f3020815da296bf
https://github.com/lxc/lxc/commit/c77c0644a372dc6d98791dde6f3020815da296bf
Author: Dongsheng Yang <yangds.fnst at cn.fujitsu.com>
Date: 2014-11-25 (Tue, 25 Nov 2014)
Changed paths:
M src/lxc/conf.c
M src/lxc/lxc_unshare.c
M src/lxc/lxc_user_nic.c
M src/lxc/network.c
M src/lxc/network.h
Log Message:
-----------
network: allow lxc_network_move_by_index() rename netdev in moving.
In netlink, we can set the dest_name of netdev when move netdev
between namespaces in one netlink request. And moving a netdev of
a src_name to a netdev with a dest_name is a common usecase.
So this patch add a parametaer to lxc_network_move_by_index() to
indicate the dest_name for the movement. NULL means same with
the src_name.
Signed-off-by: Dongsheng Yang <yangds.fnst at cn.fujitsu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Commit: 42bb0b6ff1c594cd0eca242776cc2613340b0db0
https://github.com/lxc/lxc/commit/42bb0b6ff1c594cd0eca242776cc2613340b0db0
Author: Dongsheng Yang <yangds.fnst at cn.fujitsu.com>
Date: 2014-11-25 (Tue, 25 Nov 2014)
Changed paths:
M src/lxc/network.c
M src/lxc/network.h
Log Message:
-----------
network: introduce a interface named lxc_netdev_isup().
When we need to know some info about a netdev, such as is_up or not,
we need to read the flag for the netdev.
This patch introduce a interface function named lxc_netdev_isup()
to check is a netdev up or down.
And introduce a network private function named netdev_get_flag()
to get flag for netdev by netlink.
Changelog: 10/15/2015: Return failure if name==NULL to avoid later strlen fun
Signed-off-by: Dongsheng Yang <yangds.fnst at cn.fujitsu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Commit: 92de89dd5f3efc0002745738b5f7ae85998be0cd
https://github.com/lxc/lxc/commit/92de89dd5f3efc0002745738b5f7ae85998be0cd
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2014-11-25 (Tue, 25 Nov 2014)
Changed paths:
M src/lxc/lxccontainer.c
Log Message:
-----------
lxccontainer.c: rename enter_to_ns to enter_net_ns
because that's what it does
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Commit: a2e99a58badd80814708faa81ecc4fd63f504dc7
https://github.com/lxc/lxc/commit/a2e99a58badd80814708faa81ecc4fd63f504dc7
Author: Dark Templar <dark_templar at hotbox.ru>
Date: 2014-11-25 (Tue, 25 Nov 2014)
Changed paths:
M templates/lxc-gentoo.in
Log Message:
-----------
Fix typo in lxc-gentoo template
Signed-off-by: Dark Templar <dark_templar at hotbox.ru>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Commit: f9e6ac598b3956e745467c0df6f21c699968d7ad
https://github.com/lxc/lxc/commit/f9e6ac598b3956e745467c0df6f21c699968d7ad
Author: KATOH Yasufumi <karma at jazz.email.ne.jp>
Date: 2014-11-25 (Tue, 25 Nov 2014)
Changed paths:
M src/lxc/cgfs.c
M src/lxc/cgmanager.c
M src/lxc/utils.c
Log Message:
-----------
lxc_global_config_value can return the default lxc.cgroup.pattern whether root or non-root
>>> On Tue, 30 Sep 2014 19:48:09 +0000
in message "Re: [lxc-devel] [PATCH] lxc-config can show lxc.cgroup.(use|pattern)"
Serge Hallyn-san wrote:
> I think it would be worth also augmenting
> lxc_global_config_value() to return a default lxc.cgroup.use
> for 'all', and a default lxc.cgroup.pattern ("/lxc/%n" for root
> or "%n" for non-root).
lxc.cgroup.pattern is like this? (^_^;)
Signed-off-by: KATOH Yasufumi <karma at jazz.email.ne.jp>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Commit: c3c0a8b7e5bcce5c23102cabebb63bd40be5effd
https://github.com/lxc/lxc/commit/c3c0a8b7e5bcce5c23102cabebb63bd40be5effd
Author: Bogdan Purcareata <bogdan.purcareata at freescale.com>
Date: 2014-11-25 (Tue, 25 Nov 2014)
Changed paths:
M templates/lxc-busybox.in
Log Message:
-----------
busybox template: support for unprivileged containers
Apply the changes found in templates/lxc-download to the busybox template as
well. Change ownership of the config and fstab files to the unprivileged user,
and the ownership of the rootfs to root in the new user namespace.
Eliminate the "unsupported for userns" flag.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata at freescale.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Commit: 271257089d595e45678f665f379697a445eb69a9
https://github.com/lxc/lxc/commit/271257089d595e45678f665f379697a445eb69a9
Author: Bogdan Purcareata <bogdan.purcareata at freescale.com>
Date: 2014-11-25 (Tue, 25 Nov 2014)
Changed paths:
M templates/lxc-busybox.in
Log Message:
-----------
busybox template: mount fstab when available
When running unprivileged, lxc-create will touch a fstab file, with bind-mounts
for the ttys and other devices. Add this entry in the container config.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata at freescale.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Commit: 970ab4f0da77e3cebf6294e2e3543ec1b213288c
https://github.com/lxc/lxc/commit/970ab4f0da77e3cebf6294e2e3543ec1b213288c
Author: Dark Templar <dark_templar at hotbox.ru>
Date: 2014-11-25 (Tue, 25 Nov 2014)
Changed paths:
M templates/lxc-gentoo.in
Log Message:
-----------
Fix another gentoo template typo
I've found one more typo in the gentoo template, configuration in the
generated file /etc/conf.d/hostname was not valid, but it didn't impact
me due to "lxc.utsname" being set in the configuration file of container
and hostname service being not used. Anyway, I've made a patch and
sending it with this mail.
Signed-off-by: Dark Templar <dark_templar at hotbox.ru>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Commit: 7495c7721d53c2c1a4e70d21e22d67851ba5e203
https://github.com/lxc/lxc/commit/7495c7721d53c2c1a4e70d21e22d67851ba5e203
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2014-11-25 (Tue, 25 Nov 2014)
Changed paths:
M src/lxc/lxc_start.c
Log Message:
-----------
lxc-start: return 0 rather than error if container is already running
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Commit: 6abb0d4af4e6676cfaed6f6ff71bb968896bd4c3
https://github.com/lxc/lxc/commit/6abb0d4af4e6676cfaed6f6ff71bb968896bd4c3
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2014-11-25 (Tue, 25 Nov 2014)
Changed paths:
M src/lxc/conf.c
Log Message:
-----------
do_rootfs_setup: fix return bugs
Fix return value on bind mount failure.
If we've already mounted the rootfs, exit after the bind mount
rather than re-trying the rootfs mount. The only case where
this happens is when root is starting a container in a user
namespace and with a block device backing store.
In that case, pre-mount hooks will be executed in the initial
user namespace. That may be worth fixing. Or it may be what
we want. We should think about it and fix it.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Commit: 677a76dd64d2cded892374536b4447e161c6a665
https://github.com/lxc/lxc/commit/677a76dd64d2cded892374536b4447e161c6a665
Author: Dark Templar <dark_templar at hotbox.ru>
Date: 2014-11-25 (Tue, 25 Nov 2014)
Changed paths:
M src/lxc/legacy/lxc-ls.in
Log Message:
-----------
Make legacy lxc-ls more robust
Behave well when /etc/lxc/${name} is a symlink to directory
Signed-off-by: Dark Templar <dark_templar at hotbox.ru>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Commit: be97c20dbedf7e966a770e05983d749f55e918e2
https://github.com/lxc/lxc/commit/be97c20dbedf7e966a770e05983d749f55e918e2
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2014-11-25 (Tue, 25 Nov 2014)
Changed paths:
M src/lxc/conf.c
M src/lxc/conf.h
M src/lxc/start.c
Log Message:
-----------
lxc-start: don't re-try to mount rootfs if we already did so
If we are root using a user namespace and are mounting a blockdev as rootfs,
then we do this before unsharing the userns, because we are not allowed to
do it in a userns. But after unsharing the userns, we unconditionally
retried mounting the rootfs, resulting in failure. stop that.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: fb4cf517ae6ec90dcee7ddf9495d8c9cfe2b902b
https://github.com/lxc/lxc/commit/fb4cf517ae6ec90dcee7ddf9495d8c9cfe2b902b
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2014-11-25 (Tue, 25 Nov 2014)
Changed paths:
M src/lxc/utils.c
Log Message:
-----------
lxc_global_config_value: simplify the theme
Rather than try to free all the not-being-returned items at
each if clause where we assign one to return value, just NULL
the one we are returning so we can safely free all the
values. This should fix the newly reported coverity memory
leak
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: aea0e3ecea15e4d0b551d22c0789e5d1dd75a72a
https://github.com/lxc/lxc/commit/aea0e3ecea15e4d0b551d22c0789e5d1dd75a72a
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2014-11-25 (Tue, 25 Nov 2014)
Changed paths:
M src/lxc/attach.c
Log Message:
-----------
attach: don't use confstr(_CS_PATH)
It is not system-definable, rather glibc sets that to bin:/usr/bin, which is
simply too restrictive. So just always set our preferred path.
This was reported at:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1384327
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: fa3cf24a00d2b6924fa54dbd6cf25d28f652936b
https://github.com/lxc/lxc/commit/fa3cf24a00d2b6924fa54dbd6cf25d28f652936b
Author: Simon Deziel <simon.deziel at gmail.com>
Date: 2014-11-25 (Tue, 25 Nov 2014)
Changed paths:
M templates/lxc-ubuntu.in
Log Message:
-----------
Create the apt proxy in the cache instead of the 1st container
This addresses https://github.com/lxc/lxc/issues/280.
Signed-off-by: Simon Deziel <simon at sdeziel.info>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: 9c16751c3a9e77ed50434cdccd56673a0c3a373e
https://github.com/lxc/lxc/commit/9c16751c3a9e77ed50434cdccd56673a0c3a373e
Author: Sergio Jimenez <tripledes at gmail.com>
Date: 2014-11-25 (Tue, 25 Nov 2014)
Changed paths:
M src/lxc/conf.c
M src/lxc/confile.c
M src/tests/get_item.c
Log Message:
-----------
Fixed mismatch on ipvX gateway
Signed-off-by: Sergio Jimenez <tripledes at gmail.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: 54a6935335f8ef2bb4c56fbc9ab0f9aea6863e69
https://github.com/lxc/lxc/commit/54a6935335f8ef2bb4c56fbc9ab0f9aea6863e69
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2014-11-25 (Tue, 25 Nov 2014)
Changed paths:
M src/lxc/attach.c
Log Message:
-----------
attach: don't ignore sigint/sigkill if stdin is redirected
If attach is being done over passed-in fds, then we shouldn't
mess with the caller's signal table to ignore ctrl-c over the
fd.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: 691050ea63bab0d44c23211ceee3eab4e004b11b
https://github.com/lxc/lxc/commit/691050ea63bab0d44c23211ceee3eab4e004b11b
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2014-11-25 (Tue, 25 Nov 2014)
Changed paths:
M src/lxc/cgmanager.c
Log Message:
-----------
cgmanager: fix 'attach' with "all" controller support
"all" is not a supported keyword for cgmanager's get_pid_cgroup.
Pass the first mounted cgroup subsystem instead of passing "all" when
getting the container's cgorup to attach to.
Also, make sure that the target cgroup is in fact in all identical
cgroups before attaching with 'all". If not, then we must attach to
each cgroup separately, or else we will not be in all the same cgroups
as the target container.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: 0fbc4a54aee17f99697acf43bfe66b1e6e0f6030
https://github.com/lxc/lxc/commit/0fbc4a54aee17f99697acf43bfe66b1e6e0f6030
Author: Silvio Fricke <silvio.fricke at gmail.com>
Date: 2014-11-25 (Tue, 25 Nov 2014)
Changed paths:
M src/lxc/utils.c
Log Message:
-----------
lxc/utils: bugfix freed pointer return value
We allocate a pointer and save this address in a static variable. After
this we freed this pointer and return.
Here a cuttout of a valgrind report:
[...]
==11568== Invalid read of size 1
==11568== at 0x4C2D524: strlen (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==11568== by 0x5961C9B: puts (in /usr/lib/libc-2.20.so)
==11568== by 0x400890: main (lxc_config.c:73)
==11568== Address 0x6933e21 is 1 bytes inside a block of size 32 free'd
==11568== at 0x4C2B200: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==11568== by 0x4E654F2: lxc_global_config_value (utils.c:415)
==11568== by 0x4E92177: lxc_get_global_config_item (lxccontainer.c:2287)
==11568== by 0x400883: main (lxc_config.c:71)
[...]
Signed-off-by: Silvio Fricke <silvio.fricke at gmail.com>
Commit: cf6df0064f6d3ca3e629a3391aff8e09f40e07d7
https://github.com/lxc/lxc/commit/cf6df0064f6d3ca3e629a3391aff8e09f40e07d7
Author: TAMUKI Shoichi <tamuki at linet.gr.jp>
Date: 2014-11-25 (Tue, 25 Nov 2014)
Changed paths:
M config/templates/plamo.common.conf.in
M templates/lxc-plamo.in
Log Message:
-----------
lxc-plamo: mount tmpfs on /dev/shm
Do mkdir $rootfs/dev/shm and then mount tmpfs on /dev/shm.
Signed-off-by: TAMUKI Shoichi <tamuki at linet.gr.jp>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Commit: 93b3ce1a194bdec701734eaa0a181d6ffe419bfc
https://github.com/lxc/lxc/commit/93b3ce1a194bdec701734eaa0a181d6ffe419bfc
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: 2014-11-25 (Tue, 25 Nov 2014)
Changed paths:
M doc/lxc.sgml.in
Log Message:
-----------
Fix the lxc manpage a bit
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Commit: 12a6a8e5a1d95f416e77ba6e02d8fd4ba1259d6d
https://github.com/lxc/lxc/commit/12a6a8e5a1d95f416e77ba6e02d8fd4ba1259d6d
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2014-11-25 (Tue, 25 Nov 2014)
Changed paths:
M src/lxc/lxc_info.c
Log Message:
-----------
lxc_info: flush stdout before calling routines which may fork
Otherwise both resulting takss will print what they had flushed when they
exit.
This fixes https://bugs.launchpad.net/bugs/1389244
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Tested-by: Tycho Andersen <tycho.andersen at canonical.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: a208038f97658d4b507ad7646694cc00103b954d
https://github.com/lxc/lxc/commit/a208038f97658d4b507ad7646694cc00103b954d
Author: Joel Nider <JOELN at il.ibm.com>
Date: 2014-11-25 (Tue, 25 Nov 2014)
Changed paths:
M src/lxc/conf.c
M src/lxc/conf.h
M src/lxc/lxc_user_nic.c
Log Message:
-----------
conf.c: change 'instanciate' to 'instantiate'
This is a multipart message in MIME format.
Fixes a small (but consistent) spelling mistake in conf.c
Signed-off-by: Joel Nider <joeln at il.ibm.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: 79716c066a9f7209c19136c50ee6ddbd2243900a
https://github.com/lxc/lxc/commit/79716c066a9f7209c19136c50ee6ddbd2243900a
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2014-11-25 (Tue, 25 Nov 2014)
Changed paths:
M templates/lxc-cirros.in
Log Message:
-----------
lxc-cirros: support creating+running unprivileged
Support creation and use of lxc-cirros by unprivileged users.
If we detect we are an unprivileged user, then insist that we
be in a userns with a id mapping.
If we are in a userns, then don't extract /dev when extracting
the rootfs.
If we are not root, then save the tarball to ~/.cache/lxc/cirros
instead of /var/cache/lxc/cirros.
If we are not roo, then include entries to auto-mount proc and sys,
as well as bind-mount devices.
Cc: Scott Moser <smoser at ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: f50be15b1fb15e5eeb173619f727618f732b7461
https://github.com/lxc/lxc/commit/f50be15b1fb15e5eeb173619f727618f732b7461
Author: 謝致邦 <Yeking at Red54.com>
Date: 2014-11-25 (Tue, 25 Nov 2014)
Changed paths:
M templates/lxc-openmandriva.in
Log Message:
-----------
Fix lxc-openmandriva.in typo.
Signed-off-by: 謝致邦 <Yeking at Red54.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: bfcaac5bfc360e2dbfa4ed7690eaf8073cc607aa
https://github.com/lxc/lxc/commit/bfcaac5bfc360e2dbfa4ed7690eaf8073cc607aa
Author: 謝致邦 <Yeking at Red54.com>
Date: 2014-11-25 (Tue, 25 Nov 2014)
Changed paths:
M templates/lxc-centos.in
Log Message:
-----------
Fix lxc-centos.in typo.
Signed-off-by: 謝致邦 <Yeking at Red54.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: c537d06b31194ccc2b51241b64d54a4d63bbc5e6
https://github.com/lxc/lxc/commit/c537d06b31194ccc2b51241b64d54a4d63bbc5e6
Author: Silvio Fricke <silvio.fricke at gmail.com>
Date: 2014-11-25 (Tue, 25 Nov 2014)
Changed paths:
M doc/lxc-create.sgml.in
Log Message:
-----------
lxc-create -t option is not optional
Closes: #355
Signed-off-by: Silvio Fricke <silvio.fricke at gmail.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: f1503ae8d56748d55028a6dc9ab5efa6dbc1fb64
https://github.com/lxc/lxc/commit/f1503ae8d56748d55028a6dc9ab5efa6dbc1fb64
Author: KATOH Yasufumi <karma at jazz.email.ne.jp>
Date: 2014-11-25 (Tue, 25 Nov 2014)
Changed paths:
M doc/ja/lxc.sgml.in
Log Message:
-----------
doc: Update kernel and cgroup info in Japanese lxc(7)
Update for commit 0dcbd62
Signed-off-by: KATOH Yasufumi <karma at jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Compare: https://github.com/lxc/lxc/compare/69783413e858...f1503ae8d567
More information about the lxc-devel
mailing list