[lxc-devel] [lxc/lxc] 16a642: do_lxcap_stop: wait until container is stopped
GitHub
noreply at github.com
Wed Jul 1 18:16:37 UTC 2015
Branch: refs/heads/stable-1.1
Home: https://github.com/lxc/lxc
Commit: 16a64224c5417fe26c4a01496656a1a4c78eae3c
https://github.com/lxc/lxc/commit/16a64224c5417fe26c4a01496656a1a4c78eae3c
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/lxccontainer.c
Log Message:
-----------
do_lxcap_stop: wait until container is stopped
In the past, lxc-cmd-stop would wait until the command pipe was closed
before returning, ensuring that the container monitor had exited.
Now that we accept the actual success return value, lxcapi_stop can
return success before the monitor has fully exited.
So explicitly wait for the container to stop, when lxc-cmd-stop returned
success.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Commit: b140d243722cc296159a4edcb47c2fbcd6d11b72
https://github.com/lxc/lxc/commit/b140d243722cc296159a4edcb47c2fbcd6d11b72
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/lxccontainer.c
Log Message:
-----------
Revert "do_lxcap_stop: wait until container is stopped"
This breaks lxc-test-concurrent.
This reverts commit fef9aa89e99285609d51848623f84ecd3a3109df.
Commit: b55f3a435f687624adfb44283efc04c27ae07722
https://github.com/lxc/lxc/commit/b55f3a435f687624adfb44283efc04c27ae07722
Author: Tycho Andersen <tycho.andersen at canonical.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/lxccontainer.c
Log Message:
-----------
c/r: rework external mountpoint handling v4
CRIU now supports autodetection of external mounts via the --ext-mount-map auto
--enable-external-sharing --enable-external-masters options, so we don't need
to explicitly pass the cgmanager mount or any of the mounts from the config.
This also means that lxcfs mounts (since they are bind mounts from outside the
container) are autodetected, meaning that c/r of containers using lxcfs works.
A further advantage of this patch is that it addresses some of the ugliness
that was in the exec_criu() function. There are other criu options that will
allow us to trim this even further, though.
Finally, with --enable-external-masters, criu understands slave mounts in the
container with shared mounts in the peer group that are outside the namespace.
This allows containers on a systemd host to be dumped and restored correctly.
However, these options have just landed in criu trunk today, and the next
tagged release will be 1.6 on June 1, so we should avoid merging this into any
stable releases until then.
v2: remount / as private before bind mounting the container's directory for
criu. The problem here is that if / is mounted as shared, even if we
unshare() the /var/lib/lxc/rootfs mountpoint propagates outside of our
mount namespace, which is bad, since we don't want to leak mounts. In
particular, this leak confuses criu the second time it goes to checkpoint
the container.
v3: whoops, we really want / as MS_SLAVE | MS_REC here, to match what start
does
v4: rebase onto master for revert of logging patch
Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Commit: 51f231ff10e9eade91ffea5633694ccf2c8b89c1
https://github.com/lxc/lxc/commit/51f231ff10e9eade91ffea5633694ccf2c8b89c1
Author: Tycho Andersen <tycho.andersen at canonical.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/Makefile.am
R src/lxc/lxc-restore-net
M src/lxc/lxccontainer.c
Log Message:
-----------
c/r: use criu option instead of lxc-restore-net
As of criu 1.5, the --veth-pair argument supports an additional parameter that
is the bridge name to attach to. This enables us to get rid of the goofy
action-script hack that passed bridge names as environment variables.
This patch is on top of the systemd/lxcfs mount rework patch, as we probably
want to wait to use 1.5 options until it has been out for a while and is in
distros.
Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Commit: 97d6a3752b83203348f2a1df1346b899f045ac8a
https://github.com/lxc/lxc/commit/97d6a3752b83203348f2a1df1346b899f045ac8a
Author: Tycho Andersen <tycho.andersen at canonical.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/Makefile.am
A src/lxc/criu.c
A src/lxc/criu.h
M src/lxc/lxccontainer.c
Log Message:
-----------
c/r: move criu code to its own file
Trying to cage the beast that is lxccontainer.c.
Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Commit: 5aacec32809a9fb2b77576a11edc05a0aeba7c8d
https://github.com/lxc/lxc/commit/5aacec32809a9fb2b77576a11edc05a0aeba7c8d
Author: Tycho Andersen <tycho.andersen at canonical.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/criu.c
Log Message:
-----------
c/r: check version of criu
Note that we allow both a tagged version or a git build that has sufficient
patches for the features we require.
v2: close criu's stderr too
Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Commit: e9455742d3eb8ef2c911cd660c91fc00354d0b6d
https://github.com/lxc/lxc/commit/e9455742d3eb8ef2c911cd660c91fc00354d0b6d
Author: Tycho Andersen <tycho.andersen at canonical.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/criu.c
Log Message:
-----------
c/r: enable hugetlbfs in criu
In vivid containers hugetlbfs is mounted, but it is not one of the hardcoded
fses in criu, so we need to tell criu that it is okay to automount it.
Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Commit: 97844d12b689f10883fff7d85b6fa8c0551ac005
https://github.com/lxc/lxc/commit/97844d12b689f10883fff7d85b6fa8c0551ac005
Author: Tycho Andersen <tycho.andersen at canonical.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/execute.c
M src/lxc/lxc.h
M src/lxc/lxc_execute.c
M src/lxc/lxccontainer.c
M src/lxc/start.c
M src/lxc/start.h
Log Message:
-----------
c/r: re-open fds after clone()
If we don't re-open these after clone, the init process has a pointer to the
parent's /dev/{zero,null}. CRIU seese these and wants to dump the parent's
mount namespace, which is unnecessary. Instead, we should just re-open
stdin/out/err after we do the clone and pivot root, to ensure that we have
pointers to the devcies in init's rootfs instead of the host's.
v2: Only close fds if the container was daemonized. This didn't turn out as
nicely as described on the list because lxc_start() doesn't actually have
the struct lxc_container, so it cant see the flag. Instead, we just pass it
down everywhere.
Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Commit: fc2a2b79d115f54d61ee5c71580e1f7b13f7215d
https://github.com/lxc/lxc/commit/fc2a2b79d115f54d61ee5c71580e1f7b13f7215d
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/Makefile.am
M src/lxc/conf.c
M src/lxc/conf.h
M src/lxc/confile.c
M src/lxc/log.c
M src/lxc/log.h
M src/lxc/lxccontainer.c
M src/lxc/start.c
Log Message:
-----------
logs: introduce a thread-local 'current' lxc_config (v2)
The logging code uses a global log_fd and log_level to direct
logging (ERROR(), etc). While the container configuration file allows
for lxc.loglevel and lxc.logfile, those are only used at configuration
file read time to set the global variables. This works ok in the
lxc front-end programs, but becomes a problem with threaded API users.
The simplest solution would be to not allow per-container configuration
files, but it'd be nice to avoid that.
Passing a logfd or lxc_conf into every ERROR/INFO/etc call is "possible",
but would be a huge complication as there are many functions, including
struct member functions and callbacks, which don't have that info and
would need to get it from somewhere.
So the approach I'm taking here is to say that all real container work
is done inside api calls, and therefore the API calls themselves can
set a thread-local variable indicating which log info to use. If
unset, then use the global values. The lxc-* programs, when called
with a '-o logfile' argument, set a global variable to indicate that
the user-specified value should be used.
In this patch:
If the lxc container configuration specifies a loglevel/logfile, only
set the lxc_config's logfd and loglevel according to those, not the
global values.
Each API call is wrapped to set/unset the current_config. (The few
exceptions are calls which do not result in any log actions)
Update logfile appender to use the logfile specified in lxc_conf if (a)
current_config is set and (b) the lxc-* command did not override it.
Changelog (2015-04-21):
. always re-set current_config to NULL at end of an API
call, rather than storing the previous value. We don't
nest API calls.
. remove the log_lock stuff which wasn't used
. lxc_conf_free: if the config is current_config, set
current_config to NULL. (It can't be another thread's
current_config, or we wouldn't be freeing it)
. lxc_check_inherited: don't close fd if it is the
current_config->logfd. Note this is only called when
starting a container, so we have no other threads at
this point.
Changelog (2015-04-22)
. Unset the per-container logfd on destroy
.
. Do so before we rm the containerdir. Otherwise if the logfile is set
. to $lxcpath/$name/log, the containerdir won't be fully deleted.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: 7a9c860220f825b7cb9de08e194a267d52983833
https://github.com/lxc/lxc/commit/7a9c860220f825b7cb9de08e194a267d52983833
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/cgmanager.c
M src/lxc/lxc.h
M src/lxc/lxc_monitor.c
M src/lxc/monitor.c
M src/lxc/monitor.h
Log Message:
-----------
use poll instead of select
Particularly when using the go-lxc api with lots of threads, it
happens that if the open files limit is > 1024, we will try to
select on fd > 1024 which breaks on glibc.
So use poll instead of select.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: 943107411647137752db127cc4850500c4f163f6
https://github.com/lxc/lxc/commit/943107411647137752db127cc4850500c4f163f6
Author: Natanael Copa <ncopa at alpinelinux.org>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M templates/lxc-alpine.in
Log Message:
-----------
lxc-alpine: create /dev/shm before mounting
This is needed for lxc.autodev=1 to work.
Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Commit: 5aa301671241edd9a875f00493e82f29bfce6fe0
https://github.com/lxc/lxc/commit/5aa301671241edd9a875f00493e82f29bfce6fe0
Author: Christian Brauner <christianvanbrauner at gmail.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/lxc-checkconfig.in
Log Message:
-----------
Make lxc-checkconfig work with kernel versions > 3
(1) Add test for kernel version greater 3.
(2) Use && and || instead of -a and -o as suggested in
http://www.unix.com/man-page/posix/1p/test/.
lxc-checkconfig will currently report "missing" on "Cgroup memory controller"
for kernel versions greater 3. This happens because the script, before checking
for the corresponding memory variable in the kernel config, currently will test
whether we have a major kernel version greater- or equal to 3 and a minor kernel
version greater- or equal to 6. This adds an additional test whether we have a
major kernel version greater than 3.
Signed-off-by: Christian Brauner <christianvanbrauner at gmail.com>
Commit: 2c6c01e0a5b52fe6d1345d3acf925b18ac747e43
https://github.com/lxc/lxc/commit/2c6c01e0a5b52fe6d1345d3acf925b18ac747e43
Author: Karl-Philipp Richter <krichter722 at aol.de>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M .gitignore
Log Message:
-----------
added build and test results to .gitignore
Signed-off-by: Karl-Philipp Richter <krichter722 at aol.de>
Commit: 57a64031b6c727d9ba43841c126ab5429714db15
https://github.com/lxc/lxc/commit/57a64031b6c727d9ba43841c126ab5429714db15
Author: Thomas Moschny <thomas.moschny at gmx.de>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lua-lxc/core.c
Log Message:
-----------
Fix Lua 5.3 compatibility code.
If Lua 5.3 is compiled with LUA_COMPAT_5_2 defined, the
luaL_checkunsigned compatibility macro is already defined
in lauxlib.h.
Signed-off-by: Thomas Moschny <thomas.moschny at gmx.de>
Commit: c775aec928745cf2546b04766b57a5b8f3282de0
https://github.com/lxc/lxc/commit/c775aec928745cf2546b04766b57a5b8f3282de0
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M config/init/common/lxc-net.in
Log Message:
-----------
Add IPv6 support to lxc-net
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Commit: 40ec5e3f3534a3273ecba755d748396f8e3432a1
https://github.com/lxc/lxc/commit/40ec5e3f3534a3273ecba755d748396f8e3432a1
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M config/init/common/lxc-net.in
Log Message:
-----------
lxc-net: Rework/cleanup
This updates lxc-net with the following changes:
- Better recover from crashes/partial runs
- Better error detection and reporting
- Less code duplication (use the stop code on crash)
- Better state tracking
- Allow for restart of all of lxc-net except for the bridge itself
- Only support iproute from this point on (ifconfig's been deprecated
for years)
V2: Use template variables everywhere
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Commit: d14e15899d46790986682d221b53b63c5c69e6d4
https://github.com/lxc/lxc/commit/d14e15899d46790986682d221b53b63c5c69e6d4
Author: Tycho Andersen <tycho.andersen at canonical.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/lxccontainer.c
Log Message:
-----------
c/r: check for criu images in the checkpoint directory
CRIU can get confused if there are two dumps that are written to the same
directory, so we make some minimal effort to prevent people from doing this.
This is a better alternative than forcing liblxc to create the directory, since
it is mostly race free (and neither solution is bullet proof anyway if someone
rsyncs some bad images over the top of the good ones).
Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Commit: 485227ee17f696b38d073b3f179348589b36653b
https://github.com/lxc/lxc/commit/485227ee17f696b38d073b3f179348589b36653b
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M config/init/common/lxc-net.in
Log Message:
-----------
Fix lxc-net regression on missing restorecon
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: 72453c4c73923825cf19bccd643a30a6fc782368
https://github.com/lxc/lxc/commit/72453c4c73923825cf19bccd643a30a6fc782368
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/bdev.c
Log Message:
-----------
overlay: create workdir if it doesn't exist
Otherwise a container created before we needed workdir will fail
to start after a kernel+lxc update.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: KATOH Yasufumi <karma at jazz.email.ne.jp>
Commit: 6cc6ec01918f75a6b74b3243db3e907b48e117c9
https://github.com/lxc/lxc/commit/6cc6ec01918f75a6b74b3243db3e907b48e117c9
Author: Kien Truong <duckientruong at gmail.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/cgfs.c
M src/lxc/cgmanager.c
M src/lxc/conf.c
M src/lxc/conf.h
Log Message:
-----------
Sort the cgroup memory settings before applying.
Add a function to sort the cgroup settings before applying.
Currently, the function will put memory.memsw.limit_in_bytes after
memory.limit_in_bytes setting so the container will start
regardless of the order specified in the input. Fix #453
Signed-off-by: Kien Truong <duckientruong at gmail.com>
Commit: 89f252631ce104025e86b8428eb0e63b87d12b71
https://github.com/lxc/lxc/commit/89f252631ce104025e86b8428eb0e63b87d12b71
Author: Kien Truong <duckientruong at gmail.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/cgfs.c
M src/lxc/cgmanager.c
M src/lxc/conf.c
Log Message:
-----------
Check malloc failure when sorting cgroup settings.
Signed-off-by: Kien Truong <duckientruong at gmail.com>
Commit: b0acb49902775fbc3a8286a52292e5b6c81e3b3b
https://github.com/lxc/lxc/commit/b0acb49902775fbc3a8286a52292e5b6c81e3b3b
Author: Kien Truong <duckientruong at gmail.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/cgfs.c
M src/lxc/cgmanager.c
Log Message:
-----------
Properly free memory of sorted cgroup settings
We need to use lxc_list_for_each_safe, otherwise de-allocation
will fail with a list size bigger than 2. The pointer to the head
of the list also need freeing after we've freed all other elements
of the list.
Signed-off-by: Kien Truong <duckientruong at gmail.com>
Commit: 07eeec68175a80d0b5529515bbc2ea41c3fb944e
https://github.com/lxc/lxc/commit/07eeec68175a80d0b5529515bbc2ea41c3fb944e
Author: Martin Pitt <martin.pitt at ubuntu.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M config/init/systemd/lxc-apparmor-load
M config/init/upstart/lxc.conf
Log Message:
-----------
Call /lib/apparmor/profile-load directly instead of the wrapper
AppArmor ships /lib/apparmor/profile-load. /lib/init/apparmor-profile-load is
merely a wrapper which calls the former, so just call it directly to avoid the
dependency on the wrapper.
LP: #1432683
Commit: 89570b1285379d150dd13daf1691db040aa6317e
https://github.com/lxc/lxc/commit/89570b1285379d150dd13daf1691db040aa6317e
Author: Karl-Philipp Richter <krichter722 at aol.de>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M .gitignore
Log Message:
-----------
added doc/api/doxygen_sqlite3.db to .gitignore
Signed-off-by: Karl-Philipp Richter <krichter722 at aol.de>
Commit: b76ccb19507f78144608ff43e328d6da0ee166cd
https://github.com/lxc/lxc/commit/b76ccb19507f78144608ff43e328d6da0ee166cd
Author: Cyril Bitterich <Cyril.Bitterich at 1und1.de>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M templates/lxc-debian.in
Log Message:
-----------
lxc-debian.in: Fixed errors if dbus is not installed
The lxc-debian template debootstraps a minimum debian system which does not contain dbus.
If systemd is used this will result in getty-static.service to be used instead of getty@ .
The systemd default files uses 6 tty's instead of the 4 the script creates.
This will lead to repeated error messages in the systemd journal.
Signed-off-by: Cyril Bitterich <Cyril.Bitterich at 1und1.de>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: ea26a2c925807a70bf3eba2735ef3fa95dc60be5
https://github.com/lxc/lxc/commit/ea26a2c925807a70bf3eba2735ef3fa95dc60be5
Author: Lucas Werkmeister <mail at lucaswerkmeister.de>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M config/bash/lxc.in
Log Message:
-----------
Use POSIX-compliant function names in bash completion
When running in posix mode (for example, because it was invoked as `sh`,
or with the --posix option), bash rejects the function names previously
used because they contain hyphens, which are not legal POSIX names, and
exits immediately.
This is a particularly serious problem on a system in which the
following three conditions hold:
1. The `sh` executable is provided by bash, e. g. via a symlink
2. Gnome Display Manager is used to launch X sessions
3. Bash completion is loaded in the (system or user) profile file
instead of in the bashrc file
In that case, GDM's Xsession script (run with `sh`, i. e., bash in posix
mode) sources the profile files, thus causing the shell to load the bash
completion files. Upon encountering the non-POSIX-compliant function
names, bash would then exit, immediately ending the X session.
Fixes #521.
Signed-off-by: Lucas Werkmeister <mail at lucaswerkmeister.de>
Commit: 96c29b276cb34fe764a52cc786662d2590d66fe3
https://github.com/lxc/lxc/commit/96c29b276cb34fe764a52cc786662d2590d66fe3
Author: Erik B. Andersen <erik.b.andersen at gmail.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/bdev.c
Log Message:
-----------
Change lxc-clone to use 'rsync -aH' instead of just 'rsync -a' for cloning to fix Launchpad Bug #1441307.
Signed-off-by: Erik B. Andersen <erik.b.andersen at gmail.com>
Commit: d6723beecd2170536c75eb8ce8429460d30fd164
https://github.com/lxc/lxc/commit/d6723beecd2170536c75eb8ce8429460d30fd164
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/conf.c
Log Message:
-----------
coverity: free 'result' in error case.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Commit: 8f642124d0d762a80c11a872ca4aa10ca389005e
https://github.com/lxc/lxc/commit/8f642124d0d762a80c11a872ca4aa10ca389005e
Author: 有张纸 <fanyeren at gmail.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M templates/lxc-debian.in
Log Message:
-----------
Update lxc-debian.in
fix "bash: warning: setlocale: LC_ALL: cannot change locale"
Signed-off-by: <feng xiahou xiahoufeng at yahoo.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: 7a09b8aaebed9043b89939e136802d09771965cd
https://github.com/lxc/lxc/commit/7a09b8aaebed9043b89939e136802d09771965cd
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/Makefile.am
M src/lxc/bdev.c
M src/lxc/bdev.h
A src/lxc/initutils.c
A src/lxc/initutils.h
M src/lxc/lxc_init.c
M src/lxc/utils.c
M src/lxc/utils.h
Log Message:
-----------
lxc-destroy: remove btrfs subvolumes
Doing this requires some btrfs functions from bdev to be used in
utils.c Because utils.h is imported by lxc_init.c, I had to create
a new initutils.[ch] which are used by both lxc_init.c and utils.c
We could instead put the btrfs functions into utils.c, which would
be a shorter patch, but it really doesn't belong there. So I went
the other way figuring there may be more such cases coming up of
fns in utils.c needing code from bdev.c which can't go into lxc_init.
Currently, if we detect a btrfs subvolume we just remove it. The
st_dev on that dir is different, so we cannot detect if this is
bound in from another fs easily. If we care, we should check
whether this is a mountpoint, this patch doesn't do that.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: d4099be46a618f9f37fbacc5d8e5b00e420e7b45
https://github.com/lxc/lxc/commit/d4099be46a618f9f37fbacc5d8e5b00e420e7b45
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/cgmanager.c
Log Message:
-----------
make cgmanager follow lxc.cgroup.use
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: aa3ffd11b423d42d26032e28b91f1053211a300e
https://github.com/lxc/lxc/commit/aa3ffd11b423d42d26032e28b91f1053211a300e
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/cgmanager.c
Log Message:
-----------
Use 'cgm listcontrollers' list rather than /proc/self/cgroups
to populate the list of subsystems to use.
Cgmanager can be started with some subsystems disabled (i.e.
cgmanager -M cpuset). If lxc using cgmanager then uses the
/proc/self/cgroup output to determine which controllers to use,
it will fail when trying to do things to cpuset. Instead, ask
cgmanager which controllers to use.
This still defers (per patch 1/1) to the lxc.cgroup.use values.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: 4da78c08386a03d7212461f8736ec07cc7ab8574
https://github.com/lxc/lxc/commit/4da78c08386a03d7212461f8736ec07cc7ab8574
Author: Tycho Andersen <tycho.andersen at canonical.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/criu.c
Log Message:
-----------
c/r: complain when criu isn't exec()'d correctly
Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Commit: 45839a753e8f08c0d01de1c0f282454592d92f9c
https://github.com/lxc/lxc/commit/45839a753e8f08c0d01de1c0f282454592d92f9c
Author: S.Çağlar Onur <caglar at 10ur.org>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M .travis.yml
Log Message:
-----------
enable cgmanager support for Travis CI
Signed-off-by: S.Çağlar Onur <caglar at 10ur.org>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: 65536b4a689619cd57434c106f48976a835693cd
https://github.com/lxc/lxc/commit/65536b4a689619cd57434c106f48976a835693cd
Author: KATOH Yasufumi <karma at jazz.email.ne.jp>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M doc/ja/lxc.container.conf.sgml.in
Log Message:
-----------
doc: Fix the mistranslation about lxc.group in Japanese lxc.container.conf(5)
Signed-off-by: KATOH Yasufumi <karma at jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: b0b8a0d98f9557bc712af9432b59440142b1c6f4
https://github.com/lxc/lxc/commit/b0b8a0d98f9557bc712af9432b59440142b1c6f4
Author: KATOH Yasufumi <karma at jazz.email.ne.jp>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M doc/ja/lxc-autostart.sgml.in
M doc/lxc-autostart.sgml.in
Log Message:
-----------
doc: Update the description of -L option in lxc-autostart(1)
Add the description about displaying the value of wait delays for -L
option
Signed-off-by: KATOH Yasufumi <karma at jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: 8af7999b994c815f3849249edef080e5dd2cd9fe
https://github.com/lxc/lxc/commit/8af7999b994c815f3849249edef080e5dd2cd9fe
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/attach.c
M src/lxc/conf.c
M src/lxc/utils.c
M src/lxc/utils.h
Log Message:
-----------
attach: mount a sane prox for LSM setup
To set lsm labels, a namespace-local proc mount is needed.
If a container does not have a lxc.mount.auto = proc set, then
tasks in the container do not have a correct /proc mount until
init feels like doing the mount. At startup we handlie this
by mounting a temporary /proc if needed. We weren't doing this
at attach, though, so that
lxc-start -n $container
lxc-wait -t 5 -s RUNNING -n $container
lxc-attach -n $container -- uname -a
could in a racy way fail with something like
lxc-attach: lsm/apparmor.c: apparmor_process_label_set: 183 No such file or directory - failed to change apparmor profile to lxc-container-default
Thanks to Chris Townsend for finding this bug at
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1452451
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: b18076d297a51cc76b15d12e53734a03f9050fb6
https://github.com/lxc/lxc/commit/b18076d297a51cc76b15d12e53734a03f9050fb6
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/utils.c
Log Message:
-----------
proc update - don't assume we are pid 1
(I erred in the first patch, causing every lxc-attach to unmount the
container-'s /proc)
Since we now use mount_proc_if_needed() from attach, as opposed to only
from start, we cannot assume we are pid 1. So fix the check for whether
to mount a new proc.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: f216b3dd11e2010c787f8a3d093300dc06b487dc
https://github.com/lxc/lxc/commit/f216b3dd11e2010c787f8a3d093300dc06b487dc
Author: KATOH Yasufumi <karma at jazz.email.ne.jp>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/bdev.c
Log Message:
-----------
aufs: Support unprivileged clone, mount
Current aufs supports FS_USERNS_MOUNT by using allow_userns module
parameter. It allows root in userns to mount aufs.
This patch allows an unprivileged container to use aufs. The value of
xino option is changed to /dev/shm/aufs.xino that an unpriv user can
write.
Signed-off-by: KATOH Yasufumi <karma at jazz.email.ne.jp>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Commit: 419239829fe09c06f405226d7320bd2516cf88cd
https://github.com/lxc/lxc/commit/419239829fe09c06f405226d7320bd2516cf88cd
Author: Dwight Schauer <das at teegra.net>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M templates/lxc-centos.in
Log Message:
-----------
The yum in Centos 5.11 does not know about '--releasever', which is used by: lxc-create ... -- release=VERSION
The release version only needs to be set in the outer bootstrap, not the inner one.
With this change an lxc-create bootstrap of CentOS 5.11 completes enough to be usable.
CentOS 5.11 containers can be created, started, stopped, and networking works.
Signed-off-by: Dwight Schauer <das at teegra.net>
Commit: bf1a48dd5325cbe011ada80d18304a7ba13a5498
https://github.com/lxc/lxc/commit/bf1a48dd5325cbe011ada80d18304a7ba13a5498
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/lxccontainer.h
Log Message:
-----------
Fix ABI compatibility
Until we bump the SONAME to liblxc2, only symbol additions and struct
member additions are allowed.
Adding struct members in the middle of the struct breaks backward
compatibility.
This commit makes it clear when struct members were added and moves a
few members that were added in the middle of the 1.0 struct to the end
of it.
Note that unfortunately that means we're breaking backward compatibility
between LXC 1.1.0 and the state after this commit, given 1.1 is
reasonably new, this is the least damaging way of fixing the problem.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Commit: 02f3244fcdec0255597ba2a077e73c9512c5900a
https://github.com/lxc/lxc/commit/02f3244fcdec0255597ba2a077e73c9512c5900a
Author: Tycho Andersen <tycho.andersen at canonical.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/criu.c
Log Message:
-----------
c/r: remember to clean up pidfile
When restoring, we didn't clean up the pidfile that criu uses to pass us the
init pid on error or success; let's do that.
Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Commit: 499b4e1cf30319cdf1eec439131f5b26b8f31e24
https://github.com/lxc/lxc/commit/499b4e1cf30319cdf1eec439131f5b26b8f31e24
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/cgmanager.c
Log Message:
-----------
cgmanager: attach: never use 'all' controller
We were using 'all' controller if current was in all the
same cgroup. That doesn't suffice. We'd have to check
the target. At that point we may as well just attach
controller by controller.
An optimization to consider is to check the /proc/initpid/cgroup
for all identical controllers. Let's start by just getting it
right.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: c38cc1eb28370c3f75448ac9f61c91980cf62c89
https://github.com/lxc/lxc/commit/c38cc1eb28370c3f75448ac9f61c91980cf62c89
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/lxccontainer.c
Log Message:
-----------
api_start: always close fds 0-2 when daemonized
commit 507cee3618237d3 moved the close and re-open of fds 0-2 into
do_start. But this means that the lxc monitor itself keeps the
caller's fds 0-2 open, which is wrong for daemonized containers.
Closes #548
Reported-by: Mathieu Le Marec - Pasquet <kiorky at cryptelium.net>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: 89c80fbd1a0b67992c5da39d8f83f1dcf8298113
https://github.com/lxc/lxc/commit/89c80fbd1a0b67992c5da39d8f83f1dcf8298113
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M configure.ac
M src/lxc/cgmanager.c
Log Message:
-----------
detect whether cgmanager_list_controllers is available
and don't use it if not. This fixes failure to build with older
cgmanager.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: 0fd79e922f32498cb3be3e009925064504f695a5
https://github.com/lxc/lxc/commit/0fd79e922f32498cb3be3e009925064504f695a5
Author: Tycho Andersen <tycho.andersen at canonical.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/criu.c
Log Message:
-----------
don't hardcode the path to criu when checking versions
We use the right path when actually execing criu to checkpoint and restore, but
when checking versions we didn't. Let's use the right path.
Reported-by: Dietmar Maurer <dietmar at proxmox.com>
Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: 4626937cf0cdd9d8d81e04b641d735e9ecdc796f
https://github.com/lxc/lxc/commit/4626937cf0cdd9d8d81e04b641d735e9ecdc796f
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/bdev.c
Log Message:
-----------
Define MS_REC and MS_SLAVE for Android in bdev.c
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: 8f95eee653f26bd57332a1eddb0adbd1845e2f07
https://github.com/lxc/lxc/commit/8f95eee653f26bd57332a1eddb0adbd1845e2f07
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/cgfs.c
Log Message:
-----------
Define MS_RELATIME for Android
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: f2a740fde139e37968779572f0ccbc2b3324d851
https://github.com/lxc/lxc/commit/f2a740fde139e37968779572f0ccbc2b3324d851
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/bdev.c
M src/lxc/bdev.h
M src/lxc/cgfs.c
Log Message:
-----------
Revert bdev.h to the way it was
Instead of re-defining MS_ options all over the place, just revert the
last change to bdev.h so we have all the defines in there again.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: 8b9ff68094ede823d58c85fd0f27ad378a6901dd
https://github.com/lxc/lxc/commit/8b9ff68094ede823d58c85fd0f27ad378a6901dd
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/bdev.h
Log Message:
-----------
Fix bdev.h
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: 67c573f48b501aef47e70cbde78b5eab2a35f604
https://github.com/lxc/lxc/commit/67c573f48b501aef47e70cbde78b5eab2a35f604
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/cgmanager.c
Log Message:
-----------
coverity: fix use-after-free in cgmanager.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Commit: 2af441f1dc45b85a428d4414dd1a29781ddac541
https://github.com/lxc/lxc/commit/2af441f1dc45b85a428d4414dd1a29781ddac541
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/criu.c
Log Message:
-----------
coverity: don't risk exec()ing NULL
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Commit: 087c5f0c015c69f667482cc10d491ce2cb257659
https://github.com/lxc/lxc/commit/087c5f0c015c69f667482cc10d491ce2cb257659
Author: Laurence Rowe <l at lrowe.co.uk>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/tests/lxc-test-checkpoint-restore
Log Message:
-----------
Wait on correct container name
Signed-off-by: Laurence Rowe <l at lrowe.co.uk>
Commit: d55fa2509f190b773f2c9f4f2b66bd2482ff25ec
https://github.com/lxc/lxc/commit/d55fa2509f190b773f2c9f4f2b66bd2482ff25ec
Author: Daniel Golle <daniel at makrotopia.org>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/monitor.c
Log Message:
-----------
fix build on mpc85xx
Initialize ret to 0 so compiler no longer complains about
monitor.c: In function 'lxc_monitor_open':
monitor.c:212:5: error: 'ret' may be used uninitialized in this function [-Werror=maybe-uninitialized]
https://github.com/openwrt/packages/issues/1356
Signed-off-by: Daniel Golle <daniel at makrotopia.org>
Commit: be6a3f53cd1f4ec7755f5c4d5027839bdb9fd932
https://github.com/lxc/lxc/commit/be6a3f53cd1f4ec7755f5c4d5027839bdb9fd932
Author: Sungbae Yoo <sungbae.yoo at samsung.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/confile.c
Log Message:
-----------
config: miscellaneous signals for lxc.*signal
Signed-off-by: Sungbae Yoo <sungbae.yoo at samsung.com>
Commit: 2f060d5fd19997a178acf2ae5f4375ac1e01b5c3
https://github.com/lxc/lxc/commit/2f060d5fd19997a178acf2ae5f4375ac1e01b5c3
Author: Tycho Andersen <tycho.andersen at canonical.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/criu.c
Log Message:
-----------
c/r: use fclose instead of close
We're leaking the FILE* here while closing the underlying fd; let's just
close the file and thus close both.
Reported-by: Coverity
Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Commit: b1447045dda26434d861b3ee1f38c63d1fd2c286
https://github.com/lxc/lxc/commit/b1447045dda26434d861b3ee1f38c63d1fd2c286
Author: Tycho Andersen <tycho.andersen at canonical.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/criu.c
Log Message:
-----------
c/r: remove unused variable mnts
Reported-by: Coverity
Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Commit: 6d4a12a3acca6bc237bb454a291f9685fbe21031
https://github.com/lxc/lxc/commit/6d4a12a3acca6bc237bb454a291f9685fbe21031
Author: Tycho Andersen <tycho.andersen at canonical.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/utils.h
Log Message:
-----------
move utils.h #endif to end of file
Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Commit: d92577ffcede99e510758b1e2bcd7d06f02e8dd9
https://github.com/lxc/lxc/commit/d92577ffcede99e510758b1e2bcd7d06f02e8dd9
Author: Tycho Andersen <tycho.andersen at canonical.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/bdev.c
M src/lxc/lxccontainer.c
M src/lxc/monitor.c
M src/lxc/start.c
M src/lxc/utils.c
M src/lxc/utils.h
Log Message:
-----------
uniformly nullify std fds
In various places throughout the code, we want to "nullify" the std fds,
opening them to /dev/null or zero or so. Instead, let's unify this code and do
it in such a way that Coverity (probably) won't complain.
v2: use /dev/null for stdin as well
v3: add a comment about use of C's short circuiting
v4: axe comment, check errors on dup2, s/quiet/need_null_stdfds
Reported-by: Coverity
Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Commit: d9d1d83017914f94d5fb617758827e28408de4d2
https://github.com/lxc/lxc/commit/d9d1d83017914f94d5fb617758827e28408de4d2
Author: 有张纸 <fanyeren at gmail.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M templates/lxc-oracle.in
Log Message:
-----------
Update lxc-oracle.in
Commit: ba29eca75ec6b9e51593ca481616810b57c8f936
https://github.com/lxc/lxc/commit/ba29eca75ec6b9e51593ca481616810b57c8f936
Author: Dennis Schridde <devurandom at gmx.net>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M config/templates/gentoo.moresecure.conf.in
Log Message:
-----------
Fix creation of dev/mqueue and dev/shm on Gentoo
The dev/mqueue and dev/shm directories do not exist when using lxc.autodev, thus they have to be created upon mount.
Signed-off-by: Dennis Schridde <devurandom at gmx.net>
Commit: 596fbe83c05addc505c2dc6528480bb173e667bf
https://github.com/lxc/lxc/commit/596fbe83c05addc505c2dc6528480bb173e667bf
Author: Sungbae Yoo <sungbae.yoo at samsung.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M doc/ja/lxc-autostart.sgml.in
M doc/ja/lxc-config.sgml.in
M doc/ja/lxc-destroy.sgml.in
M doc/ja/lxc-snapshot.sgml.in
M doc/ja/lxc-user-nic.sgml.in
M doc/ja/lxc-usernet.sgml.in
M doc/ja/lxc-usernsexec.sgml.in
M doc/ja/lxc.conf.sgml.in
M doc/ja/lxc.system.conf.sgml.in
Log Message:
-----------
doc: Translate untranslated section titles in Japanese man pages
Signed-off-by: Sungbae Yoo <sungbae.yoo at samsung.com>
Commit: 53fbefc5af2850c40b7077e781f9658ab0a7b1fd
https://github.com/lxc/lxc/commit/53fbefc5af2850c40b7077e781f9658ab0a7b1fd
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/lxccontainer.c
Log Message:
-----------
daemonized start: exit children on failure, don't return
When starting a daemonized container, only the original parent
thread should return to the caller. The first forked child
immediately exits after forking, but the grandparent child
was in some places returning on error - causing a second instance
of the calling function.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Tycho Andersen <tycho.andersen at canonical.com>
Commit: 39fdd403c01103a7463b05cfd592e73cf723a878
https://github.com/lxc/lxc/commit/39fdd403c01103a7463b05cfd592e73cf723a878
Author: Dennis Schridde <devurandom at gmx.net>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M config/templates/gentoo.moresecure.conf.in
Log Message:
-----------
Adopt capability drop explanations from other distros on Gentoo, drop setpcap,sys_nice caps
Documents setpcap,sys_admin,sys_resources as breaking systemd, but does not drop them from lxc.cap.drop, as the default init system on Gentoo is OpenRC, thus stuff breaking systemd can be blocked anyway.
This also drops setpcap and sys_nice caps, as these are also dropped in other non-systemd distros.
Most of the explanatory blurb was copied from other distros' configs.
See-Also: https://bugs.gentoo.org/show_bug.cgi?id=551792
Signed-Off-By: Dennis Schridde <devurandom at gmx.net>
Commit: e0f27e08bbed08b35923d6e5609f0867447af03f
https://github.com/lxc/lxc/commit/e0f27e08bbed08b35923d6e5609f0867447af03f
Author: Lenz Grimmer <lenz at grimmer.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M templates/lxc-centos.in
M templates/lxc-fedora.in
M templates/lxc-oracle.in
Log Message:
-----------
use `hostname` for DHCP_HOSTNAME in ifcfg-eth0
Updated centos/fedora/oracle templates to use `hostname` for DHCP_HOSTNAME in
/etc/sysconfig/network/ifcfg-eth0, so the container's host name is propagated
to the host's DHCP server (e.g. dnsmasq, which also acts as the DNS server).
This resolves lxc/lxd#756
Signed-off-by: Lenz Grimmer <lenz at grimmer.com>
Commit: 52c702cfb43cf54e0bf001390eaa3089fc2d11e4
https://github.com/lxc/lxc/commit/52c702cfb43cf54e0bf001390eaa3089fc2d11e4
Author: 有张纸 <fanyeren at gmail.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M config/templates/centos.common.conf.in
Log Message:
-----------
Update centos.common.conf.in
systemd services like logind and journald need CAP_SETFCAP CAP_SETPCAP
Commit: bea12c50b85722530c9b5ab1cd48fdac628f967b
https://github.com/lxc/lxc/commit/bea12c50b85722530c9b5ab1cd48fdac628f967b
Author: Arjun Sreedharan <arjun024 at gmail.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/lxc_monitor.c
Log Message:
-----------
lxc_monitor: fix memory leak on @fds and close fds
also label and consolidate error conditions for
better readability
Signed-off-by: Arjun Sreedharan <arjun024 at gmail.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Commit: 053daca25dc73a440b5c7cbc89f13708dbd0e321
https://github.com/lxc/lxc/commit/053daca25dc73a440b5c7cbc89f13708dbd0e321
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M config/init/common/lxc-net.in
Log Message:
-----------
lxc-net: Use iproute and relative paths everywhere (V2)
V2 changes:
- Keep using /var/lib for the lease file, but making it respect localstatedir
- Don't pass an empty --conf-file as that confuses dnsmasq when
/etc/dnsmasq.conf doesn't exist or isn't readable.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Commit: b27be6f140837edb2e0f927d67fd0d974312c6e5
https://github.com/lxc/lxc/commit/b27be6f140837edb2e0f927d67fd0d974312c6e5
Author: 有张纸 <fanyeren at gmail.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M templates/lxc-debian.in
Log Message:
-----------
debootstrap failed when $GREP_OPTIONS is set
debootstrap failed when $GREP_OPTIONS is set, so we need to unset it in the template
Signed-off-by: <feng xiahou xiahoufeng at yahoo.com>
Commit: ab94359c92c46c16987b5c32b1e1f93db25977d7
https://github.com/lxc/lxc/commit/ab94359c92c46c16987b5c32b1e1f93db25977d7
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M config/init/systemd/lxc.service.in
Log Message:
-----------
systemd: fix lxc-containers vs lxc-net ordering (v3)
Per pitti's suggestion, use After= to force lxc to wait for lxc-net to finish
running.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Reviewed-By: Martin Pitt <martin.pitt at ubuntu.com>
Commit: 58b46c0f1599a6590b388ed40fedc0cc7888371c
https://github.com/lxc/lxc/commit/58b46c0f1599a6590b388ed40fedc0cc7888371c
Author: KATOH Yasufumi <karma at jazz.email.ne.jp>
Date: 2015-07-01 (Wed, 01 Jul 2015)
Changed paths:
M src/lxc/lxc-start-ephemeral.in
Log Message:
-----------
Support unprivileged ephemeral container using aufs
As the commit 31a882e, an unprivileged container can use aufs.
This patch removes the check for unpriv aufs, and change the path of
xino file as an unprivileged user can mount aufs.
Signed-off-by: KATOH Yasufumi <karma at jazz.email.ne.jp>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Compare: https://github.com/lxc/lxc/compare/17f48b9679b2...58b46c0f1599
More information about the lxc-devel
mailing list