[lxc-devel] [lxc/lxc] 6b3ed3: lxc-start-ephemeral: Parse passwd directly

GitHub noreply at github.com
Wed Oct 14 20:51:06 UTC 2015


  Branch: refs/heads/stable-1.0
  Home:   https://github.com/lxc/lxc
  Commit: 6b3ed343a2325aed6e0261d2245ff2992899be8a
      https://github.com/lxc/lxc/commit/6b3ed343a2325aed6e0261d2245ff2992899be8a
  Author: Colin Watson <cjwatson at ubuntu.com>
  Date:   2015-10-07 (Wed, 07 Oct 2015)

  Changed paths:
    M src/lxc/lxc-start-ephemeral.in

  Log Message:
  -----------
  lxc-start-ephemeral: Parse passwd directly

On Ubuntu 15.04, lxc-start-ephemeral's call to pwd.getpwnam always
fails.  While I haven't been able to prove it or track down an exact
cause, I strongly suspect that glibc does not guarantee that you can
call NSS functions after a context switch without re-execing.  (Running
"id root" in a subprocess from the same point works fine.)

It's safer to use getent to extract the relevant line from the passwd
file and parse it directly.

Signed-off-by: Colin Watson <cjwatson at ubuntu.com>


  Commit: 571a65bed4e243a462f4671104cc4deb9b6a6594
      https://github.com/lxc/lxc/commit/571a65bed4e243a462f4671104cc4deb9b6a6594
  Author: Bogdan Purcareata <bogdan.purcareata at freescale.com>
  Date:   2015-10-07 (Wed, 07 Oct 2015)

  Changed paths:
    M src/lxc/seccomp.c

  Log Message:
  -----------
  seccomp: add aarch64 support

Enable aarch64 seccomp support for LXC containers running on ARM64
architectures. Tested with libseccomp 2.2.0 and the default seccomp
policy example files delivered with the LXC package.

Signed-off-by: Bogdan Purcareata <bogdan.purcareata at freescale.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>


  Commit: 377acfc692a53c48d45c08bebcf43e6d4bccf17e
      https://github.com/lxc/lxc/commit/377acfc692a53c48d45c08bebcf43e6d4bccf17e
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2015-10-07 (Wed, 07 Oct 2015)

  Changed paths:
    M src/tests/lxc-test-symlink

  Log Message:
  -----------
  lxc-test-symlink: add a test using absolute symlink

This would have caught the regression last night.

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: 906c1e6d3c06d25969fa9fabe0d85732e46a48df
      https://github.com/lxc/lxc/commit/906c1e6d3c06d25969fa9fabe0d85732e46a48df
  Author: KATOH Yasufumi <karma at jazz.email.ne.jp>
  Date:   2015-10-07 (Wed, 07 Oct 2015)

  Changed paths:
    M doc/ja/lxc.container.conf.sgml.in

  Log Message:
  -----------
  doc: Add the note related mount in Japanese lxc.container.conf(5)

Update for commit 592fd47

Signed-off-by: KATOH Yasufumi <karma at jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: 2e63b88ed4107c1ac83deca6ea85cb86984b0434
      https://github.com/lxc/lxc/commit/2e63b88ed4107c1ac83deca6ea85cb86984b0434
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2015-10-07 (Wed, 07 Oct 2015)

  Changed paths:
    M src/lxc/conf.c

  Log Message:
  -----------
  lxc_mount_auto_mounts: fix weirdness

The default_mounts[i].destination is never NULL except in the last
'stop here' entry.  Coverity doesn't know about that and so is spewing
a warning.  In any case, let's add a more stringent check in case someone
accidentally adds a NULL there later.

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: a39f6dd056550b61638e4e18300929af8939aadf
      https://github.com/lxc/lxc/commit/a39f6dd056550b61638e4e18300929af8939aadf
  Author: Stéphane Graber <stgraber at ubuntu.com>
  Date:   2015-10-07 (Wed, 07 Oct 2015)

  Changed paths:
    M src/lxc/conf.c

  Log Message:
  -----------
  Fix the type of i in lxc_mount_auto_mounts

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: ebf92c86e8d7ead10a3f9d5a78a552da92279c5a
      https://github.com/lxc/lxc/commit/ebf92c86e8d7ead10a3f9d5a78a552da92279c5a
  Author: Christian Brauner <christianvanbrauner at gmail.com>
  Date:   2015-10-07 (Wed, 07 Oct 2015)

  Changed paths:
    M src/lxc/conf.c

  Log Message:
  -----------
  Make overlayfs mounts work directly

When users wanted to mount overlay directories with lxc.mount.entry they had to
create upperdirs and workdirs beforehand in order to mount them. To create it
for them we add the functions mount_entry_create_overlay_dirs() and
mount_entry_create_aufs_dirs() which do this for them. User can now simply
specify e.g.:
   lxc.mount.entry = /lower merged overlay lowerdir=/lower,upper=/upper,workdir=/workdir,create=dir

and /upper and /workdir will be created for them. /upper and /workdir need to
be absolute paths to directories which are created under the containerdir (e.g.
under $lxcpath/CONTAINERNAME/). Relative mountpoints, mountpoints outside the
containerdir, and mountpoints within the container's rootfs are ignored. (The
latter *might* change in the future should it be considered safe/useful.)

Specifying
   lxc.mount.entry = /lower merged overlay lowerdir=/lower:/lower2,create=dir

will lead to a read-only overlay mount in accordance with the
kernel-documentation.

Specifying
   lxc.mount.entry = /lower merged overlay lowerdir=/lower,create=dir

will fail when no upperdir and workdir options are given.

Signed-off-by: Christian Brauner <christianvanbrauner at gmail.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>


  Commit: ff3bdd2356cd75b5ea5ed389f27853cd83d1b5dc
      https://github.com/lxc/lxc/commit/ff3bdd2356cd75b5ea5ed389f27853cd83d1b5dc
  Author: Wolfgang Bumiller <w.bumiller at proxmox.com>
  Date:   2015-10-07 (Wed, 07 Oct 2015)

  Changed paths:
    M src/lxc/start.c

  Log Message:
  -----------
  start.c:preserve_ns: added pid parameter

Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>


  Commit: 063a6e2312144e79993e4955d5f40ea01b10667d
      https://github.com/lxc/lxc/commit/063a6e2312144e79993e4955d5f40ea01b10667d
  Author: Wolfgang Bumiller <w.bumiller at proxmox.com>
  Date:   2015-10-07 (Wed, 07 Oct 2015)

  Changed paths:
    M src/lxc/start.c
    M src/lxc/start.h

  Log Message:
  -----------
  preserve container namespace

Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>


  Commit: c94ee7a0d54d189713c0d4775e8f8fbd27dc0e2a
      https://github.com/lxc/lxc/commit/c94ee7a0d54d189713c0d4775e8f8fbd27dc0e2a
  Author: Stéphane Graber <stgraber at ubuntu.com>
  Date:   2015-10-14 (Wed, 14 Oct 2015)

  Changed paths:
    M config/apparmor/abstractions/start-container
    M config/apparmor/profiles/lxc-default-with-nesting

  Log Message:
  -----------
  apparmor: Sync with current git master

This makes stable-1.0, stable-1.1 and master all be in sync with regard
to apparmor. This has the nice added benefit of fixing an apparmor
regression with /dev/pts handling in some older kernels.

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>


Compare: https://github.com/lxc/lxc/compare/27ec06f902d4...c94ee7a0d54d


More information about the lxc-devel mailing list