[lxc-devel] [lxc/lxc] a8164a: confile: clear lxc.network.<n>.ipv{4, 6} when empty

GitHub noreply at github.com
Mon Mar 20 21:48:15 UTC 2017 

  Branch: refs/heads/stable-1.0
  Home:   https://github.com/lxc/lxc
  Commit: a8164a74ff49466851f2fbb4f0cb78906793405b
      https://github.com/lxc/lxc/commit/a8164a74ff49466851f2fbb4f0cb78906793405b
  Author: Christian Brauner <christian.brauner at ubuntu.com>
  Date:   2017-03-20 (Mon, 20 Mar 2017)

  Changed paths:
    M src/lxc/confile.c

  Log Message:
  -----------
  confile: clear lxc.network.<n>.ipv{4,6} when empty

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>


  Commit: fef913379838ba1160b0fa9d29ddbec454004de6
      https://github.com/lxc/lxc/commit/fef913379838ba1160b0fa9d29ddbec454004de6
  Author: Adam Borowski <kilobyte at angband.pl>
  Date:   2017-03-20 (Mon, 20 Mar 2017)

  Changed paths:
    M src/lxc/seccomp.c

  Log Message:
  -----------
  seccomp: allow x32 guests on amd64 hosts.

Without this patch, x32 guests (and no others) worked "natively" with x32
host lxc, but not on regular amd64 hosts.  That was especially problematic
as a number of ioctls such as those needed by netfilter don't work in such
scenarios, thus you want to run amd64 on the host.

With the patch, you can use all three ABIs: i386 x32 amd64 on amd64 hosts.

Despite x32 being little used, there's no reason to deny it by default:
the admin needs to compile their own kernel with CONFIG_X86_X32=y or (on
Debian) boot with syscall.x32=y.  If they've done so, it is a reasonable
assumption they want x32 guests.

Signed-off-by: Adam Borowski <kilobyte at angband.pl>


  Commit: 51f338c3fd802914038171dd5e03d572ff4ffb87
      https://github.com/lxc/lxc/commit/51f338c3fd802914038171dd5e03d572ff4ffb87
  Author: Evgeni Golov <evgeni at debian.org>
  Date:   2017-03-20 (Mon, 20 Mar 2017)

  Changed paths:
    M templates/lxc-debian.in

  Log Message:
  -----------
  squeeze is not a supported release anymore, drop the key

Signed-off-by: Evgeni Golov <evgeni at debian.org>


  Commit: 48318e1b3d6aad5ceb31fb6a5502fa4f996bce5a
      https://github.com/lxc/lxc/commit/48318e1b3d6aad5ceb31fb6a5502fa4f996bce5a
  Author: Serge Hallyn <serge at hallyn.com>
  Date:   2017-03-20 (Mon, 20 Mar 2017)

  Changed paths:
    M src/lxc/seccomp.c

  Log Message:
  -----------
  seccomp: set SCMP_FLTATR_ATL_TSKIP if available

Newer libseccomp has a flag called SCMP_FLTATR_ATL_TSKIP which
allows syscall '-1' (nop) to be executed.  Without that flag,
debuggers cannot skip system calls inside containers.  For reference,
see the seccomp(2) manpage, which says:

	The tracer can skip the system call by changing the system call  number  to  -1.

and see the seccomp issue #80

Signed-off-by: Serge Hallyn <serge at hallyn.com>


  Commit: 07333ed70a4e18dbad4863a90707b588739a13f7
      https://github.com/lxc/lxc/commit/07333ed70a4e18dbad4863a90707b588739a13f7
  Author: Serge Hallyn <serge at hallyn.com>
  Date:   2017-03-20 (Mon, 20 Mar 2017)

  Changed paths:
    M src/lxc/lxc-checkconfig.in

  Log Message:
  -----------
  lxc-checkconfig: verify new[ug]idmap are setuid-root

Signed-off-by: Serge Hallyn <serge at hallyn.com>


  Commit: baac6d8b3fd1b1d75aaf6030cf0215f4d6117259
      https://github.com/lxc/lxc/commit/baac6d8b3fd1b1d75aaf6030cf0215f4d6117259
  Author: Stéphane Graber <stgraber at ubuntu.com>
  Date:   2017-03-20 (Mon, 20 Mar 2017)

  Changed paths:
    M src/python-lxc/lxc.c

  Log Message:
  -----------
  python3: Deal with potential NULL char*

Closes #1466

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: ec7a8f7cde3069d6ccd90ef6be11b36553316fdc
      https://github.com/lxc/lxc/commit/ec7a8f7cde3069d6ccd90ef6be11b36553316fdc
  Author: Tai Kedzierski <dch.tai at gmail.com>
  Date:   2017-03-20 (Mon, 20 Mar 2017)

  Changed paths:
    M templates/lxc-download.in

  Log Message:
  -----------
  lxc-download.in / allow setting keyserver from env

Checks if DOWNLOAD_KEYSERVER has already been set in the environment before setting a value

Signed-off-by: Tai Kedzierski <dch.tai at gmail.com>


  Commit: 928ff1221c16ec9cde50f1e9cfeea5d97ea72c99
      https://github.com/lxc/lxc/commit/928ff1221c16ec9cde50f1e9cfeea5d97ea72c99
  Author: Tai Kedzierski <dch.tai at gmail.com>
  Date:   2017-03-20 (Mon, 20 Mar 2017)

  Changed paths:
    M templates/lxc-download.in

  Log Message:
  -----------
  lxc-download.in / Document keyserver change in help

Signed-off-by: Tai Kedzierski <dch.tai at gmail.com>


  Commit: 69ed323ecb904d9403b8fabd0f9b25747821b04c
      https://github.com/lxc/lxc/commit/69ed323ecb904d9403b8fabd0f9b25747821b04c
  Author: Tai Kedzierski <dch.tai at gmail.com>
  Date:   2017-03-20 (Mon, 20 Mar 2017)

  Changed paths:
    M templates/lxc-download.in

  Log Message:
  -----------
  Change variable check to match existing style

Signed-off-by: Tai Kedzierski <dch.tai at gmail.com>


Compare: https://github.com/lxc/lxc/compare/c905f00ad78b...69ed323ecb90

More information about the lxc-devel mailing list