[lxc-devel] [lxc/lxc] 7d40e5: Update Japanese pam_cgfs(8) to reflect lack of sup...
Tycho Andersen
noreply at github.com
Fri Dec 4 17:09:40 UTC 2020
Branch: refs/heads/stable-4.0
Home: https://github.com/lxc/lxc
Commit: 7d40e58be4339d8242e676959e520b6974df3794
https://github.com/lxc/lxc/commit/7d40e58be4339d8242e676959e520b6974df3794
Author: KATOH Yasufumi <karma at jazz.email.ne.jp>
Date: 2020-12-04 (Fri, 04 Dec 2020)
Changed paths:
M doc/ja/pam_cgfs.sgml.in
Log Message:
-----------
Update Japanese pam_cgfs(8) to reflect lack of support for pure cgroupv2
Update for commit b87ed83bbc7db3f826b4f54df1bb458c2c539be7
Signed-off-by: KATOH Yasufumi <karma at jazz.email.ne.jp>
Commit: 687f9b9bbe07d5a226491f4214314f35dac4e889
https://github.com/lxc/lxc/commit/687f9b9bbe07d5a226491f4214314f35dac4e889
Author: Ruben Jenster <r.jenster at drachenfels.de>
Date: 2020-12-04 (Fri, 04 Dec 2020)
Changed paths:
M src/lxc/seccomp.c
Log Message:
-----------
seccomp: Fix handling of pseudo syscalls and improve logging for rule processing.
Signed-off-by: Ruben Jenster <r.jenster at drachenfels.de>
Commit: 55cbb1a69783ded6a541b6905cf7f9e7f696482c
https://github.com/lxc/lxc/commit/55cbb1a69783ded6a541b6905cf7f9e7f696482c
Author: Ruben Jenster <r.jenster at drachenfels.de>
Date: 2020-12-04 (Fri, 04 Dec 2020)
Changed paths:
M src/lxc/seccomp.c
Log Message:
-----------
seccomp: Avoid duplicate processing of rules for host native arch.
Signed-off-by: Ruben Jenster <r.jenster at drachenfels.de>
Commit: c14c31d4691a3b4dfe54f521ccd2a193fb0cbbc9
https://github.com/lxc/lxc/commit/c14c31d4691a3b4dfe54f521ccd2a193fb0cbbc9
Author: Ruben Jenster <r.jenster at drachenfels.de>
Date: 2020-12-04 (Fri, 04 Dec 2020)
Changed paths:
M src/lxc/confile.c
M src/lxc/confile.h
M src/lxc/lxccontainer.c
M src/tests/get_item.c
Log Message:
-----------
lxccontainer: fix lxc_config_item_is_supported
Use exact match instead of longest prefix match
to check whether a config item is supported.
Signed-off-by: Ruben Jenster <r.jenster at drachenfels.de>
Commit: 15190a6a238fa82bb299cf4d523212edbda643a6
https://github.com/lxc/lxc/commit/15190a6a238fa82bb299cf4d523212edbda643a6
Author: Ruben Jenster <r.jenster at drachenfels.de>
Date: 2020-12-04 (Fri, 04 Dec 2020)
Changed paths:
M src/tests/Makefile.am
Log Message:
-----------
tests: Fix compilation with appamor enabled.
Signed-off-by: Ruben Jenster <r.jenster at drachenfels.de>
Commit: bd5ed71d71cde3220cac896d5d0a21bf7206901c
https://github.com/lxc/lxc/commit/bd5ed71d71cde3220cac896d5d0a21bf7206901c
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2020-12-04 (Fri, 04 Dec 2020)
Changed paths:
M src/lxc/commands.c
Log Message:
-----------
commands: don't deref after NULL check
Fixes: Coverity 1465657
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 64163d8dc8480e5b9a3c52041560b68a020e708f
https://github.com/lxc/lxc/commit/64163d8dc8480e5b9a3c52041560b68a020e708f
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2020-12-04 (Fri, 04 Dec 2020)
Changed paths:
M src/lxc/utils.c
Log Message:
-----------
utils: don't deref after NULL check
Fixes: Coverity 1465855
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: c6c2cf30278203a9a9a4498b49a0f76bb586d813
https://github.com/lxc/lxc/commit/c6c2cf30278203a9a9a4498b49a0f76bb586d813
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2020-12-04 (Fri, 04 Dec 2020)
Changed paths:
M src/lxc/conf.c
Log Message:
-----------
conf: check snprint return value
Fixes: Coverity 1465854
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: c253925b4bfc3f79f658308e03859429c98aac07
https://github.com/lxc/lxc/commit/c253925b4bfc3f79f658308e03859429c98aac07
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2020-12-04 (Fri, 04 Dec 2020)
Changed paths:
M src/lxc/utils.c
Log Message:
-----------
utils: check snprintf return value
Fixes: Coverity 1465853
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: cbb504c95d7b4d3c30e83c094a0f95f76a2a601d
https://github.com/lxc/lxc/commit/cbb504c95d7b4d3c30e83c094a0f95f76a2a601d
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2020-12-04 (Fri, 04 Dec 2020)
Changed paths:
M src/lxc/file_utils.c
M src/lxc/file_utils.h
M src/lxc/seccomp.c
Log Message:
-----------
seccomp: make seccomp notifier fd non-blocking
Suggested-by: Jann Horn <jann at thejh.net>
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 9436750e5a6bb7e80b2fa4ffd03fd39614b6d956
https://github.com/lxc/lxc/commit/9436750e5a6bb7e80b2fa4ffd03fd39614b6d956
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2020-12-04 (Fri, 04 Dec 2020)
Changed paths:
M src/lxc/seccomp.c
Log Message:
-----------
seccomp: log aborted system calls
Suggested-by: Jann Horn <jann at thejh.net>
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: c5e1a70cffb794cf6eea6f020e35594e36aeaea2
https://github.com/lxc/lxc/commit/c5e1a70cffb794cf6eea6f020e35594e36aeaea2
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2020-12-04 (Fri, 04 Dec 2020)
Changed paths:
M src/lxc/attach.c
M src/lxc/utils.c
Log Message:
-----------
attach: silence stdio permission adjust warnings
Closes: #3576.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 1bd5fb39b78517ccfb47eb686da854dc3fd6bbf0
https://github.com/lxc/lxc/commit/1bd5fb39b78517ccfb47eb686da854dc3fd6bbf0
Author: lifeng68 <lifeng68 at huawei.com>
Date: 2020-12-04 (Fri, 04 Dec 2020)
Changed paths:
M src/lxc/cgroups/cgfsng.c
Log Message:
-----------
cgfsng: adjust log level to warn instead of error
Signed-off-by: lifeng68 <lifeng68 at huawei.com>
Commit: dcc39fcae63c1b406e12448d826f5c3aea572cb8
https://github.com/lxc/lxc/commit/dcc39fcae63c1b406e12448d826f5c3aea572cb8
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2020-12-04 (Fri, 04 Dec 2020)
Changed paths:
M src/lxc/file_utils.c
M src/lxc/file_utils.h
M src/lxc/parse.c
Log Message:
-----------
parse: rework config parsing routine
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 1e9e5816d1756f9a0bb1cd4460094928f712665f
https://github.com/lxc/lxc/commit/1e9e5816d1756f9a0bb1cd4460094928f712665f
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2020-12-04 (Fri, 04 Dec 2020)
Changed paths:
M src/lxc/conf.c
Log Message:
-----------
conf: switch to fd_to_fd() when copying mountinfo
Closes: #3580.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=209971
Suggested-by: Joan Bruguera <joanbrugueram at gmail.com>
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 1c7c31b56847e4aef2ce7ecab1b6bd53cddd1a50
https://github.com/lxc/lxc/commit/1c7c31b56847e4aef2ce7ecab1b6bd53cddd1a50
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2020-12-04 (Fri, 04 Dec 2020)
Changed paths:
M src/lxc/file_utils.c
Log Message:
-----------
file_utils: fix config file parsing
We accidently used the "bytes_to_write" variable after we've written all the
bytes at which point it is guaranteed to be 0. Let's use the "bytes_read"
variable instead.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: b70ddc2efe8e66f725eef25d48b76935ce987876
https://github.com/lxc/lxc/commit/b70ddc2efe8e66f725eef25d48b76935ce987876
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2020-12-04 (Fri, 04 Dec 2020)
Changed paths:
M src/lxc/commands_utils.c
M src/lxc/state.c
Log Message:
-----------
commands_utils: fix lxc-wait
Closes: #3570
Fixes: 7792a5b60f79 ("commands: add additional check to lxc_cmd_sock_get_state()")
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 92bc70903c8e9ca920503bcf288934a9e8f12e1f
https://github.com/lxc/lxc/commit/92bc70903c8e9ca920503bcf288934a9e8f12e1f
Author: Tycho Andersen <tycho at tycho.pizza>
Date: 2020-12-04 (Fri, 04 Dec 2020)
Changed paths:
M src/lxc/network.c
Log Message:
-----------
network: fix LXC_NET_NONE cleanup
We have a case where we have a nested container with LXC_NET_NONE run
inside a container that's *also* got no network namespace (run by
lxc-usernsexec).
The "am I root" check in this function then does not suffice, since the
euid of the task is 0 but it does not have privilege over its network
namespace, and thus cannot do any of the restore operations:
lxc foo 20201201232059.271 TRACE network - network.c:lxc_restore_phys_nics_to_netns:3299 - Moving physical network devices back to parent network namespace
lxc foo 20201201232059.271 ERROR network - network.c:lxc_restore_phys_nics_to_netns:3307 - Operation not permitted - Failed to enter network namespace
lxc foo 20201201232059.271 ERROR start - start.c:__lxc_start:2045 - Failed to move physical network devices back to parent network namespace
Let's check that we indeed did clone the network namespace, and thus have
things to restore to their correct namespace before attempting to actually
restore them.
I suspect it's possible we can also get rid of some of the network namespace
preservation stuff in start.c in the LXC_NET_NONE case.
Signed-off-by: Tycho Andersen <tycho at tycho.pizza>
Compare: https://github.com/lxc/lxc/compare/7bae22f73db9...92bc70903c8e
More information about the lxc-devel
mailing list