Branch: refs/heads/stable-4.0 Home: https://github.com/lxc/lxc Commit: 7d40e58be4339d8242e676959e520b6974df3794 https://github.com/lxc/lxc/commit/7d40e58be4339d8242e676959e520b6974df3794 Author: KATOH Yasufumi <ka...@jazz.email.ne.jp> Date: 2020-12-04 (Fri, 04 Dec 2020)
Changed paths: M doc/ja/pam_cgfs.sgml.in Log Message: ----------- Update Japanese pam_cgfs(8) to reflect lack of support for pure cgroupv2 Update for commit b87ed83bbc7db3f826b4f54df1bb458c2c539be7 Signed-off-by: KATOH Yasufumi <ka...@jazz.email.ne.jp> Commit: 687f9b9bbe07d5a226491f4214314f35dac4e889 https://github.com/lxc/lxc/commit/687f9b9bbe07d5a226491f4214314f35dac4e889 Author: Ruben Jenster <r.jens...@drachenfels.de> Date: 2020-12-04 (Fri, 04 Dec 2020) Changed paths: M src/lxc/seccomp.c Log Message: ----------- seccomp: Fix handling of pseudo syscalls and improve logging for rule processing. Signed-off-by: Ruben Jenster <r.jens...@drachenfels.de> Commit: 55cbb1a69783ded6a541b6905cf7f9e7f696482c https://github.com/lxc/lxc/commit/55cbb1a69783ded6a541b6905cf7f9e7f696482c Author: Ruben Jenster <r.jens...@drachenfels.de> Date: 2020-12-04 (Fri, 04 Dec 2020) Changed paths: M src/lxc/seccomp.c Log Message: ----------- seccomp: Avoid duplicate processing of rules for host native arch. Signed-off-by: Ruben Jenster <r.jens...@drachenfels.de> Commit: c14c31d4691a3b4dfe54f521ccd2a193fb0cbbc9 https://github.com/lxc/lxc/commit/c14c31d4691a3b4dfe54f521ccd2a193fb0cbbc9 Author: Ruben Jenster <r.jens...@drachenfels.de> Date: 2020-12-04 (Fri, 04 Dec 2020) Changed paths: M src/lxc/confile.c M src/lxc/confile.h M src/lxc/lxccontainer.c M src/tests/get_item.c Log Message: ----------- lxccontainer: fix lxc_config_item_is_supported Use exact match instead of longest prefix match to check whether a config item is supported. Signed-off-by: Ruben Jenster <r.jens...@drachenfels.de> Commit: 15190a6a238fa82bb299cf4d523212edbda643a6 https://github.com/lxc/lxc/commit/15190a6a238fa82bb299cf4d523212edbda643a6 Author: Ruben Jenster <r.jens...@drachenfels.de> Date: 2020-12-04 (Fri, 04 Dec 2020) Changed paths: M src/tests/Makefile.am Log Message: ----------- tests: Fix compilation with appamor enabled. Signed-off-by: Ruben Jenster <r.jens...@drachenfels.de> Commit: bd5ed71d71cde3220cac896d5d0a21bf7206901c https://github.com/lxc/lxc/commit/bd5ed71d71cde3220cac896d5d0a21bf7206901c Author: Christian Brauner <christian.brau...@ubuntu.com> Date: 2020-12-04 (Fri, 04 Dec 2020) Changed paths: M src/lxc/commands.c Log Message: ----------- commands: don't deref after NULL check Fixes: Coverity 1465657 Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com> Commit: 64163d8dc8480e5b9a3c52041560b68a020e708f https://github.com/lxc/lxc/commit/64163d8dc8480e5b9a3c52041560b68a020e708f Author: Christian Brauner <christian.brau...@ubuntu.com> Date: 2020-12-04 (Fri, 04 Dec 2020) Changed paths: M src/lxc/utils.c Log Message: ----------- utils: don't deref after NULL check Fixes: Coverity 1465855 Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com> Commit: c6c2cf30278203a9a9a4498b49a0f76bb586d813 https://github.com/lxc/lxc/commit/c6c2cf30278203a9a9a4498b49a0f76bb586d813 Author: Christian Brauner <christian.brau...@ubuntu.com> Date: 2020-12-04 (Fri, 04 Dec 2020) Changed paths: M src/lxc/conf.c Log Message: ----------- conf: check snprint return value Fixes: Coverity 1465854 Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com> Commit: c253925b4bfc3f79f658308e03859429c98aac07 https://github.com/lxc/lxc/commit/c253925b4bfc3f79f658308e03859429c98aac07 Author: Christian Brauner <christian.brau...@ubuntu.com> Date: 2020-12-04 (Fri, 04 Dec 2020) Changed paths: M src/lxc/utils.c Log Message: ----------- utils: check snprintf return value Fixes: Coverity 1465853 Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com> Commit: cbb504c95d7b4d3c30e83c094a0f95f76a2a601d https://github.com/lxc/lxc/commit/cbb504c95d7b4d3c30e83c094a0f95f76a2a601d Author: Christian Brauner <christian.brau...@ubuntu.com> Date: 2020-12-04 (Fri, 04 Dec 2020) Changed paths: M src/lxc/file_utils.c M src/lxc/file_utils.h M src/lxc/seccomp.c Log Message: ----------- seccomp: make seccomp notifier fd non-blocking Suggested-by: Jann Horn <j...@thejh.net> Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com> Commit: 9436750e5a6bb7e80b2fa4ffd03fd39614b6d956 https://github.com/lxc/lxc/commit/9436750e5a6bb7e80b2fa4ffd03fd39614b6d956 Author: Christian Brauner <christian.brau...@ubuntu.com> Date: 2020-12-04 (Fri, 04 Dec 2020) Changed paths: M src/lxc/seccomp.c Log Message: ----------- seccomp: log aborted system calls Suggested-by: Jann Horn <j...@thejh.net> Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com> Commit: c5e1a70cffb794cf6eea6f020e35594e36aeaea2 https://github.com/lxc/lxc/commit/c5e1a70cffb794cf6eea6f020e35594e36aeaea2 Author: Christian Brauner <christian.brau...@ubuntu.com> Date: 2020-12-04 (Fri, 04 Dec 2020) Changed paths: M src/lxc/attach.c M src/lxc/utils.c Log Message: ----------- attach: silence stdio permission adjust warnings Closes: #3576. Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com> Commit: 1bd5fb39b78517ccfb47eb686da854dc3fd6bbf0 https://github.com/lxc/lxc/commit/1bd5fb39b78517ccfb47eb686da854dc3fd6bbf0 Author: lifeng68 <lifen...@huawei.com> Date: 2020-12-04 (Fri, 04 Dec 2020) Changed paths: M src/lxc/cgroups/cgfsng.c Log Message: ----------- cgfsng: adjust log level to warn instead of error Signed-off-by: lifeng68 <lifen...@huawei.com> Commit: dcc39fcae63c1b406e12448d826f5c3aea572cb8 https://github.com/lxc/lxc/commit/dcc39fcae63c1b406e12448d826f5c3aea572cb8 Author: Christian Brauner <christian.brau...@ubuntu.com> Date: 2020-12-04 (Fri, 04 Dec 2020) Changed paths: M src/lxc/file_utils.c M src/lxc/file_utils.h M src/lxc/parse.c Log Message: ----------- parse: rework config parsing routine Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com> Commit: 1e9e5816d1756f9a0bb1cd4460094928f712665f https://github.com/lxc/lxc/commit/1e9e5816d1756f9a0bb1cd4460094928f712665f Author: Christian Brauner <christian.brau...@ubuntu.com> Date: 2020-12-04 (Fri, 04 Dec 2020) Changed paths: M src/lxc/conf.c Log Message: ----------- conf: switch to fd_to_fd() when copying mountinfo Closes: #3580. Link: https://bugzilla.kernel.org/show_bug.cgi?id=209971 Suggested-by: Joan Bruguera <joanbrugue...@gmail.com> Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com> Commit: 1c7c31b56847e4aef2ce7ecab1b6bd53cddd1a50 https://github.com/lxc/lxc/commit/1c7c31b56847e4aef2ce7ecab1b6bd53cddd1a50 Author: Christian Brauner <christian.brau...@ubuntu.com> Date: 2020-12-04 (Fri, 04 Dec 2020) Changed paths: M src/lxc/file_utils.c Log Message: ----------- file_utils: fix config file parsing We accidently used the "bytes_to_write" variable after we've written all the bytes at which point it is guaranteed to be 0. Let's use the "bytes_read" variable instead. Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com> Commit: b70ddc2efe8e66f725eef25d48b76935ce987876 https://github.com/lxc/lxc/commit/b70ddc2efe8e66f725eef25d48b76935ce987876 Author: Christian Brauner <christian.brau...@ubuntu.com> Date: 2020-12-04 (Fri, 04 Dec 2020) Changed paths: M src/lxc/commands_utils.c M src/lxc/state.c Log Message: ----------- commands_utils: fix lxc-wait Closes: #3570 Fixes: 7792a5b60f79 ("commands: add additional check to lxc_cmd_sock_get_state()") Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com> Commit: 92bc70903c8e9ca920503bcf288934a9e8f12e1f https://github.com/lxc/lxc/commit/92bc70903c8e9ca920503bcf288934a9e8f12e1f Author: Tycho Andersen <tycho@tycho.pizza> Date: 2020-12-04 (Fri, 04 Dec 2020) Changed paths: M src/lxc/network.c Log Message: ----------- network: fix LXC_NET_NONE cleanup We have a case where we have a nested container with LXC_NET_NONE run inside a container that's *also* got no network namespace (run by lxc-usernsexec). The "am I root" check in this function then does not suffice, since the euid of the task is 0 but it does not have privilege over its network namespace, and thus cannot do any of the restore operations: lxc foo 20201201232059.271 TRACE network - network.c:lxc_restore_phys_nics_to_netns:3299 - Moving physical network devices back to parent network namespace lxc foo 20201201232059.271 ERROR network - network.c:lxc_restore_phys_nics_to_netns:3307 - Operation not permitted - Failed to enter network namespace lxc foo 20201201232059.271 ERROR start - start.c:__lxc_start:2045 - Failed to move physical network devices back to parent network namespace Let's check that we indeed did clone the network namespace, and thus have things to restore to their correct namespace before attempting to actually restore them. I suspect it's possible we can also get rid of some of the network namespace preservation stuff in start.c in the LXC_NET_NONE case. Signed-off-by: Tycho Andersen <tycho@tycho.pizza> Compare: https://github.com/lxc/lxc/compare/7bae22f73db9...92bc70903c8e _______________________________________________ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel