[lxc-devel] [lxc/lxc] 78ae61: syscall_numbers: handle ia64 syscall numbers corre...

: Serge Hallyn Date: 2020-05-15 (Fri, 15 May 2020) Changed paths: M configure.ac M src/include/fexecve.c M src/lxc/Makefile.am M src/lxc/af_unix.c M src/lxc/attach.c M src/lxc/cgroups/cgfsng.c M src/lxc/cmd/lxc_init.c M src/lxc/cmd/lxc_monitord.c M src/lxc/cmd

[lxc-devel] [lxc/lxc] b94283: start: remove procfs pidfd support

pidfds. Signed-off-by: Christian Brauner Commit: f036cc8a2c6ace70ea8086e5f34881ebadf105f1 https://github.com/lxc/lxc/commit/f036cc8a2c6ace70ea8086e5f34881ebadf105f1 Author: Serge Hallyn Date: 2020-01-08 (Wed, 08 Jan 2020) Changed paths: M src/lxc/start.c M src/lxc

[lxc-devel] [lxc/lxc] 63012b: Add autodev.tmpfs.size config parameter

://github.com/lxc/lxc/commit/83bac1bf25ea1233f1900d925942800268a376d1 Author: Serge Hallyn Date: 2019-10-04 (Fri, 04 Oct 2019) Changed paths: M doc/lxc.container.conf.sgml.in M src/lxc/conf.c M src/lxc/conf.h M src/lxc/confile.c M src/tests/parse_config_file.c Log Message

[lxc-devel] [lxc/lxc] 4d8bdf: start: handle setting pdeath signal in new pidns

that idea. Suggested-by: Jann Horn Signed-off-by: Christian Brauner Commit: 345a21ca9ec1b736208611f4bec7e24097ce279b https://github.com/lxc/lxc/commit/345a21ca9ec1b736208611f4bec7e24097ce279b Author: Serge Hallyn Date: 2019-10-04 (Fri, 04 Oct 2019) Changed paths: M src/lxc/sta

[lxc-devel] [lxc/lxc] d16874: start: pidfds obviously start - like any fd - at 0

/start.c Log Message: --- start: pidfds obviously start - like any fd - at 0 Signed-off-by: Christian Brauner Commit: 1d24b87a1a12979a27cd0416211c229635ab1a5f https://github.com/lxc/lxc/commit/1d24b87a1a12979a27cd0416211c229635ab1a5f Author: Serge Hallyn Date: 2019

[lxc-devel] [lxc/lxc] 6318c8: Centralize hook names

commit 8de90384363fe01f5258d36724dd3eae55918b5b Signed-off-by: KATOH Yasufumi Commit: 505af6af91fa93af27e5990a9cc4ea5b417f7811 https://github.com/lxc/lxc/commit/505af6af91fa93af27e5990a9cc4ea5b417f7811 Author: Serge Hallyn Date: 2019-06-18 (Tue, 18 Jun 2019) Changed paths:

[lxc-devel] [lxc/lxc] fa2bb6: Switch from gnutls to openssl for sha1

Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: fa2bb6ba532c5e7f92df8cbae50a68af519f9997 https://github.com/lxc/lxc/commit/fa2bb6ba532c5e7f92df8cbae50a68af519f9997 Author: Serge Hallyn Date: 2019-06-13 (Thu, 13 Jun 2019) Changed paths: M configure.ac

[lxc-devel] [lxc/lxc] ebf3a6: conf: remove fgets() from run_buffer()

: remove fgets() from setproctitle() Signed-off-by: Christian Brauner Commit: fff69e468f320049bb53cac665fc50c46613800c https://github.com/lxc/lxc/commit/fff69e468f320049bb53cac665fc50c46613800c Author: Serge Hallyn Date: 2019-03-04 (Mon, 04 Mar 2019) Changed paths: M src/lxc

[lxc-devel] [lxc/lxc] d97919: cgroups: partially switch to cleanup macros

: Serge Hallyn Date: 2019-02-08 (Fri, 08 Feb 2019) Changed paths: M src/lxc/cgroups/cgfsng.c M src/lxc/memory_utils.h Log Message: --- Merge pull request #2827 from brauner/2019-02-07/auto_cleanup cgroups: partially switch to cleanup macros Compare: https

[lxc-devel] Container startup hook arguments

Hi everyone,  Since the start, lxc container startup hooks have gotten some redundant information as command line arguments, which is also available as environment variables. Is anyone making use of that? I'm wondering whether any existing installations would have broken scripts if we get rid

Re: [lxc-devel] lxc-create: file-based capabilities are lost

I really don’t know what happened to that patch, sorry about that. I’ve proposed it now as pull request #1717 into master. Thanks, -serge > On Jul 28, 2017, at 4:13 AM, Harald Dunkel wrote: > > PS: > > On Thu, 27 Jul 2017 08:45:49 -0500 > "Serge E. Hallyn"

Re: [lxc-devel] lxc-create: file-based capabilities are lost

I see the patch in my archives now. I’ll get it pushed. Thanks. Serge > On Jul 28, 2017, at 4:13 AM, Harald Dunkel wrote: > > PS: > > On Thu, 27 Jul 2017 08:45:49 -0500 > "Serge E. Hallyn" wrote: > >> >> It looks like these were done by commit

Re: [lxc-devel] lxc-create: file-based capabilities are lost

I'm sure I'm just being dense. Can you point to your fix? I'll follow up. Serge   Original Message   From: Harald Dunkel Sent: Friday, July 28, 2017 5:13 AM To: Serge E. Hallyn Cc: LXC development mailing-list Subject: Re: [lxc-devel] lxc-create: file-based capabilities are lost PS: On Thu, 27

Re: [lxc-devel] Linux 4.6-rc1..rc5 /proc/meminfo infinite loop in Linux Container

Hi, Sounds like a bug in the intersection of lxcfs and the kernel. So you could open an issue at github.com/lxc/lxcfs and append the config file and other info there. Then (bc not many ppl look there I think) you can link to that issue in a reply in this thread (where a lot more ppl look).

Re: [lxc-devel] [PATCH] Initialize a pointer in split_init_cmd() to avoid gcc warnings

Quoting Leonid Isaev (leonid.is...@jila.colorado.edu): > gcc -Wall warns about uninitialized variables (-Wmaybe-uninitialized), and > -Werror makes it fatal. This change allows the build to succeed by NULL'ifying > the pointer passed to strtok_r(). > > Note that strtok_r(3) anyway ignores a

[lxc-devel] [RFC PATCH] cgfsng: don't require that systemd subsystem be mounted

(a) if name=systemd is not mounted then we won't hit that, and (b) if name=systemd is mounted, then we'd really still like to set it up for containers. Signed-off-by: Serge Hallyn <serge.hal...@ubuntu.com> --- src/lxc/cgfsng.c | 9 ++--- src/lxc/cgroup.c | 7 ++- 2 files chan

Re: [lxc-devel] Unprivileged containers don't start with lxcfs 2.0.0

Quoting Mathias Gibbens (math...@calenhad.com): > On Tue, 2016-04-05 at 16:45 +, Mathias Gibbens wrote: > > On Tue, 2016-04-05 at 14:59 +0000, Serge Hallyn wrote: > > > Quoting Mathias Gibbens (math...@calenhad.com): > > > > On Sat, 2016-04-02 at 1

Re: [lxc-devel] Unprivileged containers don't start with lxcfs 2.0.0

Quoting Mathias Gibbens (math...@calenhad.com): > This evening I upgraded my lxc/lxcfs install, seeing as how lxcfs > 2.0.0 was tagged earlier today. However, with the current lxcfs (2.0.0) > my unprivileged containers fail to start: > > > lxc@narya:~$ lxc-start -F -n aule.calenhad.com > >

Re: [lxc-devel] [PATCH] open_without_symlink: Don't SYSERROR on something else than ELOOP

Quoting Bogdan Purcareata (bogdan.purcare...@nxp.com): > The open_without_symlink routine has been specifically created to prevent > mounts with synlinks as source or destination. Keep SYSERROR'ing in that > particular scenario, but leave error handling to calling functions for the > other ones -

Re: [lxc-devel] mounting mqueue in a user namespace

Quoting Thomas Tanaka (thomas.tan...@oracle.com): > > On 3/11/2016 3:07 PM, Serge Hallyn wrote: > >Quoting Thomas Tanaka (thomas.tan...@oracle.com): > >>On 3/10/2016 4:18 PM, Serge Hallyn wrote: > >>>Quoting Thomas Tanaka (thomas.tan...@oracle.com): > >

Re: [lxc-devel] mounting mqueue in a user namespace

Quoting Thomas Tanaka (thomas.tan...@oracle.com): > > On 3/10/2016 4:18 PM, Serge Hallyn wrote: > >Quoting Thomas Tanaka (thomas.tan...@oracle.com): > >>Hi, > >> > >>This question might not be specific to lxc/lxd but containers in > >>general, I

Re: [lxc-devel] lxd/lxc publish command

Quoting brian mullan (bmullan.m...@gmail.com): > I've been curious about this for some time now but in one of serge hallyn's > past posts > (https://insights.ubuntu.com/2015/06/30/publishing-lxd-images/) he'd > mentioned: > > > > > > *> Importantly, because “–public” was passed to the lxc

Re: [lxc-devel] mounting mqueue in a user namespace

Quoting Thomas Tanaka (thomas.tan...@oracle.com): > Hi, > > This question might not be specific to lxc/lxd but containers in > general, I hope that is okay. > I have a process created using clone with the following flags > (CLONE_NEWNS|CLONE_NEWIPC|CLONE_NEWUSER). > The process then try to mount

Re: [lxc-devel] Contributions to LXC now prefered as Github pull-requests

Quoting Stéphane Graber (stgra...@ubuntu.com): > On Mon, Feb 01, 2016 at 12:43:21PM +0100, Stéphane Graber wrote: > > Hello, > > > > For a long time, Serge and I have been preferring LXC contributions to > > be sent through the mailing-list kernel-style. > > > > This has been working reasonably

Re: [lxc-devel] default dhcp network

Quoting Tamas Papp (tom...@martos.bme.hu): > hi All, > > > IMO 10.0.3.0/24 is way too general to be default. > It would be better, more suitable, less problematic with less > conflicts if it would be something like 10.251.78.0/24 or > 172.31.251.0/24. > > > And if there is any change, that

Re: [lxc-devel] CGroup Namespaces (v10)

Quoting Alban Crequy (alban.cre...@gmail.com): > Hi, > > On 29 January 2016 at 09:54, wrote: > > Hi, > > > > following is a revised set of the CGroup Namespace patchset which Aditya > > Kali has previously sent. The code can also be found in the cgroupns.v10 > > branch

Re: [lxc-devel] cgroup V2 and LXC

Quoting Christian Brauner (christianvanbrau...@gmail.com): > On Mon, Feb 15, 2016 at 07:48:05PM +0000, Serge Hallyn wrote: > > Quoting Christian Brauner (christian.brau...@mailbox.org): > > > On Wed, Feb 10, 2016 at 05:45:48PM +, Serge Hallyn wrote: > > >

Re: [lxc-devel] Potential deadlock with lxcfs and lxc-freeze

Quoting Fabian Grünbichler (f.gruenbich...@proxmox.com): > > > Fabian Grünbichler hat am 12. Februar 2016 um > > 13:53 geschrieben: > > > > Summary so far: uptime, ps and any other process accessing /proc/uptime > > within > > a > > container using lxcfs can pretty

Re: [lxc-devel] cgroup V2 and LXC

Quoting Christian Brauner (christian.brau...@mailbox.org): > On Wed, Feb 10, 2016 at 05:45:48PM +0000, Serge Hallyn wrote: > > Quoting Christian Brauner (christian.brau...@mailbox.org): > > > On Mon, Feb 01, 2016 at 04:56:08AM +, Serge Hallyn wrote: > > > &

Re: [lxc-devel] cgroup V2 and LXC

Quoting Christian Brauner (christian.brau...@mailbox.org): > On Mon, Feb 01, 2016 at 04:56:08AM +0000, Serge Hallyn wrote: > > Quoting Kevin Wilson (wkev...@gmail.com): > > > Hi, LXC developers, > > > > > > The latest kernel release (4.4) includes initi

Re: [lxc-devel] Mount slave forced in lxc-1.1.4

Quoting Bussery, Francois (francois.buss...@arris.com): > Hi, > I have noticed that recent LXC are remounting SLAVE all SHARED mount points. > Is there any real reason for that? Is there any way to workaround this > “feature” by any configuration files. > In embedded world, it is really common

Re: [lxc-devel] PID of a process inside an lxc container

Quoting Christian Brauner (christian.brau...@mailbox.org): > On Wed, Feb 03, 2016 at 04:49:04PM +0200, Kevin Wilson wrote: > > Hi, > > > > When I create an lxc container and run a simple process (which all it > > does is call pause()), > > I see the pid of this process also in the host (Simply by

Re: [lxc-devel] cgroup V2 and LXC

Quoting Kevin Wilson (wkev...@gmail.com): > Hi, LXC developers, > > The latest kernel release (4.4) includes initial support to cgroup v2 > with 2 controllers (memory and io). Also it seems that the PIDs > controller works in cgroup v2, but I do not know if it is officially > supported in v2. >

[lxc-devel] [PATCH 6/8] cgroup: mount cgroupns-root when inside non-init cgroupns

From: Serge Hallyn <serge.hal...@ubuntu.com> This patch enables cgroup mounting inside userns when a process as appropriate privileges. The cgroup filesystem mounted is rooted at the cgroupns-root. Thus, in a container-setup, only the hierarchy under the cgroupns-root is exposed

[lxc-devel] [PATCH 3/8] cgroup: introduce cgroup namespaces

; Signed-off-by: Serge Hallyn <serge.hal...@canonical.com> --- Changelog: 2015-11-24 - move cgroup_namespace.c into cgroup.c (and .h) - reformatting - make get_cgroup_ns return void - rename ns->root_cgrps to root_cset. Changelog: 2015-12-08 - Move in

[lxc-devel] [PATCH 7/8] cgroup: Add documentation for cgroup namespaces

From: Serge Hallyn <serge.hal...@ubuntu.com> Signed-off-by: Aditya Kali <adityak...@google.com> Signed-off-by: Serge Hallyn <serge.hal...@canonical.com> Signed-off-by: Tejun Heo <t...@kernel.org> --- Changelog (2015-12-08): Merge into Documentation/cgroup.txt Changelog

[lxc-devel] [PATCH 2/8] sched: new clone flag CLONE_NEWCGROUP for cgroup namespace

From: Aditya Kali <adityak...@google.com> CLONE_NEWCGROUP will be used to create new cgroup namespace. Signed-off-by: Aditya Kali <adityak...@google.com> Signed-off-by: Serge Hallyn <serge.hal...@canonical.com> --- include/uapi/linux/sched.h |3 +-- 1 file changed,

[lxc-devel] CGroup Namespaces (v10)

() while creating new cgroupns - use task_lock() instead of rcu_read_lock() while accessing task->nsproxy - optimized setns() to own cgroupns - simplified code around sane-behavior mount option parsing 4. Restored ACKs from Serge Hallyn from v1 on few patches that have not chan

[lxc-devel] [PATCH 8/8] Add FS_USERNS_FLAG to cgroup fs

From: Serge Hallyn <serge.hal...@ubuntu.com> allowing root in a non-init user namespace to mount it. This should now be safe, because 1. non-init-root cannot mount a previously unbound subsystem 2. the task doing the mount must be privileged with respect to the user namespace

[lxc-devel] [PATCH 4/8] cgroup: cgroup namespace setns support

From: Aditya Kali setns on a cgroup namespace is allowed only if task has CAP_SYS_ADMIN in its current user-namespace and over the user-namespace associated with target cgroupns. No implicit cgroup changes happen with attaching to another cgroupns. It is expected that the

Re: [lxc-devel] [PATCH] lxc-copy: cleanup

Quoting Christian Brauner (christian.brau...@mailbox.org): > Signed-off-by: Christian Brauner So on this free_mnts() thing. If you (as this patch makes it look like you were risking) run it twice, you'll presumably crash. The callers always pass in the same

Re: [lxc-devel] [PATCH] Remove wrong command line arg from help output

Quoting Christian Brauner (christian.brau...@mailbox.org): > Signed-off-by: Christian Brauner Acked-by: Serge E. Hallyn > --- > Slipped my attention before unfortunately. > --- > src/lxc/lxc_ls.c | 11 ++- > 1 file changed, 6

Re: [lxc-devel] [PATCH] fork off a task to delete ovs ports when done

Quoting Stéphane Graber (stgra...@ubuntu.com): > > diff --git a/src/lxc/network.c b/src/lxc/network.c > > index 3417928..49633ab 100644 > > --- a/src/lxc/network.c > > +++ b/src/lxc/network.c > > @@ -36,6 +36,7 @@ > > #include > > #include > > #include > > +#include > > Where is that

Re: [lxc-devel] [PATCH] aufs: support multiple lower layers

Quoting Christian Brauner (christianvanbrau...@gmail.com): > Do it in a safe way by using strstr() to check for the substring ":/" should > ':' be part of a pathname. > > Signed-off-by: Christian Brauner Acked-by: Serge E. Hallyn > --- >

Re: [lxc-devel] [PATCH] update overlayfs and aufs in lxc.container.conf

Quoting Christian Brauner (christianvanbrau...@gmail.com): > Explain that multiple /lower layers can be used. > > Signed-off-by: Christian Brauner Acked-by: Serge E. Hallyn > --- > doc/lxc.container.conf.sgml.in | 4 +++- > 1 file

Re: [lxc-devel] [RFC] Add support for /proc/swaps

Quoting Nehal J Wani (nehaljw.k...@gmail.com): > Built over https://github.com/tssge/lxcfs/commit/50b75e3 > > Example Output: > > [root@lxc-dev ~]# lxc-attach -n ubuntuwily -- /bin/cat /proc/swaps > FilenameTypeSizeUsed > Priority > none

Re: [lxc-devel] [PATCH] lxc-ls: Restore old [filter] behaviour

Quoting Christian Brauner (christianvanbrau...@gmail.com): > In the Python implementation users could pass a regex without a parameter flag > as additional argument on the command line. The C implementation gained the > flag -r/--regex for this. To not irritate users we restore the old behaviour >

Re: [lxc-devel] [PATCH] mount_proc_if_needed: only safe mount when rootfs is defined

Quoting Bogdan Purcareata (bogdan.purcare...@nxp.com): > The safe_mount function was introduced in order to address CVE-2015-1335, > one of the vulnerabilities being a mount with a symlink for the > destination path. In scenarios such as lxc-execute with no rootfs, the > destination path is the

Re: [lxc-devel] [PATCH] lxc-ls: tweak algorithm for ls_has_all_grps()

Quoting Christian Brauner (christianvanbrau...@gmail.com): > - With the -g/--groups argument the user can give a comma-separated list of > groups MUST a container must have in order to be displayed. We receive > this list as a single string. ls_has_all_grps() is called to check if a >

Re: [lxc-devel] [PATCH] lxc.rootfs: support multiple lower layers

Quoting Christian Brauner (christianvanbrau...@gmail.com): > Do it in a safe way by using strstr() to check for the substring ":/" should > ':' be part of a pathname. This should be a safer implementation than the one > originally suggested in #547. > > Signed-off-by: Christian Brauner

Re: [lxc-devel] [PATCH] lxc-ls: remove unused argument + small fixes

Quoting Christian Brauner (christianvanbrau...@gmail.com): > - remove unused argument from ls_get() > - Fix ls_has_all_groups() but leave the inefficient basic algorithm untouched > for now. (Will be fixed in a dedicated commit.) > - insert missing ; > > Signed-off-by: Christian Brauner

Re: [lxc-devel] [PATCH v2] Fix Busted Swap Accounting

Quoting Nehal J Wani (nehaljw.k...@gmail.com): > When no limit is specified using lxc.cgroup.memory.memsw.limit_in_bytes, > overflow occurs while calculating Swap{Total,Free}. Commit a2de34b tried > to fix this, but introduced another bug, wherein if > memory.memsw.limit_in_bytes >=

Re: [lxc-devel] [RFC] [PATCH v2] Fix Busted Swap Accounting

Quoting Nehal J Wani (nehaljw.k...@gmail.com): > When no limit is specified using lxc.cgroup.memory.memsw.limit_in_bytes, > overflow occurs while calculating Swap{Total,Free}. Commit a2de34b tried > to fix this, but introduced another bug, wherein if > memory.memsw.limit_in_bytes >=

Re: [lxc-devel] [RFC 1/2] lxc-start: added --start-frozen

Quoting Wolfgang Bumiller (w.bumil...@proxmox.com): > On Mon, Jan 18, 2016 at 11:18:32PM +0000, Serge Hallyn wrote: > > Quoting Wolfgang Bumiller (w.bumil...@proxmox.com): > > > --- a/src/lxc/lxccontainer.h > > > +++ b/src/lxc/lxccontainer.h > > > @@ -2

Re: [lxc-devel] [PATCH] Adapt manpage for lxc-ls to new C implementation

Quoting Christian Brauner (christianvanbrau...@gmail.com): > - explain new -r,--regex flag > - explain new numeric argument to --nesting > - include common options as lxc-ls now uses the standard lxc parser > - add history section and update authors > > Signed-off-by: Christian Brauner

Re: [lxc-devel] [PATCH v3 - resend] lxc-ls: check for ENOMEM and tweaking

Quoting Christian Brauner (christian.brau...@mailbox.org): > - If lxc_container_new() fails we check for ENOMEM and if so goto out. If > ENOMEM is not set we will simply continue. The same goes for the call to > regcomp() but instead of checking for ENOMEM we need to check for > REG_ESPACE. >

Re: [lxc-devel] [RFC 1/2] lxc-start: added --start-frozen

Quoting Wolfgang Bumiller (w.bumil...@proxmox.com): > Add the possibility to start a container in a frozen state. > > Signed-off-by: Wolfgang Bumiller > --- > doc/lxc-start.sgml.in | 12 > src/lxc/arguments.h| 3 +++ > src/lxc/conf.h | 1 + >

Re: [lxc-devel] [RFC 2/2] cleanup: lxc_container::want_* comment descriptions

Quoting Wolfgang Bumiller (w.bumil...@proxmox.com): > They change a value and return true on success rather than > fetching the value as the comments previously suggested. > > Signed-off-by: Wolfgang Bumiller Yikes, yes the return value description is entirely wrong.

Re: [lxc-devel] Swap Accounting :Query

Quoting Nehal J Wani (nehaljw.k...@gmail.com): > I am using the most recent version of lxcfs, commit: > 17f9a5a9d647467e3858fa751e40cc7c022dd475 > > When I spawn a container with the settings... > > lxc.cgroup.memory.limit_in_bytes = 256M > lxc.cgroup.memory.memsw.limit_in_bytes = 512M > > ...

Re: [lxc-devel] [PATCH] lxc-ls: check for ENOMEM and tweaking

Quoting Christian Brauner (christian.brau...@mailbox.org): > If lxc_container_new() fails we check for ENOMEN and goto out if ENOMEM is not > set we will simply continue. The same goes for the call to regcomp() but > instead of checking for ENOMEM we need to check for REG_ESPACE. > > Tweaking:

Re: [lxc-devel] [PATCH] lxc-ls: set ls_nesting to 0 initially

Quoting Christian Brauner (christian.brau...@mailbox.org): > Otherwise users will always get nested containers listed. > > Signed-off-by: Christian Brauner I'd actually looked for that and somehow missed it. Acked-by: Serge E. Hallyn >

Re: [lxc-devel] [PATCH] lxc-ls: check for ENOMEM and tweaking

Quoting Christian Brauner (christian.brau...@mailbox.org): > On Fri, Jan 15, 2016 at 08:40:19PM +0000, Serge Hallyn wrote: > > Quoting Christian Brauner (christian.brau...@mailbox.org): > > > If lxc_container_new() fails we check for ENOMEN and goto out if ENOMEM > &g

Re: [lxc-devel] [PATCH v2] lxc-ls: check for ENOMEM and tweaking

Quoting Christian Brauner (christian.brau...@mailbox.org): > If lxc_container_new() fails we check for ENOMEM and if so goto out. If ENOMEM > is not set we will simply continue. The same goes for the call to regcomp() > but > instead of checking for ENOMEM we need to check for REG_ESPACE. > >

Re: [lxc-devel] [PATCH] c/r: remember to chown the cgroup path (correctly)

Quoting Tycho Andersen (tycho.ander...@canonical.com): > On Wed, Jan 13, 2016 at 09:47:50PM +0000, Serge Hallyn wrote: > > Quoting Tycho Andersen (tycho.ander...@canonical.com): > > > 1. remember to chown the cgroup path when migrating a container > > > 2. when res

Re: [lxc-devel] [PATCH v2] Fix btrfs bus error on sparc on snapshot delete

Quoting Thomas Tanaka (thomas.tan...@oracle.com): > The following patch fixes memory alignment and endianness > issue while doing a snapshot deletion with btrfs as a > backing store on platform such as sparc. > > The implementation is taken from btrfs-progs. > > Changes since v1: > - include

Re: [lxc-devel] [PATCH] add lxc-copy to see_also.sgml.in

Quoting Christian Brauner (christian.brau...@mailbox.org): > Signed-off-by: Christian Brauner Acked-by: Serge E. Hallyn > --- > doc/see_also.sgml.in | 5 + > 1 file changed, 5 insertions(+) > > diff --git a/doc/see_also.sgml.in

Re: [lxc-devel] [PATCH] check for btrfs fs in should_default_to_snapshot

Quoting Christian Brauner (christian.brau...@mailbox.org): > Check if we're really on a btrfs filesystem before we call btrfs_same_fs(). > Otherwise we will report misleading errors although everything went fine. > > Signed-off-by: Christian Brauner Acked-by:

Re: [lxc-devel] [PATCH v2] safe_mount: Handle mounting proc and refactor

Quoting Bogdan Purcareata (bogdan.purcare...@nxp.com): > On 14.01.2016 01:09, Serge Hallyn wrote: > > Quoting Bogdan Purcareata (bogdan.purcare...@nxp.com): > >> On 11.01.2016 20:59, Serge Hallyn wrote: > >>> Quoting Bogdan Purcareata (bogdan.purcare...@nxp.com): &

Re: [lxc-devel] [PATCH] c/r: remember to chown the cgroup path (correctly)

Quoting Tycho Andersen (tycho.ander...@canonical.com): > On Thu, Jan 14, 2016 at 09:28:07AM +0000, Serge Hallyn wrote: > > Quoting Tycho Andersen (tycho.ander...@canonical.com): > > > On Wed, Jan 13, 2016 at 09:47:50PM +, Serge Hallyn wrote: > > > > Quoti

Re: [lxc-devel] [PATCH] Fix btrfs bus error on sparc on snapshot delete

Quoting Thomas Tanaka (thomas.tan...@oracle.com): > The following patch fixes memory alignment and endianness > issue while doing a snapshot deletion with btrfs as a > backing store on platform such as sparc. > > The implementation is taken from btrfs-progs. Hi, thanks, this looks nice. I'm

[lxc-devel] [PATCH] fork off a task to delete ovs ports when done

lxcpath's const-ness. Technically we are guaranteed that execvp won't change the args, but it's worth it to silence the warnings (and not hide real errors). With this patch, container nics are cleaned up from openvswitch bridges on shutdown. Signed-off-by: Serge Hallyn <serge.hal...@ubuntu.

Re: [lxc-devel] [PATCH] .gitignore: add sparclinux make output

Quoting Wim Coekaerts (wim.coekae...@oracle.com): > On 1/13/16 1:50 PM, Serge Hallyn wrote: > >Quoting Tycho Andersen (tycho.ander...@canonical.com): > >>Signed-off-by: Tycho Andersen <tycho.ander...@canonical.com> > >Acked-by: Serge E. Hallyn <serge.hal...@ubuntu.

Re: [lxc-devel] [PATCH] .gitignore: add sparclinux make output

Quoting Tycho Andersen (tycho.ander...@canonical.com): > Signed-off-by: Tycho Andersen Acked-by: Serge E. Hallyn > --- > .gitignore | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/.gitignore b/.gitignore > index 5e4912c..58e5dea

Re: [lxc-devel] [PATCH] cgmanager: don't make tasks + cgroup.procs +x

Quoting Tycho Andersen (tycho.ander...@canonical.com): > No reason for these to be +x, and it looks weird. > > Signed-off-by: Tycho Andersen But it makes them a pretty green color in my terminal. Acked-by: Serge E. Hallyn > --- >

Re: [lxc-devel] [PATCH] lxc-ls: try to protect stack in recursive function

Quoting Christian Brauner (christian.brau...@mailbox.org): > As ls_get() is non-tail recursive we face the inherent danger of blowing up > the > stack at some level of nesting. To have at least some security we define > MAX_NESTLVL to be 5. That should be sufficient for most users. The argument

Re: [lxc-devel] [PATCH v2] safe_mount: Handle mounting proc and refactor

Quoting Bogdan Purcareata (bogdan.purcare...@nxp.com): > On 11.01.2016 20:59, Serge Hallyn wrote: > > Quoting Bogdan Purcareata (bogdan.purcare...@nxp.com): > >> The safe_mount primitive will mount the fs in the new container > >> environment by using file descriptor

Re: [lxc-devel] [PATCH v2] safe_mount: Handle mounting proc and refactor

Quoting Bogdan Purcareata (bogdan.purcare...@nxp.com): > The safe_mount primitive will mount the fs in the new container > environment by using file descriptors referred in /proc/self/fd. > However, when the mounted filesystem is proc itself, it will have > been previously unmounted, therefore

Re: [lxc-devel] [PATCH lxcfs 3/5] fix leak in realloc loop in must_strcat_pid

Quoting Wolfgang Bumiller (w.bumil...@proxmox.com): > > > On January 8, 2016 at 2:55 AM Serge Hallyn <serge.hal...@ubuntu.com> wrote: > > Quoting Wolfgang Bumiller (w.bumil...@proxmox.com): > > > Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com> >

Re: [lxc-devel] [PATCH] open_without_symlink: Account when prefix is empty string

Quoting Bogdan Purcareata (bogdan.purcare...@nxp.com): > In the current implementation, the open_without_symlink function > will default to opening the root mount only if the passed rootfs > prefix is null. It doesn't account for the case where this prefix > is passed as an empty string. > >

Re: [lxc-devel] [PATCH] safe_mount: Handle mounting proc and refactor

Quoting Bogdan Purcareata (bogdan.purcare...@nxp.com): > The safe_mount primitive will mount the fs in the new container > environment by using file descriptors referred in /proc/self/fd. > However, when the mounted filesystem is proc itself, it will have > been previously unmounted, therefore

Re: [lxc-devel] [PATCH] lxc_setup_fs: Create /dev/shm folder if it doesn't exist

Quoting Bogdan Purcareata (bogdan.purcare...@nxp.com): > When running application containers with lxc-execute, /dev is > populated only with device entries. Since /dev is a tmpfs mount in > the container environment, the /dev/shm folder not being present is not > a sufficient reason for the

Re: [lxc-devel] [PATCH lxcfs 4/5] cgfs: fix dorealloc's batch allocation

t; this? > > Mathias > > On Fri, 2016-01-08 at 20:10 +, Serge Hallyn wrote: > > > From 24e98d74ca279ed2dc8e5a025add5a00737ba952 Mon Sep 17 00:00:00 > > 2001 > > > From: Wolfgang Bumiller <w.bumil...@proxmox.com> > > > Date: Fri, 8 Jan 2016 1

Re: [lxc-devel] [PATCH lxcfs 4/5] cgfs: fix dorealloc's batch allocation

gt; > wrote: > > > > > > > > > > > > > On January 7, 2016 at 8:20 PM Serge Hallyn <serge.hal...@ubuntu.com> > > > > wrote: > > > > Quoting Wolfgang Bumiller (w.bumil...@proxmox.com): > > > > > >

Re: [lxc-devel] [PATCH lxcfs] Fix busted swap usage

Quoting Nehal J Wani (nehaljw.k...@gmail.com): > When no limit is specified using lxc.cgroup.memory.memsw.limit_in_bytes, > overflow occurs while calculating Swap{Total,Free}. Commit a2de34b tried > to fix this, but introduced another bug, wherein if > memory.memsw.limit_in_bytes >=

Re: [lxc-devel] [PATCH lxcfs 4/5] cgfs: fix dorealloc's batch allocation

Thanks, I'll push a new 0.16 release tonight. ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel

Re: [lxc-devel] [PATCH lxcfs 3/5] fix leak in realloc loop in must_strcat_pid

Quoting Wolfgang Bumiller (w.bumil...@proxmox.com): > If the first realloc() call fails then 'd' becomes NULL, > subsequent realloc() retries will behave like malloc() and > the the original src pointer is never freed. Further more > the newly allocated data then contains uninitialized data >

Re: [lxc-devel] [PATCH lxcfs 4/5] cgfs: fix dorealloc's batch allocation

Quoting Wolfgang Bumiller (w.bumil...@proxmox.com): > The initial check should use real lengths as with modulo a > new required length of eg. 52 would be considered smaller > than an old length of 48 (2 < 48). > > To get the 'batches' count 'newlen' must be divided and not > taken modulo

Re: [lxc-devel] [PATCH lxcfs 4/5] cgfs: fix dorealloc's batch allocation

Quoting Wolfgang Bumiller (w.bumil...@proxmox.com): > > > On January 7, 2016 at 7:42 PM Serge Hallyn <serge.hal...@ubuntu.com> wrote: > > > > > > Quoting Wolfgang Bumiller (w.bumil...@proxmox.com): > > > The initial check should use real lengths as wit

[lxc-devel] [PATCH 3/8] cgroup: introduce cgroup namespaces

; Signed-off-by: Serge Hallyn <serge.hal...@canonical.com> --- Changelog: 2015-11-24 - move cgroup_namespace.c into cgroup.c (and .h) - reformatting - make get_cgroup_ns return void - rename ns->root_cgrps to root_cset. Changelog: 2015-12-08 - Move in

[lxc-devel] [PATCH 6/8] cgroup: mount cgroupns-root when inside non-init cgroupns

From: Serge Hallyn <serge.hal...@ubuntu.com> This patch enables cgroup mounting inside userns when a process as appropriate privileges. The cgroup filesystem mounted is rooted at the cgroupns-root. Thus, in a container-setup, only the hierarchy under the cgroupns-root is exposed

[lxc-devel] [PATCH 2/8] sched: new clone flag CLONE_NEWCGROUP for cgroup namespace

From: Aditya Kali <adityak...@google.com> CLONE_NEWCGROUP will be used to create new cgroup namespace. Signed-off-by: Aditya Kali <adityak...@google.com> Signed-off-by: Serge Hallyn <serge.hal...@canonical.com> --- include/uapi/linux/sched.h |3 +-- 1 file changed,

[lxc-devel] [PATCH 4/8] cgroup: cgroup namespace setns support

From: Aditya Kali setns on a cgroup namespace is allowed only if task has CAP_SYS_ADMIN in its current user-namespace and over the user-namespace associated with target cgroupns. No implicit cgroup changes happen with attaching to another cgroupns. It is expected that the

[lxc-devel] [PATCH 7/8] cgroup: Add documentation for cgroup namespaces

From: Serge Hallyn <serge.hal...@ubuntu.com> Signed-off-by: Aditya Kali <adityak...@google.com> Signed-off-by: Serge Hallyn <serge.hal...@canonical.com> Signed-off-by: Tejun Heo <t...@kernel.org> --- Changelog (2015-12-08): Merge into Documentation/cgroup.txt Changelog

[lxc-devel] [PATCH 5/8] kernfs: define kernfs_node_dentry

From: Aditya Kali Add a new kernfs api is added to lookup the dentry for a particular kernfs path. Signed-off-by: Aditya Kali Signed-off-by: Serge E. Hallyn Acked-by: Greg Kroah-Hartman ---

[lxc-devel] [PATCH 8/8] Add FS_USERNS_FLAG to cgroup fs

From: Serge Hallyn <serge.hal...@ubuntu.com> allowing root in a non-init user namespace to mount it. This should now be safe, because 1. non-init-root cannot mount a previously unbound subsystem 2. the task doing the mount must be privileged with respect to the user namespace

[lxc-devel] CGroup Namespaces (v9)

of rcu_read_lock() while accessing task->nsproxy - optimized setns() to own cgroupns - simplified code around sane-behavior mount option parsing 4. Restored ACKs from Serge Hallyn from v1 on few patches that have not changed since then. Changes from V1: 1. No pinning of processes within cgrou

[lxc-devel] [PATCH] Don't try to change aa label if we are already apparmor-confined

Closes #1459 Signed-off-by: Serge Hallyn <serge.hal...@ubuntu.com> --- src/lxc/lsm/apparmor.c | 38 +++--- 1 file changed, 35 insertions(+), 3 deletions(-) diff --git a/src/lxc/lsm/apparmor.c b/src/lxc/lsm/apparmor.c index d78bd7a..39324ce 100644 --- a/s

[lxc-devel] [PATCH 1/8] kernfs: Add API to generate relative kernfs path

From: Aditya Kali The new function kernfs_path_from_node() generates and returns kernfs path of a given kernfs_node relative to a given parent kernfs_node. Signed-off-by: Aditya Kali Signed-off-by: Serge E. Hallyn

Re: [lxc-devel] [PATCH] NULL pointer deference if nlmsg_reserve() returns NULL for ifi

Quoting wim.coekae...@oracle.com (wim.coekae...@oracle.com): > From: Wim Coekaerts > > nlmsg_reserve() might return NULL > > if (nlmsg_len + tlen > nlmsg->cap) > return NULL; > > Also set err = -ENOMEM where appropriate > > Signed-off-by: Wim

Re: [lxc-devel] [PATCH RFC] detect which cgroups we cannot use

Quoting Serge Hallyn (serge.hal...@ubuntu.com): > and continue without them if possible > > This patch only handles cgmanger - we need to handle this in cgfs too. > > Signed-off-by: Serge Hallyn <serge.hal...@ubuntu.com> > --- >

  1   2   3   4   5   6   7   8   9   10   >