]>
git.proxmox.com Git - mirror_lxc.git/log
Stéphane Graber [Wed, 3 Apr 2024 03:33:26 +0000 (23:33 -0400)]
Release LXC 6.0.0
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
Serge Hallyn [Wed, 3 Apr 2024 02:47:03 +0000 (21:47 -0500)]
Merge pull request #4424 from stgraber/main
Cleanup MAINTAINERS, COPYING and sort out SPDX headers
Stéphane Graber [Wed, 3 Apr 2024 00:43:37 +0000 (20:43 -0400)]
lxc.spec: Align SPDX license id
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
Stéphane Graber [Wed, 3 Apr 2024 00:43:30 +0000 (20:43 -0400)]
Makefile: Align SPDX license id
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
Stéphane Graber [Wed, 3 Apr 2024 00:42:09 +0000 (20:42 -0400)]
meson: Align SPDX license id
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
Stéphane Graber [Wed, 3 Apr 2024 00:29:39 +0000 (20:29 -0400)]
COPYING: Clarify licensing of files without SPDX
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
Stéphane Graber [Wed, 3 Apr 2024 00:23:13 +0000 (20:23 -0400)]
doc: Add SPDX headers and remove Author field
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
Stéphane Graber [Tue, 2 Apr 2024 22:31:26 +0000 (18:31 -0400)]
src/include: Add SPDX headers
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
Stéphane Graber [Tue, 2 Apr 2024 22:24:10 +0000 (18:24 -0400)]
src/tests: Add SPDX headers
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
Stéphane Graber [Tue, 2 Apr 2024 21:59:17 +0000 (17:59 -0400)]
hooks: Add SPDX headers
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
Stéphane Graber [Tue, 2 Apr 2024 21:54:04 +0000 (17:54 -0400)]
lxc.spec: Clear default changelog
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
Stéphane Graber [Tue, 2 Apr 2024 21:52:37 +0000 (17:52 -0400)]
lxc.spec: Use SPDX
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
Stéphane Graber [Tue, 2 Apr 2024 21:51:55 +0000 (17:51 -0400)]
template: Use SPDX
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
Stéphane Graber [Tue, 2 Apr 2024 21:50:03 +0000 (17:50 -0400)]
config/yum: Use SPDX header
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
Stéphane Graber [Tue, 2 Apr 2024 21:49:54 +0000 (17:49 -0400)]
COPYING: Remove whitespace
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
Stéphane Graber [Tue, 2 Apr 2024 21:45:23 +0000 (17:45 -0400)]
MAINTAINERS: Remove Dwight from the maintainer list
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
Stéphane Graber [Tue, 2 Apr 2024 17:46:34 +0000 (13:46 -0400)]
Merge pull request #4377 from adamcstephens/install-options
build: add more options for customizing install
Serge Hallyn [Tue, 2 Apr 2024 15:51:03 +0000 (10:51 -0500)]
Merge pull request #4423 from stgraber/main
lxc-checkconfig improvements
Stéphane Graber [Tue, 2 Apr 2024 15:26:48 +0000 (11:26 -0400)]
lxc-checkconfig: Fix shellcheck
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
Stéphane Graber [Tue, 2 Apr 2024 15:21:43 +0000 (11:21 -0400)]
lxc-checkconfig: Show namespace limits
Closes #4259
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
Stéphane Graber [Tue, 2 Apr 2024 14:53:31 +0000 (10:53 -0400)]
Merge pull request #4422 from mihalicyn/ct_list_fix
lxc-ls: list names with whitespaces in `--active`.
Edênis Freindorfer Azevedo [Wed, 15 Sep 2021 03:12:52 +0000 (00:12 -0300)]
lxc-ls: list names with whitespaces in `--active`.
Fixes: #3970
Signed-off-by: Edênis Freindorfer Azevedo <edenisfa@gmail.com>
[ small fixes ]
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Stéphane Graber [Tue, 2 Apr 2024 13:07:45 +0000 (09:07 -0400)]
Merge pull request #4421 from mihalicyn/lxc_copy_fixes
lxc/tools: set default log_priority to ERROR
Stéphane Graber [Tue, 2 Apr 2024 13:05:54 +0000 (09:05 -0400)]
Merge pull request #4418 from mihalicyn/cumulative_fixes_2apr2024
confile_utils: fix incorrect multiply_overflow test #2
Christian Brauner [Tue, 2 Apr 2024 12:55:51 +0000 (14:55 +0200)]
Merge pull request #4420 from mihalicyn/autostart_fix
tools/lxc_autostart: don't fail when there are no containers
Christian Brauner [Tue, 2 Apr 2024 12:55:16 +0000 (14:55 +0200)]
Merge pull request #4419 from mihalicyn/fixup_mod_rdep
lxc/lxccontainer: specify file mode in open() call inside mod_rdep
Alexander Mikhalitsyn [Tue, 2 Apr 2024 11:58:35 +0000 (13:58 +0200)]
lxc/tools: set default log_priority to ERROR
For some reason, we don't have default log_priority
set for many tools which leads to the situation when
tools can fail silently even if error occurs.
Fixes: #4405
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Alexander Mikhalitsyn [Tue, 2 Apr 2024 11:43:08 +0000 (13:43 +0200)]
tools/lxc_autostart: don't fail when there are no containers
Fixes: #3847
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Alexander Mikhalitsyn [Tue, 2 Apr 2024 10:55:19 +0000 (12:55 +0200)]
lxc/lxccontainer: specify file mode in open() call inside mod_rdep
We must explicitly specify file mode in open(.. O_CREAT ..).
Let's set 0644, while previously it was 0666 [1] which seems too much.
[1] https://sourceware.org/git/?p=glibc.git;a=blob;f=libio/fileops.c;h=
4db4a76f755b1f3b766dc47c669c09242395ec95 ;hb=HEAD#l216
Fixes: Coverity 1596044
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Alexander Mikhalitsyn [Tue, 2 Apr 2024 10:14:38 +0000 (12:14 +0200)]
lxc/confile: do not print excess space before scale suffix for time.offset.boot
Let's make time.offset.boot and time.offset.monotonic getters consistent
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Alexander Mikhalitsyn [Tue, 2 Apr 2024 09:46:29 +0000 (11:46 +0200)]
lxc/confile: do not print newline symbol in getter for lxc.time.offset.*
It's clearly a mistake in the getters implementation.
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Alexander Mikhalitsyn [Tue, 2 Apr 2024 09:14:18 +0000 (11:14 +0200)]
tests/parse_config_file: fix some typos
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Alexander Mikhalitsyn [Tue, 2 Apr 2024 09:13:21 +0000 (11:13 +0200)]
tests/parse_config_file: add tests for lxc.time.offset.*
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Arnaud Fontaine [Tue, 2 Apr 2024 08:49:34 +0000 (10:49 +0200)]
tree-wide: replace multiply_overflow with check_mul_overflow
Remove redundant multiply_overflow helper and use check_mul_overflow.
This also fixes a bug with incorrect handling for negative offset values.
Link: #4374
Signed-off-by: Arnaud Fontaine <arnaud.fontaine@airbus.com>
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Stéphane Graber [Mon, 1 Apr 2024 21:16:55 +0000 (17:16 -0400)]
Merge pull request #4417 from mihalicyn/revert-3951-2021-08-25.fixes
Rework "lxccontainer: fixes" PR
Christian Brauner [Wed, 25 Aug 2021 14:11:55 +0000 (16:11 +0200)]
lxccontainer: rework copy_file()
Signed-off-by: Christian Brauner <christian@brauner.io>
resurrect file_exists(new) check
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Christian Brauner [Wed, 25 Aug 2021 14:05:00 +0000 (16:05 +0200)]
lxccontainer: improve mod_rdep()
Signed-off-by: Christian Brauner <christian@brauner.io>
O_RDWR -> O_WRONLY | O_CREAT
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Alexander Mikhalitsyn [Mon, 1 Apr 2024 15:23:48 +0000 (17:23 +0200)]
Revert "lxccontainer: fixes"
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Stéphane Graber [Mon, 1 Apr 2024 13:21:05 +0000 (09:21 -0400)]
Merge pull request #3951 from brauner/2021-08-25.fixes
lxccontainer: fixes
Stéphane Graber [Sun, 31 Mar 2024 01:13:21 +0000 (21:13 -0400)]
Merge pull request #4416 from ffontaine/main
src/lxc/syscall_numbers.h: drop define -1
Fabrice Fontaine [Sat, 30 Mar 2024 15:50:46 +0000 (16:50 +0100)]
src/lxc/syscall_numbers.h: drop define -1
Drop "#define -1" to avoid the following m68k build failure with gcc 12:
In file included from ../src/lxc/syscall_wrappers.h:19,
from ../src/lxc/mount_utils.h:15,
from ../src/lxc/conf.h:24,
from ../src/lxc/log.h:19,
from ../src/lxc/storage/btrfs.c:20:
../src/lxc/syscall_numbers.h:423:25: error: macro names must be identifiers
423 | #define -1
| ^
Fixes:
- http://autobuild.buildroot.org/results/
f40a517eba86838b11b4b1d6a8a05b8233a3394d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Stéphane Graber [Tue, 26 Mar 2024 14:37:20 +0000 (10:37 -0400)]
Merge pull request #4346 from zhongTao99/fix
containers in the FREEZING state also need to be unfreeze
Serge Hallyn [Sat, 23 Mar 2024 01:34:50 +0000 (20:34 -0500)]
Merge pull request #4412 from petris/fix_rexec_free
rexec: Avoid invalid free in rexec failure path
Petr Malat [Tue, 12 Mar 2024 12:28:29 +0000 (13:28 +0100)]
rexec: Avoid invalid free in rexec failure path
Commit "rexec: free argv array on failure" used __do_free_string_list
as a destructor for argv, which is an array of pointers to a single
buffer and not an array of pointers to independent buffers, which leads
to an attempt to free invalid pointer whenever argv has more than one
element.
Structure argv as one memory block and use __do_free as the destructor.
Signed-off-by: Petr Malat <oss@malat.biz>
Stéphane Graber [Mon, 18 Mar 2024 07:28:38 +0000 (03:28 -0400)]
Merge pull request #4414 from cjavad/main
README: Correct 'armvl7' to 'armv7l'
Javad Shafique [Sun, 17 Mar 2024 21:18:35 +0000 (22:18 +0100)]
README: Correct 'armvl7' to 'armv7l'
Use the correct designation for the armv7l arch, as also reflected in src/lxc/confile.c.
Signed-off-by: Javad Shafique <javadshafique@hotmail.com>
Stéphane Graber [Mon, 11 Mar 2024 23:37:09 +0000 (19:37 -0400)]
Merge pull request #4411 from hallyn/2024-03-11/simplify-lookup_name
unshare: simplify lookup_name
Serge Hallyn [Mon, 11 Mar 2024 20:41:05 +0000 (15:41 -0500)]
unshare: simplify lookup_name
pass the optarg straight to getpwnam_r, instead of first
scanning the name out of it.
Signed-off-by: Serge Hallyn <serge@hallyn.com>
Stéphane Graber [Mon, 11 Mar 2024 19:42:22 +0000 (15:42 -0400)]
Merge pull request #4410 from HappyDrink-okk/main
lxc-unshare: fix an buffer overflow issue in lxc_unshare
HappyDrink-okk [Sun, 10 Mar 2024 07:45:34 +0000 (15:45 +0800)]
lxc-unshare: fix an buffer overflow issue in lxc_unshare
If the input parameter length is greater than PATH_MAX, a buffer overflow will occur.
Signed-off-by: HappyDrink-okk <liu7529@yeah.net>
Stéphane Graber [Fri, 23 Feb 2024 23:11:49 +0000 (18:11 -0500)]
Merge pull request #4397 from PoneyClairDeLune/patch-1
Assign IPv6 address and enable IPv6 NAT by default
Lumière Élevé [Thu, 8 Feb 2024 17:16:32 +0000 (17:16 +0000)]
lxc-net: Enable IPv6 by default
Signed-off-by: Lumière Élevé <88174309+PoneyClairDeLune@users.noreply.github.com>
Christian Brauner [Mon, 19 Feb 2024 12:38:08 +0000 (13:38 +0100)]
Merge pull request #4403 from mihalicyn/meson_fixup_1
github: master -> main & ossfuzz build fixes
Alexander Mikhalitsyn [Mon, 19 Feb 2024 09:05:43 +0000 (10:05 +0100)]
tests/meson: attempt to fix ossfuzz builds
As we link statically with liblxc, we don't need to
link with liblxc_ext_sources, as all the symbols will come
from liblxc.a itself.
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Alexander Mikhalitsyn [Mon, 19 Feb 2024 08:56:04 +0000 (09:56 +0100)]
github: master -> main
Our main branch is "main" for some time, but
in github scripts we still use "master" which is incorrect
and prevent some stuff from working.
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Christian Brauner [Sun, 18 Feb 2024 22:07:56 +0000 (23:07 +0100)]
Merge pull request #4401 from mihalicyn/meson_link_dynamically_fix
[RFC] meson: link dynamically
Alexander Mikhalitsyn [Sun, 18 Feb 2024 16:12:49 +0000 (17:12 +0100)]
meson: link with liblxc dynamically everywhere if possible
Link tests/tools/commands dynamically with liblxc if possible.
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Alexander Mikhalitsyn [Sun, 18 Feb 2024 16:05:10 +0000 (17:05 +0100)]
network: use IN_LIBLXC
Put a bunch of functions under #if IN_LIBLXC to compile-out
them when network.c is linked with tools/tests code.
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Alexander Mikhalitsyn [Sun, 18 Feb 2024 15:04:54 +0000 (16:04 +0100)]
storage_utils: move get_fssize to utils
This helper is used in the lxc/tools and it's
fully independent of storage_utils code, let's move it
to utils.c
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Alexander Mikhalitsyn [Sun, 18 Feb 2024 14:56:47 +0000 (15:56 +0100)]
storage_utils: unhide and rename is_valid_storage_type to lxc_is_valid_storage_type
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Alexander Mikhalitsyn [Sun, 18 Feb 2024 14:43:20 +0000 (15:43 +0100)]
confile: unhide lxc_config_parse_arch() helper
Looks safe enough to be available for liblxc users.
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Alexander Mikhalitsyn [Sun, 18 Feb 2024 14:24:29 +0000 (15:24 +0100)]
conf: reorganize/split code to utils.c
Move run_script/run_script_argv helpers to utils.c
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Alexander Mikhalitsyn [Sun, 18 Feb 2024 14:17:25 +0000 (15:17 +0100)]
conf: reorganize/split code to idmap_utils.c
Move some idmaps-related functions from lxc/conf.c
to a new idmap_utils.c file.
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Alexander Mikhalitsyn [Sat, 17 Feb 2024 15:58:02 +0000 (16:58 +0100)]
confile: unhide lxc_config_define*() helpers
Let's unhide lxc_config_define_add, lxc_config_define_load and
lxc_config_define_free helpers. These functions are safe enough
to be used by external tools. Semantic is also clear.
Reason is that we have lxc-start/lxc-execute tools which
use these symbols. Right now it works, because we just
link a whole liblxc statically to each lxc-* tool...
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Alexander Mikhalitsyn [Sat, 17 Feb 2024 15:47:41 +0000 (16:47 +0100)]
meson: introduce IN_LIBLXC preprocessor macro
The purpose of it is to tell us if we are compiling
liblxc or lxc test/tool/command.
This thing is needed to exclude unnecessary functions
from being compiled-in in the resulting executables
like lxc-start, lxc-attach, etc.
The problem is that lxc tools (lxc-start, lxc-stop, etc)
depend not only on the liblxc as a shared library, but also
require some non-exported symbols or helpers from liblxc
internals. So, we have to link these executables with some liblxc
object files directly which results in the dependency hell,
because linking one .c file from liblxc may end up having to
link with another one (what contains some dependency) and so on.
By using IN_LIBLXC in the liblxc internals we can selectively
omit some functions from being compiled in such cases.
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Alexander Mikhalitsyn [Sat, 17 Feb 2024 15:43:21 +0000 (16:43 +0100)]
confile: move lxc_fill_elevated_privileges() to tools/lxc_attach
lxc_fill_elevated_privileges() is used only in lxc-attach tool,
let's move this function in there.
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Stéphane Graber [Fri, 16 Feb 2024 04:01:44 +0000 (23:01 -0500)]
Merge pull request #4395 from tsnaik/mount-check
oci: resolve cross-filesystem blob caching failure
Christian Brauner [Thu, 15 Feb 2024 17:50:37 +0000 (18:50 +0100)]
Merge pull request #4398 from mihalicyn/usernic_fixes_2
tests: lxc-test-usernic: use iproute tool instead of brctl
Christian Brauner [Thu, 15 Feb 2024 17:50:19 +0000 (18:50 +0100)]
Merge pull request #4399 from mihalicyn/apparmor_lxc_copy
config: apparmor: add AppArmor profile for lxc-copy
Christian Brauner [Thu, 15 Feb 2024 17:50:06 +0000 (18:50 +0100)]
Merge pull request #4400 from mihalicyn/remove_old_cgroup_handling_in_tests
tests: remove old and broken cgroup handling code from tests
Alexander Mikhalitsyn [Thu, 15 Feb 2024 17:13:05 +0000 (18:13 +0100)]
tests: remove old and broken cgroup handling code from tests
We have removed the same piece of code in
ec85e5ca495 ("lxc-test-usernic: drop cgroup handling")
let's do the same for two other tests.
This fixes autopkgtests.
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Alexander Mikhalitsyn [Thu, 15 Feb 2024 16:59:59 +0000 (17:59 +0100)]
config: apparmor: add AppArmor profile for lxc-copy
lxc-copy can start container as lxc-start does in some cases,
so we need to have the same profile for it.
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Alexander Mikhalitsyn [Thu, 15 Feb 2024 16:37:24 +0000 (17:37 +0100)]
tests: lxc-test-usernic: use iproute tool instead of brctl
This is required to fix autopkgtest failures.
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Tanmay Naik [Sat, 3 Feb 2024 00:28:43 +0000 (00:28 +0000)]
oci: resolve cross-filesystem blob caching failure
This commit addresses an issue in the OCI template where lxc-create
fails if OCI-cache directory for blob caching is not on the same mount
as the destination OCI directory. lxc-create bails when skopeo tries to
create a hard-link across the two and fails.
For example, if /var/lib/lxc is a bind mountpoint of a random directory
and skopeo fails to hard-link across /var/cache/lxc and /var/lib/lxc
This commit introduces a check where if both directories are on not the
same mount points, it disables blob caching in skopeo and continues.
Signed-off-by: Tanmay Naik <tnaik96@gmail.com>
Stéphane Graber [Fri, 2 Feb 2024 21:11:14 +0000 (22:11 +0100)]
Merge pull request #4394 from hallyn/2024-02-02/test-usernic-fixes
test-usernic fixes
Serge Hallyn [Fri, 2 Feb 2024 16:41:11 +0000 (10:41 -0600)]
lxc-test-usernic: drop cgroup handling
This stuff is not needed in a modern systemd based system, and in fact
breaks. It would probably be better to detect such a system so that a
non-systemd box can still run this test. But I'm not sure what would be
reliable.
Signed-off-by: Serge Hallyn <serge@hallyn.com>
Serge Hallyn [Fri, 2 Feb 2024 16:39:16 +0000 (10:39 -0600)]
test-usernic: don't use ifconfig
ifconfig is not available on many modern systems. Use ip instead.
Maybe it would be better to detect what's available, but that
could become brittle.
Signed-off-by: Serge Hallyn <serge@hallyn.com>
Stéphane Graber [Tue, 30 Jan 2024 01:37:41 +0000 (02:37 +0100)]
Merge pull request #4391 from gibmat/fix-x32-container-creation
Add x32 to the list of recognized architectures
Mathias Gibbens [Tue, 30 Jan 2024 01:03:06 +0000 (01:03 +0000)]
Add x32 to the list of recognized architectures
LXC supports x32 containers, but currently creation of those containers is broken:
lxc-create: x32-test: ../src/lxc/confile.c: set_config_personality: 1432 Invalid argument - Unsupported personality "x32"
lxc-create: x32-test: ../src/lxc/parse.c: lxc_file_for_each_line_mmap: 129 Failed to parse config file "/var/lib/lxc/x32-test/config" at line "lxc.arch = x32"
lxc-create: x32-test: ../src/lxc/tools/lxc_create.c: main: 317 Failed to create container x32-test
Signed-off-by: Mathias Gibbens <gibmat@debian.org>
Stéphane Graber [Sun, 28 Jan 2024 23:17:29 +0000 (00:17 +0100)]
Merge pull request #4390 from jacobmcnamee/unpack-tar-xattrs
lxc-download, lxc-local: preserve xattrs on unpack
Jacob McNamee [Sun, 28 Jan 2024 20:57:24 +0000 (12:57 -0800)]
lxc-download, lxc-local: preserve xattrs on unpack
Update tar invocation to preserve all xattrs when unpacking the rootfs,
notably retaining security.capability xattrs (e.g. for ping, newuidmap)
Note: bsdtar already preserves xattrs with -p
Signed-off-by: Jacob McNamee <jacob@jacobmcnamee.com>
Christian Brauner [Fri, 26 Jan 2024 18:35:14 +0000 (19:35 +0100)]
Merge pull request #4388 from mihalicyn/plumb_userns_checks
tree-wide: use container_uses_namespace() in more places
Alexander Mikhalitsyn [Fri, 26 Jan 2024 16:20:27 +0000 (17:20 +0100)]
tree-wide: use container_uses_namespace() in less trivial cases
In our current codebase we have a logical pattern:
list_empty(&handler->conf->id_map)
*IF AND ONLY IF*
container does NOT use user namespace
Which is perfectly correct nowadays, but once we (hopefully)
get an "isolated user namespaces" stuff ready it won't be the case.
It will be perfectly fine to have a user namespace with empty
/proc/*/{u,g}id_map files. Nowadays it's also possible,
but this kind of a configuration close to useless and nobody
actually uses it.
No functional changes intended.
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Alexander Mikhalitsyn [Fri, 26 Jan 2024 16:01:46 +0000 (17:01 +0100)]
tree-wide: use container_uses_namespace() helper
No functional changes.
Will be useful in future support for an isolated
user namespaces [1]. I have already played with
that locally and found that in the LXC codebase
we have a bunch of different ways to ensure if
a container uses user namespaces or not.
This commit contains a trivial conversion from
an open-coded version of the container_uses_namespace()
helper to an actual use of the helper.
[1] https://lpc.events/event/17/contributions/1569/
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Stéphane Graber [Sun, 14 Jan 2024 21:53:37 +0000 (22:53 +0100)]
Merge pull request #4363 from zhaixiaojuan/main
Add loongarch64 support
Stéphane Graber [Thu, 11 Jan 2024 20:10:47 +0000 (21:10 +0100)]
Merge pull request #4382 from petermichaux/main
Add Verbose Output in Download Template
Peter Michaux [Sat, 6 Jan 2024 18:08:06 +0000 (10:08 -0800)]
Fix error message.
Signed-off-by: Peter Michaux <petermichaux@gmail.com>
Peter Michaux [Sat, 6 Jan 2024 17:51:13 +0000 (09:51 -0800)]
Add verbose output in download template.
Signed-off-by: Peter Michaux <petermichaux@gmail.com>
Stéphane Graber [Sat, 6 Jan 2024 15:12:24 +0000 (16:12 +0100)]
Merge pull request #4381 from petermichaux/patch-1
Align columns in lxc-download.in template
Peter Michaux [Sat, 6 Jan 2024 06:10:34 +0000 (22:10 -0800)]
Align columns in lxc-download.in template
Signed-off-by: Peter Michaux <petermichaux@gmail.com>
Adam Stephens [Wed, 27 Dec 2023 19:58:56 +0000 (14:58 -0500)]
build: add more options for customizing install
Signed-off-by: Adam Stephens <adam@valkor.net>
zhaixiaojuan [Thu, 2 Nov 2023 08:14:45 +0000 (16:14 +0800)]
Add loongarch64 support
Signed-off-by: zhaixiaojuan <zhaixiaojuan@loongson.cn>
Stéphane Graber [Mon, 18 Dec 2023 13:56:58 +0000 (08:56 -0500)]
Merge pull request #4375 from lxc/dependabot/github_actions/actions/upload-artifact-4
build(deps): bump actions/upload-artifact from 3 to 4
dependabot[bot] [Mon, 18 Dec 2023 13:13:10 +0000 (13:13 +0000)]
build(deps): bump actions/upload-artifact from 3 to 4
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3 to 4.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v3...v4)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Stéphane Graber [Wed, 13 Dec 2023 18:18:29 +0000 (13:18 -0500)]
Merge pull request #3236 from xinhua9569/master
config: try to create workdir if not exist
dongxinhua [Mon, 23 Dec 2019 10:59:29 +0000 (18:59 +0800)]
config: try to create workdir if not exist
Signed-off-by: dongxinhua <dongxinhua@huawei.com>
Stéphane Graber [Mon, 11 Dec 2023 22:23:55 +0000 (17:23 -0500)]
Merge pull request #4368 from desultory/main
Updated lxc-local template
Zen [Thu, 16 Nov 2023 17:49:43 +0000 (11:49 -0600)]
lxc-local: Add --no-dev option to exclude /dev from the fstree
Signed-off-by: Zen <z@pyl.onl>
Zen [Thu, 16 Nov 2023 16:35:53 +0000 (10:35 -0600)]
lxc-local: Re-organize code to use more functions
Signed-off-by: Zen <z@pyl.onl>
Zen [Thu, 16 Nov 2023 16:45:02 +0000 (10:45 -0600)]
lxc-local: Improve usage info
Signed-off-by: Zen <z@pyl.onl>