Re: [lxc-devel] [RFC 0/5] stop hook with namespace access

> On September 28, 2015 at 5:14 PM Serge Hallyn wrote: > Quoting Wolfgang Bumiller (w.bumil...@proxmox.com): > > Just a quick followup: > > What about actually shipping this in /usr/share/lxc/hooks/ > from lxc/hooks ? Sure, could add it to the patch list if the code's

Re: [lxc-devel] [RFC 3/5] added stop-hook entries

> On September 28, 2015 at 5:07 PM Serge Hallyn wrote: > > > Quoting Wolfgang Bumiller (w.bumil...@proxmox.com): > > No signed-off-by > > Note this will need a very good description in the documentation, > to explain that this will run as a child of the monitor in the

Re: [lxc-devel] [RFC 5/5] pass namespace handles to the stop hook

> On September 28, 2015 at 5:12 PM Serge Hallyn wrote: > > > Quoting Wolfgang Bumiller (w.bumil...@proxmox.com): > > --- (...) > > + rc = asprintf([namespace_count++], > > "%s:/proc/%d/fd/%d", > > +

[lxc-devel] [PATCH] Cleanup parts of lxc-destroy

A bit of pedantry usually doesn't hurt. The code should be easier to follow now and avoids some repetitions. Signed-off-by: Christian Brauner --- src/lxc/lxc_destroy.c | 31 +-- 1 file changed, 17 insertions(+), 14 deletions(-) diff

[lxc-devel] [lxc/lxc] 6de26a: CVE-2015-1335: Protect container mounts against sy...

Branch: refs/heads/lxc/stable-1.1 Home: https://github.com/lxc/lxc Commit: 6de26af93d3dd87c8b21a42fdf20f30fa1c1948d https://github.com/lxc/lxc/commit/6de26af93d3dd87c8b21a42fdf20f30fa1c1948d Author: Serge Hallyn Date: 2015-09-29 (Tue, 29 Sep 2015)

[lxc-devel] [lxc/lxc]

Branch: refs/heads/stgraber/master Home: https://github.com/lxc/lxc ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel

[lxc-devel] [lxc/lxc] 592fd4: CVE-2015-1335: Protect container mounts against sy...

Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 592fd47a6245508b79fe6ac819fe6d3b2c1289be https://github.com/lxc/lxc/commit/592fd47a6245508b79fe6ac819fe6d3b2c1289be Author: Serge Hallyn Date: 2015-09-29 (Tue, 29 Sep 2015) Changed

[lxc-devel] [lxc/lxc]

Branch: refs/heads/lxc/stable-0.7.4 Home: https://github.com/lxc/lxc ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel

[lxc-devel] [lxc/lxc]

Branch: refs/heads/lxc/stable-1.1 Home: https://github.com/lxc/lxc ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel

[lxc-devel] Errored: lxc/lxc#1259 (lxc/stable-1.0 - 6bbb810)

Build Update for lxc/lxc - Build: #1259 Status: Errored Duration: 8 seconds Commit: 6bbb810 (lxc/stable-1.0) Author: Serge Hallyn Message: CVE-2015-1335: Protect container mounts against symlinks When a container starts up, lxc sets up the container's inital

[lxc-devel] Errored: lxc/lxc#1263 (stable-1.1 - 6de26af)

Build Update for lxc/lxc - Build: #1263 Status: Errored Duration: 2 minutes and 7 seconds Commit: 6de26af (stable-1.1) Author: Serge Hallyn Message: CVE-2015-1335: Protect container mounts against symlinks When a container starts up, lxc sets up the

[lxc-devel] [lxc/lxc]

Branch: refs/heads/lxc/master Home: https://github.com/lxc/lxc ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel

[lxc-devel] LXC security issue - affects all supported releases

Hello, During a recent security audit of LXC, Roman Fiedler identified a security vulnerability in LXC. CVE 2015-1335: When a container starts up, lxc sets up the container's inital fstree by doing a bunch of mounting, guided by the container configuration file. The container config

[lxc-devel] Errored: lxc/lxc#1258 (lxc/stable-1.1 - 6de26af)

Build Update for lxc/lxc - Build: #1258 Status: Errored Duration: 38 seconds Commit: 6de26af (lxc/stable-1.1) Author: Serge Hallyn Message: CVE-2015-1335: Protect container mounts against symlinks When a container starts up, lxc sets up the container's inital

[lxc-devel] [lxc/lxc] 42de8e: coverity: drop second (redundant) block

Branch: refs/heads/stable-1.0 Home: https://github.com/lxc/lxc Commit: 42de8e091032f41639945837c9dee1cdfd371410 https://github.com/lxc/lxc/commit/42de8e091032f41639945837c9dee1cdfd371410 Author: Serge Hallyn Date: 2015-09-29 (Tue, 29 Sep 2015)

[lxc-devel] [lxc/lxc]

Branch: refs/heads/lxc/stable-0.7.4 Home: https://github.com/lxc/lxc ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel

[lxc-devel] Errored: lxc/lxc#1262 (stgraber/master - 09b633d)

Build Update for lxc/lxc - Build: #1262 Status: Errored Duration: 13 seconds Commit: 09b633d (stgraber/master) Author: Stéphane Graber Message: Fix API stop race condition Signed-off-by: Stéphane Graber View the changeset:

Re: [lxc-devel] [RFC 0/5] stop hook with namespace access

Quoting Wolfgang Bumiller (w.bumil...@proxmox.com): > > On September 28, 2015 at 5:14 PM Serge Hallyn > > wrote: > > Quoting Wolfgang Bumiller (w.bumil...@proxmox.com): > > > Just a quick followup: > > > > What about actually shipping this in /usr/share/lxc/hooks/ > >

[lxc-devel] Errored: lxc/lxc#1260 (lxc/master - 592fd47)

Build Update for lxc/lxc - Build: #1260 Status: Errored Duration: 1 minute and 14 seconds Commit: 592fd47 (lxc/master) Author: Serge Hallyn Message: CVE-2015-1335: Protect container mounts against symlinks When a container starts up, lxc sets up the

[lxc-devel] [lxc/lxc] 2c4db3: lxc-test-symlink: Background the containers

Branch: refs/heads/stable-1.0 Home: https://github.com/lxc/lxc Commit: 2c4db3fa6e2a1d14b233d82f5061cfe6a444b135 https://github.com/lxc/lxc/commit/2c4db3fa6e2a1d14b233d82f5061cfe6a444b135 Author: Stéphane Graber Date: 2015-09-29 (Tue, 29 Sep 2015)

[lxc-devel] [lxc/lxc] 6de26a: CVE-2015-1335: Protect container mounts against sy...

Branch: refs/heads/stable-1.1 Home: https://github.com/lxc/lxc Commit: 6de26af93d3dd87c8b21a42fdf20f30fa1c1948d https://github.com/lxc/lxc/commit/6de26af93d3dd87c8b21a42fdf20f30fa1c1948d Author: Serge Hallyn Date: 2015-09-29 (Tue, 29 Sep 2015)

[lxc-devel] [lxc/lxc] 61ef7b: coverity: drop second (redundant) block

Branch: refs/heads/stable-1.1 Home: https://github.com/lxc/lxc Commit: 61ef7bccafa11d2a046df0a816aea186c5fed601 https://github.com/lxc/lxc/commit/61ef7bccafa11d2a046df0a816aea186c5fed601 Author: Serge Hallyn Date: 2015-09-29 (Tue, 29 Sep 2015)

[lxc-devel] Passed: brauner/lxc#2 (lxccopy_master - a1bdd24)

Build Update for brauner/lxc - Build: #2 Status: Passed Duration: 1 minute and 12 seconds Commit: a1bdd24 (lxccopy_master) Author: Christian Brauner Message: Sensible names for mount keys for switch statement Signed-off-by: Christian Brauner

Re: [lxc-devel] Passed: brauner/lxc#2 (lxccopy_master - a1bdd24)

Sorry, Travis somehow suddenly pushed it to the mailing list instead only me! On Tue, Sep 29, 2015 at 05:10:40PM +, Travis CI wrote: > Build Update for brauner/lxc > - > > Build: #2 > Status: Passed > > Duration: 1 minute and 12 seconds > Commit: a1bdd24

[lxc-devel] Passed: brauner/lxc#1 (master - 592fd47)

Build Update for brauner/lxc - Build: #1 Status: Passed Duration: 1 minute and 50 seconds Commit: 592fd47 (master) Author: Serge Hallyn Message: CVE-2015-1335: Protect container mounts against symlinks When a container starts up, lxc sets up the container's

[lxc-devel] [PATCH v2] Cleanup parts of lxc-destroy

A bit of pedantry usually doesn't hurt. The code should be easier to follow now and avoids some repetitions. Signed-off-by: Christian Brauner --- src/lxc/lxc_destroy.c | 27 ++- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git

Re: [lxc-devel] [PATCH] Cleanup parts of lxc-destroy

Quoting Christian Brauner (christianvanbrau...@gmail.com): > A bit of pedantry usually doesn't hurt. The code should be easier to follow > now > and avoids some repetitions. > > Signed-off-by: Christian Brauner The second hunk is ok, the first I think makes it

[lxc-devel] [lxc/lxc] 4928c7: Define O_PATH and O_NOFOLLOW for Android

Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 4928c7186c4d3578de73fddb3d88038a25a327b3 https://github.com/lxc/lxc/commit/4928c7186c4d3578de73fddb3d88038a25a327b3 Author: Stéphane Graber Date: 2015-09-29 (Tue, 29 Sep 2015) Changed

[lxc-devel] [lxc/lxc] 27ec06: Define O_PATH and O_NOFOLLOW for Android

Branch: refs/heads/stable-1.0 Home: https://github.com/lxc/lxc Commit: 27ec06f902d4433ae87f03b25395da7003438bd3 https://github.com/lxc/lxc/commit/27ec06f902d4433ae87f03b25395da7003438bd3 Author: Stéphane Graber Date: 2015-09-29 (Tue, 29 Sep 2015)

[lxc-devel] [lxc/lxc] dbcb84: Define O_PATH and O_NOFOLLOW for Android

Branch: refs/heads/stable-1.1 Home: https://github.com/lxc/lxc Commit: dbcb844f62bcb344378e7f845c60720d0c9da95f https://github.com/lxc/lxc/commit/dbcb844f62bcb344378e7f845c60720d0c9da95f Author: Stéphane Graber Date: 2015-09-29 (Tue, 29 Sep 2015)