This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "lxc".
The branch, master has been updated via ce6ce9d662b4ee8c0a10088867826a6725e06f70 (commit) via 49ee6cdcbf79d8b6fa617479ec8ab753ccca923d (commit) via cb014488ee24072579837439389552ce3d6cbb83 (commit) via 99d509541d82f247b3225d243fff5359574817ff (commit) via e073270504f2f5c5df90bfcc4917d2d20b73d1e7 (commit) via 525f00025700ae351b9c53dfb0d5f10a70d6b083 (commit) via 28f2ae839d00373d093234ffbc9bbb4ef5f9d10e (commit) via 3ea24eb8e68ba18e215aec0f10d96f75b23c340b (commit) via e16dad106358ae045cdcb1d86fcf3c85ca76724f (commit) via d79579e87406e8c239014dad04c5d310e553a8dd (commit) via d55bc1adad2f4929d26d91b295115a77ca6a0d05 (commit) via 5170c716339cc57e4df2315f24abd18f7fc05d08 (commit) via 20d816599f954e7e5864d39884cc0de56f9358fd (commit) via 5781a74a8af3057ce7b561f454e2b5b0925b1f76 (commit) via 307cf2a670fc8979b84d888f2720a827bcfa5291 (commit) from aa198728a83e7016cd02583349fce1f5b1a60c66 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ce6ce9d662b4ee8c0a10088867826a6725e06f70 Author: Jon Nordby <jono...@gmail.com> Date: Thu Feb 23 09:57:26 2012 +0100 fix-automake-1.13 ## 0001-Replace-pkglib_PROGRAMS-with-pkglibexec_PROGRAMS.patch [diff] From 95c566740bba899acc7792c11fcdb3f4d32dcfc9 Mon Sep 17 00:00:00 2001 From: Jon Nordby <jono...@gmail.com> Date: Fri, 10 Feb 2012 11:38:35 +0100 Subject: [PATCH] Replace pkglib_PROGRAMS with pkglibexec_PROGRAMS Without this change, autogen.sh fails with automake 1.11.3 Signed-off-by: Daniel Lezcano <dlezc...@fr.ibm.com> commit 49ee6cdcbf79d8b6fa617479ec8ab753ccca923d Author: Christian Seiler <christ...@iwakd.de> Date: Thu Feb 23 09:57:14 2012 +0100 Add man page for lxc-attach Signed-off-by: Daniel Lezcano <dlezc...@fr.ibm.com> commit cb014488ee24072579837439389552ce3d6cbb83 Author: Christian Seiler <christ...@iwakd.de> Date: Thu Feb 23 09:57:14 2012 +0100 lxc-attach: Drop privileges when attaching to container unless requested otherwise lxc-attach will now put the process that is attached to the container into the correct cgroups corresponding to the container, set the correct personality and drop the privileges. The information is extracted from entries in /proc of the init process of the container. Note that this relies on the (reasonable) assumption that the init process does not in fact drop additional capabilities from its bounding set. Additionally, 2 command line options are added to lxc-attach: One to prevent the capabilities from being dropped and the process from being put into the cgroup (-e, --elevated-privileges) and a second one to explicitly state the architecture which the process will see, (-a, --arch) which defaults to the container's current architecture. Signed-off-by: Daniel Lezcano <dlezc...@fr.ibm.com> commit 99d509541d82f247b3225d243fff5359574817ff Author: Christian Seiler <christ...@iwakd.de> Date: Thu Feb 23 09:57:14 2012 +0100 Move lxc_attach from namespace.c to attach.c and rename it to lxc_attach_to_ns Since lxc-attach helper functions now have an own source file, lxc_attach is moved from namespace.c to attach.c and is renamed to lxc_attach_to_ns, because that better reflects what the function does (attaching to a container can also contain the setting of the process's personality, adding it to the corresponding cgroups and dropping specific capabilities). Signed-off-by: Daniel Lezcano <dlezc...@fr.ibm.com> commit e073270504f2f5c5df90bfcc4917d2d20b73d1e7 Author: Christian Seiler <christ...@iwakd.de> Date: Thu Feb 23 09:57:14 2012 +0100 Add attach.[ch]: Helper functions for lxc-attach The following helper functions for lxc-attach are added to a new file attach.c: - lxc_proc_get_context_info: Get cgroup memberships, personality and capability bounding set from /proc for a given process. - lxc_proc_free_context_info: Free the data structure responsible - lxc_attach_proc_to_cgroups: Add the process specified by the pid parameter to the cgroups given by the ctx parameter. - lxc_attach_drop_privs: Drop capabilities to the capability mask given in the ctx parameter. Signed-off-by: Daniel Lezcano <dlezc...@fr.ibm.com> commit 525f00025700ae351b9c53dfb0d5f10a70d6b083 Author: Christian Seiler <christ...@iwakd.de> Date: Thu Feb 23 09:57:14 2012 +0100 Add lxc_config_parse_arch to parse architecture strings Add the function lxc_config_parse_arch that parses an architecture string (x86, i686, x86_64, amd64) and returns the corresponding personality. This is required for lxc-attach, which accepts architectures independently of lxc.arch. The parsing of lxc.arch now also uses the same function to ensure consistency. Signed-off-by: Daniel Lezcano <dlezc...@fr.ibm.com> commit 28f2ae839d00373d093234ffbc9bbb4ef5f9d10e Author: Christian Seiler <christ...@iwakd.de> Date: Thu Feb 23 09:57:14 2012 +0100 cgroup: Make cgroup_attach a public function lxc-attach needs to be able to attach a process to specific cgroup, so cgroup_attach is renamed to lxc_cgroup_attach and now also defined in the header file. Signed-off-by: Daniel Lezcano <dlezc...@fr.ibm.com> commit 3ea24eb8e68ba18e215aec0f10d96f75b23c340b Author: Christian Seiler <christ...@iwakd.de> Date: Thu Feb 23 09:57:13 2012 +0100 Enable get_cgroup_mount to search for mount points satisfying multiple subsystems at once lxc-attach functionality reads /proc/init_pid/cgroup to determine the cgroup of the container for a given subsystem. However, since subsystems may be mounted together, we want to be on the safe side and be sure that we really find the correct mount point, so we allow get_cgroup_mount to check for *all* the subsystems; the subsystem parameter may now be a comma-separated list. Signed-off-by: Daniel Lezcano <dlezc...@fr.ibm.com> commit e16dad106358ae045cdcb1d86fcf3c85ca76724f Author: Christian Seiler <christ...@iwakd.de> Date: Thu Feb 23 09:57:13 2012 +0100 Add missing double-include #ifndef/#define/#endif to confile.h Signed-off-by: Daniel Lezcano <dlezc...@fr.ibm.com> commit d79579e87406e8c239014dad04c5d310e553a8dd Author: Christian Seiler <christ...@iwakd.de> Date: Thu Feb 23 09:57:13 2012 +0100 Add missing 'extern' keyword to functions defined in cgroup.h Signed-off-by: Daniel Lezcano <dlezc...@fr.ibm.com> commit d55bc1adad2f4929d26d91b295115a77ca6a0d05 Author: Christian Seiler <christ...@iwakd.de> Date: Thu Feb 23 09:57:13 2012 +0100 Accept numeric values for capabilities to drop lxc.cap.drop now also accepts numeric values for capabilities. This allows the user to specify capabilities LXC doesn't know about yet or capabilities that were not part of the kernel headers LXC was compiled against. Signed-off-by: Daniel Lezcano <dlezc...@fr.ibm.com> commit 5170c716339cc57e4df2315f24abd18f7fc05d08 Author: Christian Seiler <christ...@iwakd.de> Date: Thu Feb 23 09:57:13 2012 +0100 Add CAP_SYSLOG and CAP_WAKE_ALARM to list of capabilities Signed-off-by: Daniel Lezcano <dlezc...@fr.ibm.com> commit 20d816599f954e7e5864d39884cc0de56f9358fd Author: Christian Seiler <christ...@iwakd.de> Date: Thu Feb 23 09:57:13 2012 +0100 Add function to determine CAP_LAST_CAP of the current kernel dynamically The function lxc_caps_last_cap() determines CAP_LAST_CAP of the current kernel dynamically. It first tries to read /proc/sys/kernel/cap_last_cap. If that fails, because the kernel does not support this interface yet, it loops through all capabilities and tries to determine whether the current capability is part of the bounding set. The first capability for which prctl() fails is considered to be CAP_LAST_CAP. Signed-off-by: Daniel Lezcano <dlezc...@fr.ibm.com> commit 5781a74a8af3057ce7b561f454e2b5b0925b1f76 Author: Jian Xiao <j...@linux.vnet.ibm.com> Date: Thu Feb 23 09:57:13 2012 +0100 correctly install signal handler for lxc-init This patch is to correct the manipulation of signal masks when installing signal handlers for lxc-init. Signed-off-by: Jian Xiao <j...@linux.vnet.ibm.com> Signed-off-by: Greg Kurz <gk...@fr.ibm.com> Signed-off-by: Daniel Lezcano <dlezc...@fr.ibm.com> commit 307cf2a670fc8979b84d888f2720a827bcfa5291 Author: Jian Xiao <j...@linux.vnet.ibm.com> Date: Thu Feb 23 09:57:13 2012 +0100 remove redundent LXC_TTY_HANDLER All the signals (except fatal ones) are redirected to signalfd at lxc_init, so the LXC_TTY_HANDLERs are redundant. This patch removes them. Signed-off-by: Jian Xiao <j...@linux.vnet.ibm.com> Signed-off-by: Daniel Lezcano <dlezc...@fr.ibm.com> ----------------------------------------------------------------------- Summary of changes: configure.ac | 3 +- doc/Makefile.am | 1 + doc/lxc-attach.sgml.in | 189 ++++++++++++++++++++++++++ doc/see_also.sgml.in | 5 + src/lxc/Makefile.am | 6 +- src/lxc/attach.c | 280 +++++++++++++++++++++++++++++++++++++++ src/lxc/{monitor.h => attach.h} | 33 +++-- src/lxc/caps.c | 46 +++++++ src/lxc/caps.h | 2 + src/lxc/cgroup.c | 35 +++++- src/lxc/cgroup.h | 11 +- src/lxc/conf.c | 23 +++ src/lxc/confile.c | 52 ++++--- src/lxc/confile.h | 8 + src/lxc/lxc_attach.c | 117 ++++++++++++++-- src/lxc/lxc_init.c | 22 +++- src/lxc/namespace.c | 47 ------- src/lxc/namespace.h | 1 - src/lxc/start.c | 9 -- src/lxc/utils.h | 29 +---- 20 files changed, 770 insertions(+), 149 deletions(-) create mode 100644 doc/lxc-attach.sgml.in create mode 100644 src/lxc/attach.c copy src/lxc/{monitor.h => attach.h} (58%) hooks/post-receive -- lxc ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ _______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel