summaryrefslogtreecommitdiff
path: root/src/nspawn.c
AgeCommit message (Collapse)Author
2012-04-10rename basic.la to shared.la and put selinux deps in shared-selinx.laKay Sievers
Only 34 of 74 tools need libselinux linked, and libselinux is a pain with its unconditional library constructor.
2012-04-10util: move all to shared/ and split external dependencies in separate ↵Kay Sievers
internal libraries Before: $ ldd /lib/systemd/systemd-timestamp linux-vdso.so.1 => (0x00007fffb05ff000) libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f90aac57000) libcap.so.2 => /lib64/libcap.so.2 (0x00007f90aaa53000) librt.so.1 => /lib64/librt.so.1 (0x00007f90aa84a000) libc.so.6 => /lib64/libc.so.6 (0x00007f90aa494000) /lib64/ld-linux-x86-64.so.2 (0x00007f90aae90000) libdl.so.2 => /lib64/libdl.so.2 (0x00007f90aa290000) libattr.so.1 => /lib64/libattr.so.1 (0x00007f90aa08a000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f90a9e6e000) After: $ ldd systemd-timestamp linux-vdso.so.1 => (0x00007fff3cbff000) libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f5eaa1c3000) librt.so.1 => /lib64/librt.so.1 (0x00007f5ea9fbb000) libc.so.6 => /lib64/libc.so.6 (0x00007f5ea9c04000) /lib64/ld-linux-x86-64.so.2 (0x00007f5eaa3fc000) libdl.so.2 => /lib64/libdl.so.2 (0x00007f5ea9a00000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f5ea97e4000)
2012-03-15nspawn: mount /etc/timezone into nspawn environment tooLennart Poettering
2012-03-06nspawn: be less cryptic when clone() failsLennart Poettering
Based on a patch suggested by Shawn Landden.
2012-01-05build-sys: move public header files into a dir of their ownLennart Poettering
2012-01-03nspawn: get rid of BUFFER_SIZE, use LINE_MAX insteadLennart Poettering
2011-10-11util: properly detect what the last capability isLennart Poettering
2011-09-23nspawn: set env var container=systemd-nspawn, following the scheme lxc ↵Lennart Poettering
introduced
2011-09-23coverity: change a few things so that coverity doesn't show so many false ↵Lennart Poettering
positives
2011-08-23cgroup: optionally mount a specific cgroup controllers together, and add ↵Lennart Poettering
cpu+cpuacct to the default
2011-08-19PATCH: add missing header includeFrederic Crozat
Hi, MS_REC is not always defined in sys/mount.h. linux/fs.h should be included, since it is always defined there. -- Frederic Crozat <fcrozat@suse.com> SUSE >From 9f8a50decf45aaa4436b9fb3a0ab360f238b7d96 Mon Sep 17 00:00:00 2001 From: Frederic Crozat <fcrozat@suse.com> Date: Thu, 18 Aug 2011 15:42:29 +0200 Subject: [PATCH] nspawn: add missing include header for MS_REC.
2011-08-02exec: introduce PrivateNetwork= process option to turn off network access to ↵Lennart Poettering
specific services
2011-08-02nspawn: add new --no-net switch to turn off networking in the containerLennart Poettering
2011-08-01umask: change default umask to 0022 just to be sure, and set it explicitly ↵Lennart Poettering
in all binaries, in order to make sure it is set when started from the terminal
2011-07-29nspawn: properly bind mount /sys/fs/selinux into container, since /selinux ↵Lennart Poettering
moved there
2011-07-23nspawn: mount a new /proc instance in the container so that we don't see the ↵Lennart Poettering
hosts' PID tree This partially reverts f5c1b9eeb94c112e5dac09fc6a47c571356c30c0.
2011-07-13nspawn: compress mount table a bitLennart Poettering
2011-07-13nspawn: always use bind mounts to make API file systems available in the ↵Lennart Poettering
container This ensures that read-only flags are never passed from the container to the host OS.
2011-07-01nspawn: better use setresuid() instead of setreuid()Lennart Poettering
2011-07-01nspawn: spawn shell under specified --userMichal Vyskocil
Add -u/--user option, which changes the effective and real user and group id to the new value. The user must exists in the chroot, otherwise it will fail. Both username and user id are accepted. The user home is created as well. It also setup HOME, USER, LOGNAME and SHELL variables .
2011-06-28execute: don't choke when systemd was compiled with a different CAP_LAST_CAP ↵Lennart Poettering
then what it is run with
2011-06-14mount /run without MS_NOEXECKay Sievers
2011-04-20nspawn: don't fail when we receive SIGCHLDLennart Poettering
https://bugs.freedesktop.org/show_bug.cgi?id=36148
2011-03-28use /run instead of /dev/.runKay Sievers
Instead of the /dev/.run trick we have currently implemented, we decided to move the early-boot runtime dir to /run. An existing /var/run directory is bind-mounted to /run. If /var/run is already a symlink, no action is taken. An existing /var/lock directory is bind-mounted to /run/lock. If /var/lock is already a symlink, no action is taken. To implement the directory vs. symlink logic, we have a: ConditionPathIsDirectory= now, which is used in the mount units. Skipped mount unit in case of symlink: $ systemctl status var-run.mount var-run.mount - Runtime Directory Loaded: loaded (/lib/systemd/system/var-run.mount) Active: inactive (dead) start condition failed at Fri, 25 Mar 2011 04:51:41 +0100; 6min ago Where: /var/run What: /run CGroup: name=systemd:/system/var-run.mount The systemd rpm needs to make sure to add something like: %pre mkdir -p -m0755 /run >/dev/null 2>&1 || : or it needs to be added to filesystem.rpm. Udev -git already uses /run if that exists, and is writable at bootup. Otherwise it falls back to the current /dev/.udev. Dracut and plymouth need to be adopted to switch from /dev/.run to run too. Cheers, Kay
2011-03-16nspawn: bind mount /etc/localtimeLennart Poettering
2011-03-16nspawn: make tty code more robust against closed/reopened /dev/consoleLennart Poettering
2011-03-16nspawn: allocate a new pty instead of passing ours through to avoid terminal ↵Lennart Poettering
settings chaos
2011-03-14nspawn: move container into its own name=systemd cgroupLennart Poettering
2011-03-14nspawn: don't require selinux on if it is compiled inLennart Poettering
2011-03-14nspawn: mount /selinux if neededLennart Poettering
2011-03-14nspawn: we don't want a network namespaceLennart Poettering
2011-03-14main: log to the console in a containerLennart Poettering
2011-03-14nspawn: reset environment and load login shellLennart Poettering
2011-03-14nspawn: reset umask if neededLennart Poettering
2011-03-14nspawn: define MS_MOVE manually if neededLennart Poettering
2011-03-14nspawn: improve exit warningLennart Poettering
2011-03-14nspawn: add simple chroot(1) like tool to execute commands in a namespace ↵Lennart Poettering
container