summaryrefslogtreecommitdiff
path: root/src/nspawn/nspawn.c
AgeCommit message (Collapse)Author
2012-09-21nspawn: document why we don't check resolv.conf mount errorsLennart Poettering
2012-09-21nspawn: we can't overmount /etc/localtime anymore since it's usually a ↵Lennart Poettering
symlink now Create the right symlink if possible for /etc/localtime
2012-09-16nspawn: fix memleak introduced with automatic cleanupZbigniew Jędrzejewski-Szmek
6b2d0e8 introduced a memleak instead of fixing one. Fix both.
2012-09-16nspawn: use automatic cleanup for umaskZbigniew Jędrzejewski-Szmek
2012-09-16nspawn: _cleanup_free_ moreZbigniew Jędrzejewski-Szmek
2012-09-16nspawn: use automatic cleanupZbigniew Jędrzejewski-Szmek
This one actually clears up a (totally harmless) memleak.
2012-09-16nspawn: mount tmpfs on /dev/shmZbigniew Jędrzejewski-Szmek
Most things seem to function fine without /dev/shm, but it is expected to be there (quoting linux/Documentation/filesystems/tmpfs.txt: glibc 2.2 and above expects tmpfs to be mounted at /dev/shm for POSIX shared memory (shm_open, shm_unlink)). Since /tmp/ is already mounted as tmpfs, it would be enough to mkdir /tmp/shm and chmod it. Mounting it separately has the advantage that it can be easily remounted to change the quota.
2012-09-05nspawn: handle poweroff/reboot nicely in containersLennart Poettering
2012-09-05nspawn: don't provide /dev/rtc0 in the containerLennart Poettering
Since RTCs are hardware devices and are very much shared resources we should avoid to provide them in each container.
2012-09-05nspawn: generate a new randomized boot ID for each containerLennart Poettering
2012-09-05nspawn: if a file system comes pre-mounted, still do the read-only remountsLennart Poettering
2012-09-04nspawn: skip mounts if already mountedLennart Poettering
2012-09-04nspawn: mount a clean instance of sysfsLennart Poettering
2012-08-21nspawn: add /dev FD symlinks in container setupDave Reisner
This creates /dev/fd, /dev/stdin, /dev/stdout, /dev/stderr, and /dev/core as symlinks to /proc on container creation. Except for /dev/core, these are needed for shells like bash to be fully functional.
2012-08-13nspawn,namespaces: make sure we recursively bind mount things inLennart Poettering
We want to make sure that everything from the host is also visible in the sandbox.
2012-08-13nspawn: unset a few unnecessary params to mount()Lennart Poettering
2012-08-13nspawn: inherit mounts from real root, don't propagate mounts to real rootLennart Poettering
2012-07-26log.h: new log_oom() -> int -ENOMEM, use itShawn Landden
also a number of minor fixups and bug fixes: spelling, oom errors that didn't print errors, not properly forwarding error codes, few more consistency issues, et cetera
2012-07-25use "Out of memory." consistantly (or with "\n")Shawn Landden
glibc/glib both use "out of memory" consistantly so maybe we should consider that instead of this. Eliminates one string out of a number of binaries. Also fixes extra newline in udev/scsi_id
2012-07-19nspawn: generate proper error messages in the childLennart Poettering
2012-07-19nspawn: introduce new --link-journal= switch to link container journals into ↵Lennart Poettering
host
2012-07-16unit: introduce %s specifier for the user shellLennart Poettering
2012-06-28nspawn: introduce new --capabilities= flag and make use of it in the nspawn ↵Lennart Poettering
test case
2012-05-31mkdir: append _label to all mkdir() calls that explicitly set the selinux ↵Kay Sievers
context
2012-05-24main: add configuration option to alter capability bounding set for PID 1Lennart Poettering
This also ensures that caps dropped from the bounding set are also dropped from the inheritable set, to be extra-secure. Usually that should change very little though as the inheritable set is empty for all our uses anyway.
2012-05-08util: split-out path-util.[ch]Kay Sievers
2012-04-25nspawn: add --read-only switchLennart Poettering
2012-04-25nspawn: bind mount /etc/resolv.conf from the host by defaultLennart Poettering
2012-04-22nspawn: add --uuid= switch to allow setting the machine id for the containerLennart Poettering
2012-04-22nspawn: add -b switch to automatically look for an init binaryLennart Poettering
2012-04-22nspawn: be more careful when initializing the hostname from the directory nameLennart Poettering
2012-04-22nspawn: make /dev/kmsg unavailable in the container, but allow access to ↵Lennart Poettering
/proc/kmsg
2012-04-18remove MS_* which can not be combined with current kernel codeKay Sievers
MS_BIND|MS_MOVE can not be combined: do_mount() else if (flags & MS_BIND) do_loopback(&path, dev_name, flags & MS_REC); [...] else if (flags & MS_MOVE) do_move_mount(&path, dev_name); MS_REMOUNT|MS_UNBINDABLE can not be combined: do_mount() if (flags & MS_REMOUNT) do_remount(&path, flags & ~MS_REMOUNT, mnt_flags, data_page); [...] else if (flags & (MS_SHARED | MS_PRIVATE | MS_SLAVE | MS_UNBINDABLE)) do_change_type(&path, flags);
2012-04-13nspawn: add missing include linesLennart Poettering
2012-04-13nspawn: fake /dev/kmsg and /proc/kmsg as fifoLennart Poettering
2012-04-12move all tools to subdirsKay Sievers