Age | Commit message (Collapse) | Author | |
---|---|---|---|
2012-09-21 | nspawn: document why we don't check resolv.conf mount errors | Lennart Poettering | |
2012-09-21 | nspawn: we can't overmount /etc/localtime anymore since it's usually a ↵ | Lennart Poettering | |
symlink now Create the right symlink if possible for /etc/localtime | |||
2012-09-16 | nspawn: fix memleak introduced with automatic cleanup | Zbigniew Jędrzejewski-Szmek | |
6b2d0e8 introduced a memleak instead of fixing one. Fix both. | |||
2012-09-16 | nspawn: use automatic cleanup for umask | Zbigniew Jędrzejewski-Szmek | |
2012-09-16 | nspawn: _cleanup_free_ more | Zbigniew Jędrzejewski-Szmek | |
2012-09-16 | nspawn: use automatic cleanup | Zbigniew Jędrzejewski-Szmek | |
This one actually clears up a (totally harmless) memleak. | |||
2012-09-16 | nspawn: mount tmpfs on /dev/shm | Zbigniew Jędrzejewski-Szmek | |
Most things seem to function fine without /dev/shm, but it is expected to be there (quoting linux/Documentation/filesystems/tmpfs.txt: glibc 2.2 and above expects tmpfs to be mounted at /dev/shm for POSIX shared memory (shm_open, shm_unlink)). Since /tmp/ is already mounted as tmpfs, it would be enough to mkdir /tmp/shm and chmod it. Mounting it separately has the advantage that it can be easily remounted to change the quota. | |||
2012-09-05 | nspawn: handle poweroff/reboot nicely in containers | Lennart Poettering | |
2012-09-05 | nspawn: don't provide /dev/rtc0 in the container | Lennart Poettering | |
Since RTCs are hardware devices and are very much shared resources we should avoid to provide them in each container. | |||
2012-09-05 | nspawn: generate a new randomized boot ID for each container | Lennart Poettering | |
2012-09-05 | nspawn: if a file system comes pre-mounted, still do the read-only remounts | Lennart Poettering | |
2012-09-04 | nspawn: skip mounts if already mounted | Lennart Poettering | |
2012-09-04 | nspawn: mount a clean instance of sysfs | Lennart Poettering | |
2012-08-21 | nspawn: add /dev FD symlinks in container setup | Dave Reisner | |
This creates /dev/fd, /dev/stdin, /dev/stdout, /dev/stderr, and /dev/core as symlinks to /proc on container creation. Except for /dev/core, these are needed for shells like bash to be fully functional. | |||
2012-08-13 | nspawn,namespaces: make sure we recursively bind mount things in | Lennart Poettering | |
We want to make sure that everything from the host is also visible in the sandbox. | |||
2012-08-13 | nspawn: unset a few unnecessary params to mount() | Lennart Poettering | |
2012-08-13 | nspawn: inherit mounts from real root, don't propagate mounts to real root | Lennart Poettering | |
2012-07-26 | log.h: new log_oom() -> int -ENOMEM, use it | Shawn Landden | |
also a number of minor fixups and bug fixes: spelling, oom errors that didn't print errors, not properly forwarding error codes, few more consistency issues, et cetera | |||
2012-07-25 | use "Out of memory." consistantly (or with "\n") | Shawn Landden | |
glibc/glib both use "out of memory" consistantly so maybe we should consider that instead of this. Eliminates one string out of a number of binaries. Also fixes extra newline in udev/scsi_id | |||
2012-07-19 | nspawn: generate proper error messages in the child | Lennart Poettering | |
2012-07-19 | nspawn: introduce new --link-journal= switch to link container journals into ↵ | Lennart Poettering | |
host | |||
2012-07-16 | unit: introduce %s specifier for the user shell | Lennart Poettering | |
2012-06-28 | nspawn: introduce new --capabilities= flag and make use of it in the nspawn ↵ | Lennart Poettering | |
test case | |||
2012-05-31 | mkdir: append _label to all mkdir() calls that explicitly set the selinux ↵ | Kay Sievers | |
context | |||
2012-05-24 | main: add configuration option to alter capability bounding set for PID 1 | Lennart Poettering | |
This also ensures that caps dropped from the bounding set are also dropped from the inheritable set, to be extra-secure. Usually that should change very little though as the inheritable set is empty for all our uses anyway. | |||
2012-05-08 | util: split-out path-util.[ch] | Kay Sievers | |
2012-04-25 | nspawn: add --read-only switch | Lennart Poettering | |
2012-04-25 | nspawn: bind mount /etc/resolv.conf from the host by default | Lennart Poettering | |
2012-04-22 | nspawn: add --uuid= switch to allow setting the machine id for the container | Lennart Poettering | |
2012-04-22 | nspawn: add -b switch to automatically look for an init binary | Lennart Poettering | |
2012-04-22 | nspawn: be more careful when initializing the hostname from the directory name | Lennart Poettering | |
2012-04-22 | nspawn: make /dev/kmsg unavailable in the container, but allow access to ↵ | Lennart Poettering | |
/proc/kmsg | |||
2012-04-18 | remove MS_* which can not be combined with current kernel code | Kay Sievers | |
MS_BIND|MS_MOVE can not be combined: do_mount() else if (flags & MS_BIND) do_loopback(&path, dev_name, flags & MS_REC); [...] else if (flags & MS_MOVE) do_move_mount(&path, dev_name); MS_REMOUNT|MS_UNBINDABLE can not be combined: do_mount() if (flags & MS_REMOUNT) do_remount(&path, flags & ~MS_REMOUNT, mnt_flags, data_page); [...] else if (flags & (MS_SHARED | MS_PRIVATE | MS_SLAVE | MS_UNBINDABLE)) do_change_type(&path, flags); | |||
2012-04-13 | nspawn: add missing include lines | Lennart Poettering | |
2012-04-13 | nspawn: fake /dev/kmsg and /proc/kmsg as fifo | Lennart Poettering | |
2012-04-12 | move all tools to subdirs | Kay Sievers | |