Alexander Mikhalitsyn

Results 325 comments of Alexander Mikhalitsyn

5.0.1: Size of LXC executables is too big

Right now `lxc-start` compiles like this: ``` [1/1] cc -o src/lxc/tools/lxc-start src/lxc/tools/lxc-start.p/lxc_start.c.o src/lxc/tools/lxc-start.p/.._cgroups_cgfsng.c.o src/lxc/tools/lxc-start.p/.._cgroups_cgroup.c.o src/lxc/tools/lxc-start.p/.._cgroups_cgroup2_devices.c.o src/lxc/tools/lxc-start.p/.._cgroups_cgroup_utils.c.o src/lxc/tools/lxc-start.p/.._lsm_lsm.c.o src/lxc/tools/lxc-start.p/.._lsm_nop.c.o src/lxc/tools/lxc-start.p/.._storage_btrfs.c.o src/lxc/tools/lxc-start.p/.._storage_dir.c.o src/lxc/tools/lxc-start.p/.._storage_loop.c.o src/lxc/tools/lxc-start.p/.._storage_lvm.c.o src/lxc/tools/lxc-start.p/.._storage_nbd.c.o src/lxc/tools/lxc-start.p/.._storage_overlay.c.o src/lxc/tools/lxc-start.p/.._storage_rbd.c.o src/lxc/tools/lxc-start.p/.._storage_rsync.c.o src/lxc/tools/lxc-start.p/.._storage_storage.c.o src/lxc/tools/lxc-start.p/.._storage_storage_utils.c.o src/lxc/tools/lxc-start.p/.._storage_zfs.c.o src/lxc/tools/lxc-start.p/.._af_unix.c.o...

5.0.1: Size of LXC executables is too big

@adhicode couldn't you check that solution proposed by @dtodor works for you?

Cannot start new distributions with systemd 255

Hi @gitzdnex! Couldn't you try `strace -o strace.log -f lxc-start -F testsystemd` and then post `strace.log` in there? I guess that it's because of https://github.com/torvalds/linux/commit/157a3537d6bc28ceb9a11fc8cb67f2152d860146 (read also https://lore.kernel.org/all/CA+enf=u0UmgjKrd98EYkxFu7FYV8dR1SBYJn_1b0Naq=3twbbQ@mail.gmail.com/#t).

tools: lxc-info: Print memory and cpu utilization on cgroup2 system

I'm confused by this. There is nothing about cgroups in this PR. Commit message is [rexec: Avoid invalid free in rexec failure path](https://github.com/lxc/lxc/pull/4373/commits/0a58b6f514ec6bb6228f81048b0e7c1e47298ef1) and changes are not about cgroups at...

tools: lxc-info: Print memory and cpu utilization on cgroup2 system

It was force-pushed and replaced with a different change a few month ago: https://github.com/lxc/lxc/compare/c7922d0a0d38eb9dc228ad3eea3b4e368d8cb83c..81c73aa5a5b9ad00d46d3d83ac72f7ddb73268fe That's why it's better to use different branches for different PRs ;-)

5.0.1: `download` template cannot be used with proxy

Feel free to propose a PR ;-)

tree-wide: add MFD_EXEC and MFD_NOEXEC_SEAL flags to memfd_create

Hi @kdrag0n Do you have a plan to update this? May be you need some help from my side with this?

lxc-test-no-new-privs always failed

Hi @chenxy1988 sorry for a long delay. Couldn't you try to repeat this with the recent version `5.0.3`?

The ro fails during lxc mounting, causing security issues.

As I can see we actively use `mount_setattr` for idmapped mounts, but for all the rest we just use `mount` syscall. Likely, we have to add handling for this case...

The ro fails during lxc mounting, causing security issues.

> The mount used by the LXC may have some security risks, which may cause container escape in some scenarios. If `mount` is used properly it does not cause security...