github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-11-27 07:11:53 +00:00
Code Issues Projects Releases Wiki Activity
1,684 Commits 1 Branch 31 Tags
212e6f8545a4805bcd045be1bc4e37cb35d0ff30
Commit Graph

171 Commits

Author SHA1 Message Date
Justin Cormack
212e6f8545 Kernel scanning now fixed, only needs vmlinuz64 
- The scanning process was not ignoring the kernel extraversion before,
so was only sometimes picking up issues.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-12-12 09:54:02 -08:00
Justin Cormack
2be21dcc78 Update to Linux 4.8.14 
Includes fix for CVE-2016-8655 Linux af_packet.c race condition.

This gives a container escape with default container capabilities.

This now has the slow network namespace patch backported, so this
is removed.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-12-10 16:18:47 -08:00
Riyaz Faizullabhoy
6db87549c4 Set CONFIG_LEGACY_VSYSCALL to NONE and vsyscall=emulate 
Regenerated the kernel config from container, which bumped the kernel
version and included some other fixes.  Also bumps the check-config
container to check for VSYSCALL_NATIVE

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-12-09 12:09:35 -08:00
Justin Cormack
5fb7594217 Keep kernel headers from build 
Also upload some kernel artefacts to a private repo at mobylinux/kernel on Hub for scanning.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-12-08 17:32:59 -08:00
Riyaz Faizullabhoy
9284759f2c Disable kexec from kernel_config, revert sysctl config because key is now unknown 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-12-07 11:43:10 -08:00
Justin Cormack
f870b6641b Update to Linux 4.8.12 
- security update

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-12-02 14:12:06 +00:00
Riyaz Faizullabhoy
4011d4842a Use digests instead of tags where possible 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-12-01 09:39:02 -08:00
Justin Cormack
b9acf524f9 Update to Linux 4.8.11 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-28 15:00:20 +00:00
Rolf Neugebauer
253561d2f2 kernel: update/fix patches for 4.8.10 
In particular 8e0e003b50
seem to have remove the net/Kconfig changes

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2016-11-21 21:37:05 +00:00
Justin Cormack
9a4d135e8c Merge pull request #761 from ijc25/kernel-patch-whitespace 
Fixup kernel patch whitepace
 2016-11-21 15:20:57 +00:00
Justin Cormack
5ad066803b Upgrade Linux to 4.8.10 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-21 15:03:48 +00:00
Ian Campbell
605163eb1d Fixup kernel patch whitepace 
Some of git's whitespace fixup option corrupts the patches by (at least)
stripping trailing spaces (which are present for empty lines in context) and
changing leading <space><tab> into just <tab>. `patch(1)` used by the build
here seems to tolerate this, but `git am` and/or `git apply` do not.

Fix this up by running git am and at each failure point (i.e. every patch)
applying the relevant patch using `patch(1)` (which works because `git am` was
unable to even partially apply the patches) before regenerating the whole lot
with `git format-patch`.

Signed-off-by: Ian Campbell <ian.campbell@docker.com>
 2016-11-21 11:43:48 +00:00
Justin Cormack
d5c822f4f9 Update Linux to 4.8.9 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-19 22:37:22 +00:00
Justin Cormack
41caff5065 update c build base image 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-18 23:32:47 +00:00
Rolf Neugebauer
d3b065090e kernel: limit number of CPUs to 128 
128 CPUs seems plenty for now and it allows for the
debug kernels to boot on Hyper-V without modifications. It may
also have the added benefit of reducing some data structures
allocated per CPU (in particular for Debug kernels).

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2016-11-18 16:36:23 +00:00
Justin Cormack
734b901d14 Make oldconfig for 4.8.8 kernel 
Most new options disabled, a few picked.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-18 13:46:29 +00:00
Rolf Neugebauer
4b02dc7ada kernel: update to 4.8.8 
This removes all the patches which have been upstreamed since 4.4.x
and only leaves patches for a minor fix to AF_VSOCK, the Hyper-V socket patch
and a new patch for fixing delays on creating netns with tunnel interfaces.

The latter has been accecpted into the upstream netdev branch and will
likely appear in 4.9.0 and we can cherry pick from there then.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2016-11-18 12:58:17 +00:00
Justin Cormack
a7451a2206 Disable EFI framebuffer 
Azure only uses the Hyper-V framebuffer, so we should not need this.

Simplify setup for graphics options we are not using.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-16 10:42:19 -05:00
Justin Cormack
40202381f2 Update to Linux 4.4.32 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-15 10:27:18 +00:00
Justin Cormack
ab5a4b580c update Linux to 4.4.31 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-12 16:30:44 +00:00
Justin Cormack
d81f00b125 Update kernel config 
- remove unused graphics options
- move W^X test to debug kernel #685
- reboot on kernel panic fix #660

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-08 16:12:29 +00:00
Justin Cormack
6132c69857 Keep vmlinux in build media for kernel debugging 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-07 14:45:37 +00:00
Justin Cormack
5866d4a83b update Linux to 4.4.30 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-01 20:50:12 +00:00
Justin Cormack
50a64ac6c4 make curl fail on 404 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-01 13:58:02 +00:00
Justin Cormack
805a5fa48a Merge pull request #657 from justincormack/kernelup 
Linux 4.4.29
 2016-10-31 13:41:41 +00:00
Justin Cormack
933cfbf2db Linux 4.4.29 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-10-31 13:12:43 +00:00
Justin Cormack
62a738a965 Add audit to kernel config 
Currently just has syscall audit as no LSM.

See #52

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-10-28 18:12:51 +01:00
Justin Cormack
a2bb950d3f upgrade Linux to 2.4.28 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-10-28 14:09:20 +01:00
Justin Cormack
eec756c494 Add Memory Resource Controller Kernel Memory accounting cgroup support 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-10-28 11:06:07 +01:00
Justin Cormack
9deed26ba6 Additional requested kernel features 
- PPP https://github.com/docker/for-mac/issues/851
- NBD for infinit
- extra virtualisation options

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-10-26 17:00:24 +01:00
Justin Cormack
65b7194e13 Add mutiple pts support 
I think this may have got mangled in the kernel upgrade/downgrade.

diff file is still messy due to version changes.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-10-26 15:08:14 +01:00
Justin Cormack
b2d6f54b9a Update to Linux 4.4.27 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-10-24 17:20:50 +01:00
Justin Cormack
b92ef47f94 Revert "kernel: update to 4.8.2" 
This reverts commit 0808e359df.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-10-24 17:20:02 +01:00
Justin Cormack
0df11f9311 Revert "Update Linux kernel to 4.8.3" 
This reverts commit 2f985f8306.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-10-24 17:19:30 +01:00
Justin Cormack
2a8c177f11 Revert "Linux 4.8.4" 
This reverts commit 2db93ebbc7.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-10-24 17:19:12 +01:00
Justin Cormack
964f235150 Add more trace functions to kernel config 
Also disable Hyper-V memory ballooning, enable some mroe security options.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-10-24 12:43:41 +01:00
Justin Cormack
27790f5299 Linux 4.8.4 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-10-22 17:05:20 +01:00
Justin Cormack
d6195e4db0 Update Linux kernel to 4.8.3 
Fix Dirty COW.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-10-21 09:35:09 +01:00
Justin Cormack
2409adfe0a update C build base images for Musl update 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-10-20 13:23:12 +01:00
Rolf Neugebauer
6983bb3e7a kernel: update to 4.8.2 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2016-10-18 16:23:33 +01:00
Justin Cormack
ca047291ff update to Linux 4.4.25 
Signed-off-by: Justin Cormack <justin@specialbusservice.com>
 2016-10-16 22:19:37 +01:00
Rolf Neugebauer
3c941ede21 doc: add a note on building debug kernels 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2016-10-11 18:16:06 +01:00
Justin Cormack
8191e3204e Merge pull request #603 from justincormack/minus-j 
set -j on kernel build again
 2016-10-11 17:27:17 +01:00
Justin Cormack
e7b9428589 set -j on kernel build again 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-10-11 16:27:55 +01:00
Justin Cormack
18a55e64f5 Merge pull request #601 from justincormack/ipsec 
Add more network and crypto modules including enough for ipsec
 2016-10-11 16:26:04 +01:00
Justin Cormack
cfbdc7d067 do not remove build containers 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-10-11 16:12:40 +01:00
Justin Cormack
c66ce62266 Add more network and crypto modules including enough for ipsec 
CRYPTO_ECHAINIV took the longest to find, which is needed.

Fix #598

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-10-11 16:04:05 +01:00
Justin Cormack
a68ad29880 Update Linux to 4.4.24 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-10-08 13:48:29 +02:00
Justin Cormack
8de1b3d040 update kernel to 4.4.23 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-10-01 21:03:47 +01:00
Justin Cormack
e1454f0249 add ncurses to C build for menuconfig 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-10-01 18:26:38 +01:00