From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Thu, 25 Jun 2020 22:45:18 +0000 (+0200)
Subject: api: add time_namespace extension
X-Git-Tag: lxc-5.0.0~407^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b1248e473bedd2d605e96f1fc27069b4ca59aeb9;p=thirdparty%2Flxc.git

api: add time_namespace extension

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---

diff --git a/doc/api-extensions.md b/doc/api-extensions.md
index e8b5eb089..d7b915d28 100644
--- a/doc/api-extensions.md
+++ b/doc/api-extensions.md
@@ -122,3 +122,8 @@ When running on kernels that support pidfds LXC will rely on them for most opera
 ## cgroup\_advanced\_isolation
 
 Privileged containers will usually be able to override the cgroup limits given to them. This introduces three new configuration keys `lxc.cgroup.dir.monitor`, `lxc.cgroup.dir.container`, and `lxc.cgroup.dir.container.inner`. The `lxc.cgroup.dir.monitor` and `lxc.cgroup.dir.container` keys can be used to set to place the `monitor` and the `container` into different cgroups. The `lxc.cgroup.dir.container.inner` key can be set to a cgroup that is concatenated with `lxc.cgroup.dir.container`. When `lxc.cgroup.dir.container.inner` is set the container will be placed into the `lxc.cgroup.dir.container.inner` cgroup but the limits will be set in the `lxc.cgroup.dir.container` cgroup. This way privileged containers cannot escape their cgroup limits.
+
+
+## time\_namespace
+
+This adds time namespace support to LXC.
diff --git a/src/lxc/api_extensions.h b/src/lxc/api_extensions.h
index 2bbdc5e43..8061784c8 100644
--- a/src/lxc/api_extensions.h
+++ b/src/lxc/api_extensions.h
@@ -41,6 +41,7 @@ static char *api_extensions[] = {
 	"pidfd",
 	"cgroup_advanced_isolation",
 	"network_bridge_vlan",
+	"time_namespace",
 };
 
 static size_t nr_api_extensions = sizeof(api_extensions) / sizeof(*api_extensions);