#if IS_BIONIC
#include <../include/lxcmntent.h>
-#ifndef HAVE_PRLIMIT
-#include <../include/prlimit.h>
-#endif
#else
#include <mntent.h>
#endif
-lxc_log_define(lxc_conf, lxc);
-
-#if HAVE_LIBCAP
-#ifndef CAP_SETFCAP
-#define CAP_SETFCAP 31
-#endif
-
-#ifndef CAP_MAC_OVERRIDE
-#define CAP_MAC_OVERRIDE 32
-#endif
-
-#ifndef CAP_MAC_ADMIN
-#define CAP_MAC_ADMIN 33
-#endif
-#endif
-
-#ifndef PR_CAPBSET_DROP
-#define PR_CAPBSET_DROP 24
-#endif
-
-#ifndef LO_FLAGS_AUTOCLEAR
-#define LO_FLAGS_AUTOCLEAR 4
-#endif
-
-#ifndef CAP_SETUID
-#define CAP_SETUID 7
-#endif
-
-#ifndef CAP_SETGID
-#define CAP_SETGID 6
+#if !defined(HAVE_PRLIMIT) && defined(HAVE_PRLIMIT64)
+#include <../include/prlimit.h>
#endif
-/* needed for cgroup automount checks, regardless of whether we
- * have included linux/capability.h or not */
-#ifndef CAP_SYS_ADMIN
-#define CAP_SYS_ADMIN 21
-#endif
+lxc_log_define(lxc_conf, lxc);
/* Define pivot_root() if missing from the C library */
#ifndef HAVE_PIVOT_ROOT
extern int pivot_root(const char * new_root, const char * put_old);
#endif
-/* Define sethostname() if missing from the C library */
-#ifndef HAVE_SETHOSTNAME
-static int sethostname(const char * name, size_t len)
-{
-#ifdef __NR_sethostname
- return syscall(__NR_sethostname, name, len);
-#else
- errno = ENOSYS;
- return -1;
-#endif
-}
-#endif
-
#ifndef MS_PRIVATE
#define MS_PRIVATE (1<<18)
#endif
return -1;
}
+#if HAVE_PRLIMIT || HAVE_PRLIMIT64
if (prlimit(pid, resid, &lim->limit, NULL) != 0) {
ERROR("failed to set limit %s: %s", lim->resource, strerror(errno));
return -1;
}
+#else
+ ERROR("Cannot set limit %s as prlimit is missing", lim->resource);
+ return -1;
+#endif
}
return 0;
}
new->loglevel = LXC_LOG_LEVEL_NOTSET;
new->personality = -1;
new->autodev = 1;
+ new->console.buffer_log_file = NULL;
+ new->console.buffer_log_file_fd = -1;
+ new->console.buffer_size = 0;
new->console.log_path = NULL;
new->console.log_fd = -1;
- new->console.log_size = 0;
new->console.path = NULL;
new->console.peer = -1;
new->console.peerpty.busy = -1;
lxc_list_init(&new->aliens);
lxc_list_init(&new->environment);
lxc_list_init(&new->limits);
- for (i=0; i<NUM_LXC_HOOKS; i++)
+ for (i = 0; i < NUM_LXC_HOOKS; i++)
lxc_list_init(&new->hooks[i]);
lxc_list_init(&new->groups);
new->lsm_aa_profile = NULL;
new->lsm_se_context = NULL;
new->tmp_umount_proc = 0;
- for (i = 0; i < LXC_NS_MAX; i++)
- new->inherit_ns_fd[i] = -1;
-
/* if running in a new user namespace, init and COMMAND
* default to running as UID/GID 0 when using lxc-execute */
new->init_uid = 0;
new->init_gid = 0;
memset(&new->cgroup_meta, 0, sizeof(struct lxc_cgroup));
+ memset(&new->inherit_ns, 0, sizeof(char *) * LXC_NS_MAX);
return new;
}
return true;
}
-/**
- * Note that this function needs to run before the mainloop starts. Since we
- * register a handler for the console's masterfd when we create the mainloop
- * the console handler needs to see an allocated ringbuffer.
- */
-static int lxc_setup_console_ringbuf(struct lxc_console *console)
-{
- int ret;
- struct lxc_ringbuf *buf = &console->ringbuf;
- uint64_t size = console->log_size;
-
- /* no ringbuffer previously allocated and no ringbuffer requested */
- if (!buf->addr && size <= 0)
- return 0;
-
- /* ringbuffer allocated but no new ringbuffer requested */
- if (buf->addr && size <= 0) {
- lxc_ringbuf_release(buf);
- buf->addr = NULL;
- buf->r_off = 0;
- buf->w_off = 0;
- buf->size = 0;
- TRACE("Deallocated console ringbuffer");
- return 0;
- }
-
- if (size <= 0)
- return 0;
-
- /* check wether the requested size for the ringbuffer has changed */
- if (buf->addr && buf->size != size) {
- TRACE("Console ringbuffer size changed from %" PRIu64
- " to %" PRIu64 " bytes. Deallocating console ringbuffer",
- buf->size, size);
- lxc_ringbuf_release(buf);
- }
-
- ret = lxc_ringbuf_create(buf, size);
- if (ret < 0) {
- ERROR("Failed to setup %" PRIu64 " byte console ringbuffer", size);
- return -1;
- }
-
- TRACE("Allocated %" PRIu64 " byte console ringbuffer", size);
- return 0;
-}
-
-int lxc_setup_parent(struct lxc_handler *handler)
-{
- int ret;
-
- ret = lxc_setup_console_ringbuf(&handler->conf->console);
- if (ret < 0)
- return -1;
-
- return 0;
-}
-
-int lxc_setup_child(struct lxc_handler *handler)
+int lxc_setup(struct lxc_handler *handler)
{
int ret;
const char *name = handler->name;
return -1;
}
- if (lxc_conf->inherit_ns_fd[LXC_NS_UTS] == -1) {
+ if (handler->nsfd[LXC_NS_UTS] == -1) {
if (setup_utsname(lxc_conf->utsname)) {
ERROR("failed to setup the utsname for '%s'", name);
return -1;
return;
if (current_config == conf)
current_config = NULL;
+ free(conf->console.buffer_log_file);
free(conf->console.log_path);
free(conf->console.path);
- if (conf->console.log_size > 0 && conf->console.ringbuf.addr)
+ if (conf->console.buffer_size > 0 && conf->console.ringbuf.addr)
lxc_ringbuf_release(&conf->console.ringbuf);
free(conf->rootfs.mount);
free(conf->rootfs.bdev_type);
free(conf->rcfile);
free(conf->execute_cmd);
free(conf->init_cmd);
+ free(conf->init_cwd);
free(conf->unexpanded_config);
free(conf->pty_names);
free(conf->syslog);
struct lxc_list *it;
struct id_map *map;
char c = '1';
- int ret = -1;
+ int ret = -1, status = -1;
struct lxc_list *idmap = NULL, *tmplist = NULL;
struct id_map *container_root_uid = NULL, *container_root_gid = NULL,
*host_uid_map = NULL, *host_gid_map = NULL;
goto on_error;
}
+on_error:
/* Wait for child to finish. */
- ret = wait_for_pid(pid);
+ if (pid > 0)
+ status = wait_for_pid(pid);
-on_error:
if (idmap)
lxc_free_idmap(idmap);
if (container_root_uid)
close(p[0]);
close(p[1]);
+ if (status < 0)
+ ret = -1;
+
return ret;
}
goto on_error;
}
+on_error:
/* Wait for child to finish. */
- ret = wait_for_pid(pid);
+ if (pid > 0)
+ ret = wait_for_pid(pid);
-on_error:
if (idmap)
lxc_free_idmap(idmap);
if (host_uid_map && (host_uid_map != container_root_uid))