Stéphane Graber [Tue, 18 Jan 2022 02:15:53 +0000 (21:15 -0500)]
lxc-download: Rely on HTTPS only
GPG has been a major source of issues over the years with various
attacks on the key network as well as client side issues making it hard
to retrieve our keys.
Back when we introduced the image server, SSL certificates were still
expensive and annoying to setup, so not something we'd have expected
potential mirrors to setup for us. They were also issued for multiple
years, making a compromise of such a certificate quite problematic.
But things have changed since, we now have completely free, very easily
deployable SSL certificates everywhere with the majority of those being
shortlived and with good reporting of issued certificates.
With that, we can now deprecate the GPG validation, disable the fallback
to non-HTTPS download and rely on our indices being accurate because
they've been downloaded from a server with a valid certificate.
This puts LXC more in line with what LXD has done since the beginning
and should offer a more reliable user experience.
We can let attach detect that it is running on a cgroup layout without
writable cgroup hierarchies. In that case attach can finish early and
doesn't need to run the heavy-handed cgroup parsing code.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
In order to facilitate this, the default mount list's
'destination' may now be NULL to mean that the source should
be unmounted instead.
Here's what we need to do:
1) Ensure the first sysfs mount point is writable.
2) Mount a read-only sysfs on /sys
3) Bind devices/virtual/net *writably* into /sys
We use /proc/sys as a staging directory for the first sysfs
mount in read-write mode, then mount /sys r/o. Afterwards we
bind the r/w devices/virtual/net and unmount the staging
/proc/sys mount point.
The staging directory would not be required with the new
mount API, but this way we can support the old API and keep
the general workflow in the `default_mounts`.
Once we drop support for the old mount API, the
default_mounts table could just get a subdirectory field to
mount subdirectories directly.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
We need to investigate this in more detail but this commit is breaking
LXD, causing startup to fail with:
lxc foo 20211130202833.906 INFO conf - conf.c:run_script_argv:336 - Executing script "/bin/mount -t shiftfs -o passthrough=3 "/lxc-ci/build/tmp.WemmpzWGYz/go/src/github.com/lxc/lxd/test/tmp.Cli/0To/containers/foo/rootfs" "/lxc-ci/build/tmp.WemmpzWGYz/go/src/github.com/lxc/lxd/test/tmp.Cli/0To/containers/foo/rootfs"" for container "foo"
lxc foo 20211130202833.912 ERROR conf - conf.c:run_buffer:321 - Script exited with status 32
lxc foo 20211130202833.912 ERROR conf - conf.c:lxc_setup_rootfs_prepare_root:3947 - Failed to run pre-mount hooks
lxc foo 20211130202833.912 ERROR conf - conf.c:lxc_setup:4317 - Failed to setup rootfs
lxc foo 20211130202833.912 ERROR start - start.c:do_start:1275 - Failed to setup container "foo"
Not entirely sure why we're seeing things blow up as the directory
definitely exists (and contains a valid rootfs) but this was caused by
today's liblxc update.
Tycho Andersen [Mon, 29 Nov 2021 13:23:17 +0000 (08:23 -0500)]
api: ->save_config() doesn't need to create container dir
If we're saving the config file to somewhere that's *not* the container
dir, we don't need to create the container dir. Let's not do this and
thus not require its parent to exist, which can be confusing, especially in
light of the sparse logging through these functions.
Tycho Andersen [Mon, 29 Nov 2021 13:38:30 +0000 (08:38 -0500)]
cgroups: fix compiler warning
I get:
In file included from cgroups/cgfsng.c:42:
In function 'cpuset1_cpus_initialize',
inlined from 'cpuset1_initialize' at cgroups/cgfsng.c:658:7,
inlined from '__cgroup_tree_create.constprop' at cgroups/cgfsng.c:723:26:
./log.h:376:9: error: '%s' directive argument is null [-Werror=format-overflow=]
376 | LXC_ERROR(&locinfo, format, ##__VA_ARGS__); \
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
./log.h:457:17: note: in expansion of macro 'ERROR'
457 | ERROR("%s - " format, ptr, ##__VA_ARGS__); \
| ^~~~~
./log.h:491:17: note: in expansion of macro 'SYSERROR'
491 | SYSERROR(format, ##__VA_ARGS__); \
| ^~~~~~~~
cgroups/cgfsng.c:585:24: note: in expansion of macro 'log_error_errno'
585 | return log_error_errno(false, errno, "Failed to read file \"%s\"", fpath);
| ^~~~~~~~~~~~~~~
it turns out here that fpath is not used, so let's get rid of it and just
render the dfd+pathname directly.
With vfork the child process modifies the parent's memory,
so the calls to `signal`, `fprintf` and regular `exit` may
be dangerous and might cause conflicting states in the
parent.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Joan Bruguera [Sun, 7 Nov 2021 11:38:15 +0000 (12:38 +0100)]
autotools: Avoid multiple liblxc.so with --enable-pam
When installing LXC with the default options, a single non-symlink liblxc.so*
(e.g. liblxc.so.1.7.0) file is created:
```
$ ./autogen.sh && ./configure && make && \
rm -rf "$HOME/lxci" && make DESTDIR="$HOME/lxci" install && \
stat -c%N "$HOME/lxci/usr/local/lib/liblxc.so"*
[...]
'/home/someone/lxci/usr/local/lib/liblxc.so' -> 'liblxc.so.1'
'/home/someone/lxci/usr/local/lib/liblxc.so.1' -> 'liblxc.so.1.7.0'
'/home/someone/lxci/usr/local/lib/liblxc.so.1.7.0'
```
However, when automake>=1.16.5, and the `--enable-pam` option is used, two
non-symlink liblxc.so* (e.g. liblxc.so.1.0.0 and liblxc.so.1.7.0) are
erroneously created:
This is due to infighting between libtool's and LXC's versioning:
libtool creates liblxc.so.1.0.0, then LXC's `install-exec-local` hook in
`Makefile.am` moves it to liblxc.so.1.7.0. However, with `--enable-pam`, the
`install-libLTLIBRARIES` target is re-triggered after `install-pamLTLIBRARIES`,
which will create liblxc.so.1.0.0 again.
The bigger problem here is that the install for the pam_cgfs library is done on
the `data` phase of the automake install process instead of the `exec` phase
(https://www.gnu.org/software/automake/manual/html_node/The-Two-Parts-of-Install.html),
which gives `install-libLTLIBRARIES` a chance to run again after the
`install-exec-local` / `install-exec-hook` targets have already run.
To fix this, we add an "exec_" prefix to the pam_cgfs library to make it run
during the `exec` phase (see link above). We also consolidate the various hooks
in the `install-exec-hook` target, which runs after the whole install, avoiding
needing to manually specify the dependencies like in `install-exec-local`.
Signed-off-by: Joan Bruguera <joanbrugueram@gmail.com>
Diederik de Haas [Thu, 28 Oct 2021 17:30:05 +0000 (19:30 +0200)]
Replace deprecated backticks with $() construct
See https://github.com/koalaman/shellcheck/wiki/SC2006 for details.
Not only uses this the recommended construct, it also makes the code
more uniform as in many other places the $() construct was already used.
Signed-off-by: Diederik de Haas <didi.debian@cknow.org>
Diederik de Haas [Thu, 28 Oct 2021 15:27:08 +0000 (17:27 +0200)]
Replace 'which' with 'command -v'
The 'which' command is deprecated on Debian Sid as it is not POSIX
compliant and it's behavior is therefor not consistent, so replace it
with 'command -v' which is POSIX compliant.
See https://stackoverflow.com/a/677212 for details.
Also replaced a use of backticks (`) as that is deprecated as well.
See https://github.com/koalaman/shellcheck/wiki/SC2006 for details.
Signed-off-by: Diederik de Haas <didi.debian@cknow.org>
conf: verify that rootfs is stable after setting up mounts
Apparently some users changed their rootfs via their lxc.mount.entry
entries. Let's not allow that as that can cause confusion during
container setup. So lets verify that the rootfs is stable after setup.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Tycho Andersen [Thu, 14 Oct 2021 16:40:08 +0000 (10:40 -0600)]
criu: fix error message
as of 59d8a539d106 ("criu: massage exec_criu()") I see:
In file included from criu.c:22:
criu.c: In function 'exec_criu':
log.h:376:2: error: '%s' directive argument is null [-Werror=format-overflow=]
376 | LXC_ERROR(&locinfo, format, ##__VA_ARGS__); \
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
log.h:457:3: note: in expansion of macro 'ERROR'
457 | ERROR("%s - " format, ptr, ##__VA_ARGS__); \
| ^~~~~
log.h:491:3: note: in expansion of macro 'SYSERROR'
491 | SYSERROR(format, ##__VA_ARGS__); \
| ^~~~~~~~
criu.c:325:11: note: in expansion of macro 'log_error_errno'
325 | return log_error_errno(-ENOMEM, ENOMEM, "Failed to remove extraneous slashes from \"%s\"", tmp);
| ^~~~~~~~~~~~~~~
it looks like we should be logging the string that failed, vs. tmp here.
(my log was taken from stable-4.0, but the same issue exists on master it
seems.)