]>
git.proxmox.com Git - mirror_lxc.git/log
Wolfgang Bumiller [Fri, 15 May 2020 14:33:34 +0000 (16:33 +0200)]
improve LXC_CMD_GET_CGROUP compatibility
When a newer lxc library communicates with an older one
(such as running an lxc 4.0 lxc-freeze on a longer running
container which was started while lxc was still at version
3), the LXC_CMD_GET_LIMITING_CGROUP command is not
available, causing the remote to just close the socket.
Catch this and try the previous command instead.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Stéphane Graber [Thu, 14 May 2020 19:19:45 +0000 (15:19 -0400)]
Merge pull request #3411 from brauner/master
console: only create detached mount when a console is requested
Christian Brauner [Thu, 14 May 2020 13:52:39 +0000 (15:52 +0200)]
console: only create detached mount when a console is requested
otherwise weird things might happen.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Wed, 13 May 2020 19:23:45 +0000 (15:23 -0400)]
Merge pull request #3410 from brauner/2020-05-13/fixes
reboot fixes
Christian Brauner [Wed, 13 May 2020 12:35:54 +0000 (14:35 +0200)]
log: cleanup syslog handling
Disable and enable syslog around lxc_check_inherited().
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 13 May 2020 11:21:41 +0000 (13:21 +0200)]
start: cleanup file descriptor inheritance
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 13 May 2020 10:59:59 +0000 (12:59 +0200)]
start: fix container reboot
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 13 May 2020 10:39:28 +0000 (12:39 +0200)]
lxccontainer: use close_prot_errno_disarm() on state_socket_pair
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 13 May 2020 10:32:38 +0000 (12:32 +0200)]
start: remove unused lxc_zero_handler()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 13 May 2020 10:25:25 +0000 (12:25 +0200)]
lxccontainer: small cleanup to lxc_check_inherited() calls
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Tue, 12 May 2020 14:32:00 +0000 (10:32 -0400)]
Merge pull request #3408 from brauner/2020-05-11/fixes
network: fix key ordering independence
Christian Brauner [Mon, 11 May 2020 20:16:59 +0000 (22:16 +0200)]
confile: fix order independence of network keys
We need to make sure we don't overwrite values when they have already been set.
Closes: #3405.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 11 May 2020 07:16:33 +0000 (09:16 +0200)]
tools/lxc-ls: shut up lgtm more
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Thu, 7 May 2020 14:11:42 +0000 (10:11 -0400)]
Merge pull request #3403 from brauner/2020-05-07/fixes
fixes
Christian Brauner [Thu, 7 May 2020 13:01:30 +0000 (15:01 +0200)]
tools/lxc-ls: shutup lgtm
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 7 May 2020 12:56:26 +0000 (14:56 +0200)]
yum: remove unused module
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 7 May 2020 12:54:31 +0000 (14:54 +0200)]
tree-wide: this is all rather TODO than FIXME
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Tue, 5 May 2020 14:11:27 +0000 (10:11 -0400)]
Merge pull request #3399 from brauner/2020-05-09/compiler_hardening
compiler: more hardening
Christian Brauner [Tue, 5 May 2020 12:04:34 +0000 (14:04 +0200)]
compiler: support new access attributes
which will allow us to catch more oob accesses.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 5 May 2020 07:21:33 +0000 (09:21 +0200)]
gcc: add -Warray-bounds, -Wrestrict, -Wreturn-local-addr, -Wstringop-overflow
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Mon, 4 May 2020 17:38:43 +0000 (13:38 -0400)]
Merge pull request #3398 from brauner/2020-05-04/fixes
terminal: remove unneeded if condition
Christian Brauner [Mon, 4 May 2020 13:50:41 +0000 (15:50 +0200)]
terminal: remove unneeded if condition
Fixes: Coverity 1461742.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Mon, 4 May 2020 13:39:34 +0000 (09:39 -0400)]
Merge pull request #3397 from brauner/2020-05-03/fixes
conf: introduce userns_exec_mapped_root()
Christian Brauner [Mon, 4 May 2020 11:26:43 +0000 (13:26 +0200)]
conf: support console setup on containers without rootfs
This depends on the new mount api.
Closes #3164.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 4 May 2020 08:56:05 +0000 (10:56 +0200)]
conf: introduce userns_exec_mapped_root()
to avoid the overhead of calling to lxc-usernsexec whenever we can.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Sun, 3 May 2020 13:51:44 +0000 (09:51 -0400)]
Merge pull request #3396 from brauner/2020-05-03/fixes
cgroup: fixes
Christian Brauner [Sun, 3 May 2020 12:08:11 +0000 (14:08 +0200)]
cgroups: premount cgroups on cgroup2-only systems
Fixes: #3183
Cc: Thomas Moschny <thomas.moschny@gmx.de>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 3 May 2020 10:01:44 +0000 (12:01 +0200)]
common.conf: add cgroup2 default device limits
Fixes: #3183
Cc: Thomas Moschny <thomas.moschny@gmx.de>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 3 May 2020 09:59:15 +0000 (11:59 +0200)]
cgroups: ignore cgroup2 limits on non-cgroup2 layouts
Mixing cgroup2 and legacy cgroup systems such that some controllers are enabled
in legacy cgroup hierarchies and other controllers in the unified hierarchies
is simply not something we're supporting. Even systemd's hybrid layout (crazy)
doesn't bind controllers to the unified cgroup hierarchy.
Fixes: #3183
Cc: Thomas Moschny <thomas.moschny@gmx.de>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 22 Apr 2020 10:01:42 +0000 (12:01 +0200)]
Merge pull request #3392 from tomponline/tp-ipvlan-netlink
src/lxc/network: Fixes netlink attribute type 1 has an invalid length message
Thomas Parrott [Wed, 22 Apr 2020 09:11:07 +0000 (10:11 +0100)]
src/lxc/network: Fixes netlink attribute type 1 has an invalid length message
Fixes #3386
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
Christian Brauner [Tue, 21 Apr 2020 17:14:10 +0000 (19:14 +0200)]
Merge pull request #3391 from stgraber/master
apparmor: Allow boot_id
Stéphane Graber [Tue, 21 Apr 2020 17:09:07 +0000 (13:09 -0400)]
apparmor: Allow boot_id
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Christian Brauner [Thu, 16 Apr 2020 08:02:59 +0000 (10:02 +0200)]
configure: fix coverity builds
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Wed, 15 Apr 2020 21:39:18 +0000 (17:39 -0400)]
Merge pull request #3385 from brauner/2020-04-15/fixes
cgroups: fix cgroup limit braino
Christian Brauner [Wed, 15 Apr 2020 21:15:49 +0000 (23:15 +0200)]
cgroups: fix cgroup limit braino
Fixes: https://discuss.linuxcontainers.org/t/memory-limits-no-longer-being-applied/7429/7
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Wed, 15 Apr 2020 19:41:05 +0000 (15:41 -0400)]
Merge pull request #3384 from brauner/master
travis: coverity gets confused about the %m printf extension in glibc
Christian Brauner [Wed, 15 Apr 2020 19:27:53 +0000 (21:27 +0200)]
travis: coverity gets confused about the %m printf extension in glibc
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Wed, 15 Apr 2020 14:55:20 +0000 (10:55 -0400)]
Merge pull request #3383 from brauner/2020-04-15/fixes
log: set GNU_SOURCE as it might help coverity along
Christian Brauner [Wed, 15 Apr 2020 13:55:57 +0000 (15:55 +0200)]
log: set GNU_SOURCE as it might help coverity along
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Wed, 15 Apr 2020 13:24:51 +0000 (09:24 -0400)]
Merge pull request #3382 from brauner/2020-04-15/fixes
conf: correctly cleanup memory in get_minimal_idmap()
Christian Brauner [Wed, 15 Apr 2020 12:54:35 +0000 (14:54 +0200)]
conf: correctly cleanup memory in get_minimal_idmap()
Fixes: Coverity 1461760.
Fixes: Coverity 1461762.
Fixes: Coverity 1461763.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Wed, 15 Apr 2020 12:38:10 +0000 (08:38 -0400)]
Merge pull request #3381 from brauner/2020-04-15/fixes
fixes
Christian Brauner [Wed, 15 Apr 2020 12:09:11 +0000 (14:09 +0200)]
rexec: free argv array on failure
Fixes: Coverity 1461736.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 15 Apr 2020 12:06:29 +0000 (14:06 +0200)]
attach: move check for valid config earlier
Fixes: Coverity 1461735.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 15 Apr 2020 12:04:04 +0000 (14:04 +0200)]
log: restore non-local value
Fixes: Coverity 1461734.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 15 Apr 2020 12:02:03 +0000 (14:02 +0200)]
network: log warning on network deconfiguration failures
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 15 Apr 2020 11:59:19 +0000 (13:59 +0200)]
commands: add additional check to lxc_cmd_sock_get_state()
to please Coverity.
Fixes: Coverity 1461732.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 15 Apr 2020 11:56:24 +0000 (13:56 +0200)]
zfs: fix resource leak
Fixes: Coverity 1461730.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 15 Apr 2020 11:53:04 +0000 (13:53 +0200)]
criu: make explicit that we're ignoring rmdir() return value
Fixes: Coverity 1461726.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 15 Apr 2020 11:51:51 +0000 (13:51 +0200)]
conf: don't double free in get_minimal_idmap()
Fixes: Coverity 1461725.
Fixes: Coverity 1461727.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 15 Apr 2020 11:46:46 +0000 (13:46 +0200)]
cgroups: use correct NULL pointer check
Fixes: Coverity 1461722.
Fixes: Coverity 1461737.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 15 Apr 2020 11:42:41 +0000 (13:42 +0200)]
rexec: avoid double-close
Fixes: Coverity 1461721.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 15 Apr 2020 11:37:51 +0000 (13:37 +0200)]
cgroups: fix cgroup2 devices
Fixes: Coverity 1461748.
Fixes: Coverity 1461746.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 15 Apr 2020 09:59:57 +0000 (11:59 +0200)]
uuid: close fd
Fixes: Coverity 1461751.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 15 Apr 2020 09:56:54 +0000 (11:56 +0200)]
cgroups: do not pass NULL pointer
Fixes: Coverity 1461752.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 15 Apr 2020 09:45:57 +0000 (11:45 +0200)]
Merge pull request #3380 from brauner/2020-04-15/fixes
fixes
Christian Brauner [Wed, 15 Apr 2020 09:32:48 +0000 (11:32 +0200)]
conf: fix tty cleanup
Fixes: Coverity 1461755.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 15 Apr 2020 09:15:56 +0000 (11:15 +0200)]
memory_utils: directly NULL ptr in free_disarm()
This should keep coverity happy.
Fixes: Coverity 1461757.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 15 Apr 2020 09:00:48 +0000 (11:00 +0200)]
Merge pull request #3379 from brauner/upstream/master
travis: add back coverity
Christian Brauner [Wed, 15 Apr 2020 08:50:59 +0000 (10:50 +0200)]
travis: add back coverity
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Mon, 13 Apr 2020 15:24:24 +0000 (11:24 -0400)]
Merge pull request #3378 from brauner/2020-04-13/fixes
cgroups: adhere to boolean return
Christian Brauner [Mon, 13 Apr 2020 12:39:18 +0000 (14:39 +0200)]
cgroups: adhere to boolean return
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 13 Apr 2020 06:59:58 +0000 (08:59 +0200)]
Merge pull request #3377 from lifeng68/fix_cgroup_exit
cgroup: fix wrong use of cgfd_con in cgroup_exit
LiFeng [Mon, 13 Apr 2020 04:52:30 +0000 (12:52 +0800)]
cgroup: fix wrong use of cgfd_con in cgroup_exit
Signed-off-by: LiFeng <lifeng68@huawei.com>
Stéphane Graber [Mon, 13 Apr 2020 02:59:45 +0000 (22:59 -0400)]
Merge pull request #3376 from toddnni/lxc-oci-fix
Fix lxc-oci template with loop backingstore
Toni Ylenius [Sun, 12 Apr 2020 19:28:24 +0000 (22:28 +0300)]
Fix lxc-oci template with loop backingstore
Move the content of rootfs inside OCI package to rootfs instead of
replacing it, as the directory is used as the mountpoint.
Tested with directory and loop backingstore.
Signed-off-by: Toni Ylenius <toni.ylenius@iki.fi>
Stéphane Graber [Sun, 12 Apr 2020 17:16:02 +0000 (13:16 -0400)]
Merge pull request #3375 from brauner/2020-04-12/fixes
cgroups: ignore legacy limits on pure cgroup2 systems
Christian Brauner [Sun, 12 Apr 2020 14:51:20 +0000 (16:51 +0200)]
Merge pull request #3374 from stgraber/master
tests/no-new-privs: Don't mess with /etc/lxc
Christian Brauner [Sun, 12 Apr 2020 08:19:40 +0000 (10:19 +0200)]
cgroups: ignore legacy limits on pure cgroup2 systems
Link: https://github.com/lxc/lxc/issues/3183#issuecomment-612462322
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Sun, 12 Apr 2020 03:05:04 +0000 (23:05 -0400)]
tests/no-new-privs: Don't mess with /etc/lxc
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Christian Brauner [Fri, 10 Apr 2020 19:09:51 +0000 (21:09 +0200)]
Merge pull request #3370 from stgraber/master
lxc-update-config: Fix bad handling of lxc.logfile
Stéphane Graber [Fri, 10 Apr 2020 18:43:35 +0000 (14:43 -0400)]
lxc-update-config: Fix bad handling of lxc.logfile
Closes #3369
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Stéphane Graber [Thu, 9 Apr 2020 13:20:52 +0000 (09:20 -0400)]
Merge pull request #3368 from brauner/2020-04-09/fixes
fixes
Christian Brauner [Thu, 9 Apr 2020 12:30:31 +0000 (14:30 +0200)]
conf: move_ptr() in all cases in mapped_hostid_add()
Closes #3366.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 9 Apr 2020 12:13:06 +0000 (14:13 +0200)]
Merge pull request #3367 from tomponline/tp-nic-ipvlan
src/lxc/network: ipvlan comment and code style tweak
Christian Brauner [Thu, 9 Apr 2020 10:49:16 +0000 (12:49 +0200)]
conf: use macros all around in lxc_map_ids()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 9 Apr 2020 10:44:25 +0000 (12:44 +0200)]
conf: tweak get_minimal_idmap()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Thomas Parrott [Thu, 9 Apr 2020 10:35:48 +0000 (11:35 +0100)]
src/lxc/network: ipvlan comment and code style tweak
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
Christian Brauner [Thu, 9 Apr 2020 10:25:33 +0000 (12:25 +0200)]
Merge pull request #3365 from albatross0/ipvlan_l2
network: Make it possible to set the mode of IPVLAN to L2
KUWAZAWA Takuya [Thu, 9 Apr 2020 06:40:15 +0000 (15:40 +0900)]
network: Make it possible to set the mode of IPVLAN to L2
Signed-off-by: KUWAZAWA Takuya <albatross0@gmail.com>
Stéphane Graber [Wed, 8 Apr 2020 12:56:41 +0000 (08:56 -0400)]
Merge pull request #3362 from brauner/2020-04-07/fixes
lxc_user_nic: fixes
Christian Brauner [Wed, 8 Apr 2020 12:42:05 +0000 (14:42 +0200)]
seccomp: newer kernels require the buffer to be zeroed
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 8 Apr 2020 08:01:01 +0000 (10:01 +0200)]
cgroups: whitespace fixes
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 7 Apr 2020 19:28:32 +0000 (21:28 +0200)]
lxc_user_nic: continue when we failed to find a group
Closes #3361.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 7 Apr 2020 19:28:17 +0000 (21:28 +0200)]
lxc_user_nic: simplify group retrieval
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Tue, 7 Apr 2020 12:56:26 +0000 (08:56 -0400)]
Merge pull request #3360 from brauner/2020-04-07/fixes
start: ensure all file descriptors are closed during exec
Christian Brauner [Tue, 7 Apr 2020 10:59:59 +0000 (12:59 +0200)]
syscall_numbers: handle riscv
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 7 Apr 2020 08:36:23 +0000 (10:36 +0200)]
start: ensure all file descriptors are closed during exec
Closes https://github.com/checkpoint-restore/criu/issues/1011.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 7 Apr 2020 08:35:39 +0000 (10:35 +0200)]
Merge pull request #3359 from Blub/legacy-devices-isolation-change
cgroup isolation: handle devices cgroup early
Wolfgang Bumiller [Tue, 7 Apr 2020 07:57:09 +0000 (09:57 +0200)]
cgroup isolation: handle devices cgroup early
Otherwise we cannot use an 'a' entry in devices.deny/allow
as these are not permitted once a subdirectory was created.
Without isolation we initialize the devices cgroup
particularly late, so there are probably cases which cannot
work with isolation.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Christian Brauner [Sun, 5 Apr 2020 15:08:49 +0000 (17:08 +0200)]
Merge pull request #3357 from Blub/cgroup-isolation-fixes
Cgroup isolation fixes
Wolfgang Bumiller [Sun, 5 Apr 2020 14:12:45 +0000 (16:12 +0200)]
get the right path in get_cgroup command
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Sun, 5 Apr 2020 13:55:28 +0000 (15:55 +0200)]
confile: fix jump table order
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Christian Brauner [Sun, 5 Apr 2020 12:46:22 +0000 (14:46 +0200)]
Merge pull request #3356 from tenforward/japanese
doc: Add lxc.cgroup.dir.{monitor,container,container.inner} to Japanese man
KATOH Yasufumi [Sun, 5 Apr 2020 12:18:59 +0000 (21:18 +0900)]
doc: Add lxc.cgroup.dir.{monitor,container,container.inner} to Japanese man
Update for commit
a900cba
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Stéphane Graber [Sat, 4 Apr 2020 14:38:01 +0000 (10:38 -0400)]
Merge pull request #3355 from brauner/2020-04-04/fixes
api-extensions: add and document cgroup_advanced_isolation
Christian Brauner [Sat, 4 Apr 2020 10:07:43 +0000 (12:07 +0200)]
api-extensions: add and document cgroup_advanced_isolation
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 3 Apr 2020 18:26:02 +0000 (20:26 +0200)]
Merge pull request #3353 from Blub/lxc.cgroup.dir-components
introduce lxc.cgroup.dir.{monitor,container,container.inner}
Christian Brauner [Fri, 3 Apr 2020 18:10:58 +0000 (20:10 +0200)]
confile: coding style fixes for set_config_cgroup_container_inner_dir()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>