]>
git.proxmox.com Git - mirror_lxc.git/log
Christian Brauner [Tue, 2 Feb 2021 21:22:53 +0000 (22:22 +0100)]
cgroups: return ENOCGROUP2 from cgroup_attach()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 2 Feb 2021 21:22:25 +0000 (22:22 +0100)]
cgroups: stricter argument vetting for cgroup_attach()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 2 Feb 2021 21:21:38 +0000 (22:21 +0100)]
cgroups: move down cgroup_attach()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 2 Feb 2021 21:15:43 +0000 (22:15 +0100)]
lxccontainer: use correct error checks
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 2 Feb 2021 20:59:04 +0000 (21:59 +0100)]
cgroups: vet parameters
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 2 Feb 2021 20:56:32 +0000 (21:56 +0100)]
cgroups: remove unused conf argument
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 2 Feb 2021 18:29:41 +0000 (19:29 +0100)]
cgroups: rewind() file before polling again
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 2 Feb 2021 17:31:52 +0000 (18:31 +0100)]
lxccontainer: use cgroup_freeze() and cgroup_unfreeze()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 2 Feb 2021 17:55:39 +0000 (18:55 +0100)]
freezer: make methods return bool
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 2 Feb 2021 17:27:12 +0000 (18:27 +0100)]
cgroups: add cgroup_freeze() and cgroup_unfreeze()
These are unified hierarchy only methods which don't need to initialize a full
cgroup driver. Instead, they rely on the command socket to retrieve a cgroup2
file descriptor to the container's cgroup.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 2 Feb 2021 17:26:57 +0000 (18:26 +0100)]
freezer: use lxc_cmd_notify_state_listeners()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 2 Feb 2021 17:26:29 +0000 (18:26 +0100)]
commands_utils: add lcx_cmd_notify_state_listeners()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 2 Feb 2021 17:09:29 +0000 (18:09 +0100)]
cgroups: annotate cgroup_get()/cgroup_set()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 2 Feb 2021 17:08:14 +0000 (18:08 +0100)]
cgroups: move functions after methods
This makes it more obvious that they are separate.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 2 Feb 2021 17:03:41 +0000 (18:03 +0100)]
lxccontainer: use cgroup_set()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 2 Feb 2021 17:02:47 +0000 (18:02 +0100)]
lxccontainer: use correct variable ordering
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 2 Feb 2021 16:40:30 +0000 (17:40 +0100)]
cgroups: add croup_set()
This is a unified hierarchy only method which doesn't need to initialize a full
cgroup driver. Instead, it relies on the command socket to retrieve a cgroup2
file descriptor to the container's cgroup.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 2 Feb 2021 16:40:08 +0000 (17:40 +0100)]
cgroups: reorder cgroup_get() arguments
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 2 Feb 2021 16:00:49 +0000 (17:00 +0100)]
lxccontainer: use cgroup_get()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 2 Feb 2021 15:59:38 +0000 (16:59 +0100)]
cgroups: add cgroup_get()
This is a unified hierarchy only method which doesn't need to initialize a full
cgroup driver. Instead, it relies on the command socket to retrieve a cgroup2
file descriptor to the container's cgroup.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 2 Feb 2021 15:59:14 +0000 (16:59 +0100)]
file_utils: add lxc_read_try_buf_at()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 2 Feb 2021 15:58:45 +0000 (16:58 +0100)]
macro: abuse ENOMEDIUM as ENOCGROUP2
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Tue, 2 Feb 2021 14:28:50 +0000 (09:28 -0500)]
Merge pull request #3646 from brauner/2021-02-02/fixes
attach & cgroup hardening
Christian Brauner [Tue, 2 Feb 2021 12:47:40 +0000 (13:47 +0100)]
cgroups: switch controller delegation to fd-only operations
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 2 Feb 2021 12:46:03 +0000 (13:46 +0100)]
cgroups: add unified_cgroup_fd() helper
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 2 Feb 2021 12:45:26 +0000 (13:45 +0100)]
file_utils: harden lxc_writeat()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 2 Feb 2021 12:45:11 +0000 (13:45 +0100)]
file_utils: harden lxc_open_dirfd()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 2 Feb 2021 12:44:37 +0000 (13:44 +0100)]
syscall_wrappers: add PROTECT_OPEN_W_* variants
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 2 Feb 2021 12:44:13 +0000 (13:44 +0100)]
memory_utils: add close_prot_errno_mov()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 2 Feb 2021 09:43:12 +0000 (10:43 +0100)]
attach: move loading seccomp as late as possible
We want to minimize the change that the profile blocks syscalls we need during
attach setup and has the notifier enabled.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 2 Feb 2021 09:26:21 +0000 (10:26 +0100)]
attach: move file descriptor closing into attach_context_container()
This reduces the possibility of forgetting to close the namespace file
descriptors when we change this codepath.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 2 Feb 2021 08:54:10 +0000 (09:54 +0100)]
attach: stricter lookup semantics for fdopen_at() calls
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Mon, 1 Feb 2021 22:13:37 +0000 (17:13 -0500)]
Merge pull request #3645 from brauner/2021-02-01/fixes_4
attach: bugfixes
Christian Brauner [Mon, 1 Feb 2021 21:54:47 +0000 (22:54 +0100)]
confile_utils: use lxc_log_trace()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 1 Feb 2021 21:53:56 +0000 (22:53 +0100)]
conf: use lxc_log_trace()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 1 Feb 2021 21:34:33 +0000 (22:34 +0100)]
commands_utils: don't leak memory
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 1 Feb 2021 21:13:03 +0000 (22:13 +0100)]
attach: use correct put method
Fixes: Coverity 1472763
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 1 Feb 2021 21:11:38 +0000 (22:11 +0100)]
attach: prevent UAF
Fixes: Coverity 1472761
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Mon, 1 Feb 2021 20:26:08 +0000 (15:26 -0500)]
Merge pull request #3644 from brauner/2021-02-01/fixes_3
attach: harden open() calls
Christian Brauner [Mon, 1 Feb 2021 19:25:51 +0000 (20:25 +0100)]
attach: file descriptor based fdinfo handling
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 1 Feb 2021 19:17:16 +0000 (20:17 +0100)]
file_utils: remove O_NOFOLLOW from open_at() defaults
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 1 Feb 2021 19:15:16 +0000 (20:15 +0100)]
lsm: harden read_file_at()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 1 Feb 2021 19:12:03 +0000 (20:12 +0100)]
tree-wide: extend read_file_at()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 1 Feb 2021 19:03:29 +0000 (20:03 +0100)]
attach: harden open calls
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 1 Feb 2021 16:08:06 +0000 (17:08 +0100)]
syscall_wrappers: add PROTECT_LOOKUP, PROTECT_OPEN, PROTECT_LOOKUP_WITH_SYMLINKS, PROTECT_OPEN_WITH_TRAILING_SYMLINKS
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 1 Feb 2021 16:03:59 +0000 (17:03 +0100)]
file_utils: add open_at()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Mon, 1 Feb 2021 15:17:18 +0000 (10:17 -0500)]
Merge pull request #3642 from brauner/2021-02-01/fixes
attach: rework id handling
Stéphane Graber [Mon, 1 Feb 2021 15:14:49 +0000 (10:14 -0500)]
Merge pull request #3643 from brauner/2021-02-01/fixes_2
cgroups: remove pointless NULL checks
Christian Brauner [Mon, 1 Feb 2021 14:44:59 +0000 (15:44 +0100)]
cgroups: initialize variable
Fixes: Coverity 1472651
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 1 Feb 2021 14:20:43 +0000 (15:20 +0100)]
cgroups: remove pointless NULL checks
We're already ensuring before that conf isn't NULL.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 1 Feb 2021 14:16:56 +0000 (15:16 +0100)]
attach: stash host uid and host gid in attach_context
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 1 Feb 2021 13:51:41 +0000 (14:51 +0100)]
attach: fix error checking for dup2()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 1 Feb 2021 13:50:55 +0000 (14:50 +0100)]
attach: fix logging for stdfd replacement
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 1 Feb 2021 13:44:45 +0000 (14:44 +0100)]
attach: log failues to dup2() with SYSDEBUG()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 1 Feb 2021 13:35:42 +0000 (14:35 +0100)]
utils: use SYSTRACE() when logging stdio permission fixup failures
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 1 Feb 2021 11:23:43 +0000 (12:23 +0100)]
attach: document attach_context
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 1 Feb 2021 11:23:26 +0000 (12:23 +0100)]
attach: simplify opening of /proc/self
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 1 Feb 2021 11:22:42 +0000 (12:22 +0100)]
attach: move uid and gid handling to get_attach_context()
the less we do in do_attach(), the better.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 1 Feb 2021 10:43:47 +0000 (11:43 +0100)]
attach: initialize init_pid field to -ESRCH
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 1 Feb 2021 10:37:22 +0000 (11:37 +0100)]
attach: unifiy /proc/<init-pid>/status parsing
and move it out of do_attach(). The less we do in the container's context the
better.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 1 Feb 2021 10:11:15 +0000 (11:11 +0100)]
file_utils: add fdopenat()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Sun, 31 Jan 2021 22:13:25 +0000 (17:13 -0500)]
Merge pull request #3641 from brauner/2021-01-30/fixes
attach: pidfd-based hardening and file-descriptor-only LSM interactions
Christian Brauner [Sun, 31 Jan 2021 20:48:00 +0000 (21:48 +0100)]
lsm/apparmor: cleanup apparmor_process_label_set()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 31 Jan 2021 19:44:09 +0000 (20:44 +0100)]
attach: hardening through use of pidfds
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 31 Jan 2021 18:26:53 +0000 (19:26 +0100)]
attach: file descriptors based LSM handling
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 30 Jan 2021 20:54:45 +0000 (21:54 +0100)]
cgroups: align methods
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Sat, 30 Jan 2021 19:23:25 +0000 (14:23 -0500)]
Merge pull request #3639 from brauner/2021-01-28/fixes
cgroups: fixes and improvements
Christian Brauner [Sat, 30 Jan 2021 16:28:32 +0000 (17:28 +0100)]
cgroups: use PTR_TO_U64()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 30 Jan 2021 16:07:55 +0000 (17:07 +0100)]
attach: don't needless check for NULL
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 30 Jan 2021 11:17:08 +0000 (12:17 +0100)]
log: add lxc_log_trace() helper
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 30 Jan 2021 11:15:31 +0000 (12:15 +0100)]
cgroups: use bpf log when logging at trace level
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 30 Jan 2021 11:10:21 +0000 (12:10 +0100)]
seccomp: use lxc_log_get_level()
This will now enable LXD users to dump the seccomp filter in the log when
logging at TRACE level.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 30 Jan 2021 11:10:09 +0000 (12:10 +0100)]
log: rework lxc_log_get_level()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 30 Jan 2021 11:00:28 +0000 (12:00 +0100)]
cgroups: use cleanup macro for consistency
and to prevent future mishaps.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 30 Jan 2021 10:25:45 +0000 (11:25 +0100)]
cgroups: vet parameters more strictly
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 30 Jan 2021 10:09:45 +0000 (11:09 +0100)]
seccomp: use lxc_log_get_fd()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 30 Jan 2021 10:07:43 +0000 (11:07 +0100)]
log: add lxc_log_get_fd()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 30 Jan 2021 10:02:10 +0000 (11:02 +0100)]
log: remove pointless inline
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 30 Jan 2021 01:14:00 +0000 (02:14 +0100)]
cgroups: tweak cgroup initialization
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 30 Jan 2021 01:07:36 +0000 (02:07 +0100)]
cgroups: use zalloc
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 30 Jan 2021 01:07:21 +0000 (02:07 +0100)]
cgroups: ensure all memory is zeroed
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 30 Jan 2021 01:07:00 +0000 (02:07 +0100)]
cgroups: don't initiliaze NULL log
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 30 Jan 2021 00:10:49 +0000 (01:10 +0100)]
cgroups: coding style fixes
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 29 Jan 2021 23:55:19 +0000 (00:55 +0100)]
croups: improve __do_bpf_program_free
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 29 Jan 2021 23:17:14 +0000 (00:17 +0100)]
cgroups: bpf fixes
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Sat, 30 Jan 2021 00:58:40 +0000 (19:58 -0500)]
Merge pull request #3638 from brauner/2021-01-28/fixes
attach: improve attach codepaths
Christian Brauner [Fri, 29 Jan 2021 15:36:52 +0000 (16:36 +0100)]
attach: init file descriptors to -EBADF
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 29 Jan 2021 14:13:51 +0000 (15:13 +0100)]
attach: move to file descriptor only namespace interactions
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 29 Jan 2021 13:52:21 +0000 (14:52 +0100)]
attach: move to file descriptor-only interactions
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 29 Jan 2021 13:32:17 +0000 (14:32 +0100)]
attach: rework attaching to namespace fds
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 29 Jan 2021 13:27:07 +0000 (14:27 +0100)]
attach: remove unneeded assignment
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 29 Jan 2021 13:26:15 +0000 (14:26 +0100)]
attach: use STDIN_FILENO instead of hard-coding 0
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 29 Jan 2021 13:24:31 +0000 (14:24 +0100)]
attach: move new_cwd into tighter scope
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 29 Jan 2021 13:13:37 +0000 (14:13 +0100)]
attach: use dummy macros to make it easier to follow sync logic
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 29 Jan 2021 13:06:53 +0000 (14:06 +0100)]
attach: introduce sync_wait_fd() and sync_wake_fd()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 29 Jan 2021 13:01:59 +0000 (14:01 +0100)]
sync: make all sync helpers return bool
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 29 Jan 2021 12:51:45 +0000 (13:51 +0100)]
attach: introduce sync_wait_pid() and sync_wake_pid()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 29 Jan 2021 12:42:47 +0000 (13:42 +0100)]
attach: use sync_wait()/sync_wake() where applicable
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 29 Jan 2021 12:31:57 +0000 (13:31 +0100)]
sync: rename startup synchronization macros
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 29 Jan 2021 12:28:23 +0000 (13:28 +0100)]
sync: export sync_wait() and sync_wake()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>