]>
git.proxmox.com Git - mirror_lxcfs.git/log
Christian Brauner [Wed, 24 Aug 2016 13:43:49 +0000 (15:43 +0200)]
bindings: improve debugging
- replace multiple DEBUG ifdefines with a single ifdefine at the top
- ifdefine lxcfs_debug() macro function that expands to nothing when -DDEBUG is
not given
Signed-off-by: Christian Brauner <cbrauner@suse.de>
Serge Hallyn [Mon, 22 Aug 2016 14:04:54 +0000 (09:04 -0500)]
Merge pull request #130 from hallyn/2016-08-21/fixrace
2016 08 21/fixrace
Serge Hallyn [Sun, 21 Aug 2016 20:05:31 +0000 (15:05 -0500)]
meminfo: don't show negative swapfree
Also commonize some of the mem{,sw} free/used calculations.
Closes #115
Serge Hallyn [Sun, 21 Aug 2016 18:26:42 +0000 (13:26 -0500)]
pam: fix race in cgroup creation
If we find that a cgroup already exists, we should
1. remove all the cgroups which we've created so far
2. set existed to true
3. return failure
The caller should then detect that existed == true,
and re-try with the next index.
Signed-off-by: Serge Hallyn <serge@hallyn.com>
Serge Hallyn [Thu, 18 Aug 2016 05:34:38 +0000 (00:34 -0500)]
Merge pull request #126 from hallyn/2016-08-18/meminfo.more
Virtualize more of the meminfo fields
Serge Hallyn [Thu, 18 Aug 2016 05:03:51 +0000 (00:03 -0500)]
Virtualize more of the meminfo fields
The worst remaining offending line appears to be VmallocTotal.
Suggestions for how to calculate that would be appreciated.
Closes #119
Signed-off-by: Serge Hallyn <serge@hallyn.com>
Stéphane Graber [Tue, 16 Aug 2016 16:36:01 +0000 (12:36 -0400)]
Fix test_reload for lxcfs chroot
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Serge Hallyn [Wed, 10 Aug 2016 14:47:38 +0000 (09:47 -0500)]
Merge pull request #124 from brauner/2016-07-27/move_lxcfs_to_minimal_chroot
move lxcfs to minimal chroot
Christian Brauner [Mon, 8 Aug 2016 17:00:13 +0000 (19:00 +0200)]
bindings: avoid using additional process
Instead of clone(..., CLONE_NEWNS | CLONE_FILES, ...) simply use
unshare(CLONE_NEWNS) and setns().
Signed-off-by: Christian Brauner <cbrauner@suse.de>
Christian Brauner [Sun, 7 Aug 2016 20:04:41 +0000 (22:04 +0200)]
bindings: use strchr(), strrchr()
index(), rindex() are deprecated.
Signed-off-by: Christian Brauner <cbrauner@suse.de>
Christian Brauner [Sat, 6 Aug 2016 13:28:44 +0000 (15:28 +0200)]
lxcfs, bindings: set fd_hierarchies in constructor
We need to initialize fd_hierarchies in the __constructor__ to guarantee a
consistent view across users of the shared library. Note well that hierarchies
and fd_hierarchies are considered read-only after the __constructor__ has run.
Signed-off-by: Christian Brauner <cbrauner@suse.de>
Christian Brauner [Sat, 6 Aug 2016 09:19:02 +0000 (11:19 +0200)]
bindings: document new code
Signed-off-by: Christian Brauner <cbrauner@suse.de>
Christian Brauner [Sat, 6 Aug 2016 09:09:17 +0000 (11:09 +0200)]
lxcfs: document new code
Signed-off-by: Christian Brauner <cbrauner@suse.de>
Christian Brauner [Sat, 6 Aug 2016 00:00:01 +0000 (02:00 +0200)]
lxcfs, bindings: cleanup and fix exit logic
- close open file descriptors referring to cgroup hierarchies mounted in private
lxcfs mount namespace
- fix exit logic in main()
Signed-off-by: Christian Brauner <cbrauner@suse.de>
Christian Brauner [Fri, 5 Aug 2016 23:47:23 +0000 (01:47 +0200)]
bindings: open_pids_file()
Enable open_pids_file() to be used with *at() family of functions.
Signed-off-by: Christian Brauner <cbrauner@suse.de>
Christian Brauner [Fri, 5 Aug 2016 23:40:41 +0000 (01:40 +0200)]
bindings: is_dir(), chown_tasks_files(), cgfs_chown_file()
Enable is_dir(), chown_tasks_files(), cgfs_chown_file() to be used with *at()
family of functions.
Signed-off-by: Christian Brauner <cbrauner@suse.de>
Christian Brauner [Fri, 5 Aug 2016 23:34:21 +0000 (01:34 +0200)]
bindings: cgfs_chmod_file()
Enable cgfs_chmod_file() to be used with *at() family of functions.
Signed-off-by: Christian Brauner <cbrauner@suse.de>
Christian Brauner [Fri, 5 Aug 2016 23:19:16 +0000 (01:19 +0200)]
bindings: cgfs_remove(), recursive_rmdir()
Enable cgfs_remove(), recursive_rmdir() to be used with *at() family of
functions.
Signed-off-by: Christian Brauner <cbrauner@suse.de>
Christian Brauner [Fri, 5 Aug 2016 23:09:04 +0000 (01:09 +0200)]
bindings: chown_all_cgroup_files(), cgfs_create()
Enable chown_all_cgroup_files(), cgfs_create() to be used with *at() family of
functions.
Signed-off-by: Christian Brauner <cbrauner@suse.de>
Christian Brauner [Fri, 5 Aug 2016 22:58:33 +0000 (00:58 +0200)]
bindings: cgfs_set_value(), write_string()
Enable cgfs_set_value(), write_string() to be used with *at() family of
functions.
Signed-off-by: Christian Brauner <cbrauner@suse.de>
Christian Brauner [Fri, 5 Aug 2016 22:46:25 +0000 (00:46 +0200)]
bindings: caller_may_see_dir()
Signed-off-by: Christian Brauner <cbrauner@suse.de>
Christian Brauner [Fri, 5 Aug 2016 22:45:07 +0000 (00:45 +0200)]
bindings: adapt caller_is_in_ancestor()
Signed-off-by: Christian Brauner <cbrauner@suse.de>
Christian Brauner [Fri, 5 Aug 2016 22:34:51 +0000 (00:34 +0200)]
bindings: is_child_cgroup()
Enable is_child_cgroup() to be used with *at() family of functions.
Signed-off-by: Christian Brauner <cbrauner@suse.de>
Christian Brauner [Fri, 5 Aug 2016 22:27:53 +0000 (00:27 +0200)]
bindings: cgfs_get_value(), slurp_file()
Enable cgfs_get_value() and slurp_file() to be used with *at() family of
functions.
Signed-off-by: Christian Brauner <cbrauner@suse.de>
Christian Brauner [Fri, 5 Aug 2016 17:58:18 +0000 (19:58 +0200)]
bindings: cgfs_iterate_cgroup(), cgfs_get_key()
Enable cgfs_iterate_cgroup(), cgfs_get_key() to be used with *at() family of
functions.
Signed-off-by: Christian Brauner <cbrauner@suse.de>
Christian Brauner [Fri, 5 Aug 2016 17:45:46 +0000 (19:45 +0200)]
bindings: return opened fd for controller
find_mounted_controller() now stores the corresponding open file descriptor for
the mount of the controller in the private lxcfs mount namespace in @cfd.
Signed-off-by: Christian Brauner <cbrauner@suse.de>
Christian Brauner [Fri, 5 Aug 2016 12:17:15 +0000 (14:17 +0200)]
lxcfs, bindings: share cgroup info + add clone()
- So far lxcfs.c and bindings.{c,h} did not share cgroup information and we
unnecessarily kept parsing and storing additional information. Let's share it
instead.
- Add lxcfs_clone() function.
- Mount cgroups in a private mount namespace. We use CLONE_FILES so that file
descriptors opened via lxcfs_clone() are not copied and hence are valid in
child and parent.
- For each mounted hierarchy, open a file descriptor and store it in an mmap()ed
array that is MAP_SHARED between parent and child.
Signed-off-by: Christian Brauner <cbrauner@suse.de>
Christian Brauner [Wed, 27 Jul 2016 21:43:31 +0000 (23:43 +0200)]
lxcfs: add infrastructure to create minimal chroot
Signed-off-by: Christian Brauner <cbrauner@suse.de>
Christian Brauner [Wed, 27 Jul 2016 21:32:31 +0000 (23:32 +0200)]
lxcfs: order includes
Signed-off-by: Christian Brauner <cbrauner@suse.de>
Christian Brauner [Wed, 27 Jul 2016 21:24:50 +0000 (23:24 +0200)]
lxcfs, bindings: small improvements
- capitalize BASEDIR
- add missing newline to debug output
Signed-off-by: Christian Brauner <cbrauner@suse.de>
Serge Hallyn [Sat, 9 Jul 2016 14:07:32 +0000 (09:07 -0500)]
Merge pull request #121 from brauner/skip_cgroupv2
skip empty entries under /proc/self/cgroup
Christian Brauner [Sat, 9 Jul 2016 11:19:06 +0000 (13:19 +0200)]
skip empty entries under /proc/self/cgroup
If cgroupv2 is enabled either alone or together with legacy hierarchies
/proc/self/cgroup can contain entries of the form:
0::/
This will cause lxcfs to fail the cgroup mounts because it parses out the empty
string "" and later on passes it to mount(). Let's skip such entries.
Signed-off-by: Christian Brauner <cbrauner@suse.de>
Serge Hallyn [Fri, 17 Jun 2016 07:27:45 +0000 (02:27 -0500)]
under_systemd_user_slice: work right when init is in '/'
Signed-off-by: Serge Hallyn <serge@hallyn.com>
Serge Hallyn [Sun, 12 Jun 2016 02:39:48 +0000 (21:39 -0500)]
libpam_cgfs: don't create new path if we are under /user.slice/user-$uid.slice
(relative to our init's path)
Closes #117
Signed-off-by: Serge Hallyn <serge@hallyn.com>
Serge Hallyn [Sat, 28 May 2016 05:27:27 +0000 (00:27 -0500)]
Don't build pam/ when --with-pamdir=none
Closes #110
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Mon, 25 Apr 2016 14:36:15 +0000 (09:36 -0500)]
Merge pull request #109 from brauner/bugfixes
bugfixes
Christian Brauner [Mon, 25 Apr 2016 11:42:45 +0000 (13:42 +0200)]
bugfixes
- Fix do_mount_cgroups(): It previously returned ret uninitialized on failure.
- Quite a few snprintf() call used size_t variables but then checked whether
size_t < 0. Since size_t is unsigned these checks were always true. Let's use
ssize_t instead which is signed.
- Use additional ssize_t variable to catch snprintf() error for swap
calculation and add the value to the final result afterwards instead of
directly.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
Serge Hallyn [Wed, 20 Apr 2016 16:25:47 +0000 (11:25 -0500)]
fix cg_access() for controller directories
The previous patch actually didn't handle those, but only
/cgroup itself.
Closes #107
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Tue, 19 Apr 2016 18:30:29 +0000 (13:30 -0500)]
access: allow rx to controller directories themselves
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Sat, 2 Apr 2016 05:34:57 +0000 (00:34 -0500)]
diskstats: revert to only showing devices we've used
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Sat, 2 Apr 2016 05:19:53 +0000 (00:19 -0500)]
diskstats: use recursive values, and some cleanup
Iuse the recursive cgroup values since we certainly want values
for child cgroups included. Also simplify the code just a bit.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Sat, 2 Apr 2016 03:52:07 +0000 (22:52 -0500)]
s390: print the virtualized #cpus in cpuinfo_read
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Sat, 2 Apr 2016 00:50:11 +0000 (19:50 -0500)]
fix proc_cpuinfo_read for s390x
cpuinfo is different on s390x. On amd64 there is a set of lines
per processor, begging with 'processor : n'. On s390x, the first
line identifies the vendor, then there are general lines which apply
to all containers, finally the processors show up one per line.
So handle these differently.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Thu, 31 Mar 2016 18:09:32 +0000 (13:09 -0500)]
tag final 2.0.0 release
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Tue, 29 Mar 2016 18:44:02 +0000 (13:44 -0500)]
configure.ac: release 2.0.0.rc9
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Tue, 29 Mar 2016 18:35:01 +0000 (13:35 -0500)]
fuse file info release: guard against multiple calls
While fuse clearly calls the release info helpers under pthread
lock, it's not as clear that it may not be called more than once.
Null everything after we free it.
The hope is that this will fix the occasional mysterious crashes
on very heavily used (50 containers nonstop) servers.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Tue, 22 Mar 2016 07:51:42 +0000 (00:51 -0700)]
Merge pull request #104 from stgraber/master
hook: Fix typo in previous fix
Stéphane Graber [Tue, 22 Mar 2016 07:46:59 +0000 (03:46 -0400)]
hook: Fix typo in previous fix
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Serge Hallyn [Tue, 22 Mar 2016 07:34:27 +0000 (00:34 -0700)]
Merge pull request #103 from stgraber/master
hook: Don't fail when root mountpoint is a symlink
Stéphane Graber [Tue, 22 Mar 2016 07:24:17 +0000 (03:24 -0400)]
hook: Don't fail when root mountpoint is a symlink
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Serge Hallyn [Tue, 22 Mar 2016 04:06:33 +0000 (21:06 -0700)]
proc_access: return EACESS not EPERM
(per the manpage)
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Tue, 22 Mar 2016 04:00:42 +0000 (21:00 -0700)]
release 2.0.0.rc8
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Tue, 22 Mar 2016 04:00:01 +0000 (21:00 -0700)]
Merge pull request #102 from hallyn/2016-03-21/access
implement access(2)
Serge Hallyn [Tue, 22 Mar 2016 03:50:58 +0000 (20:50 -0700)]
remove obsolete comments
i *think* the 'should never get here' was a side effect of using cgmanager
which is no longer valid.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Tue, 22 Mar 2016 00:42:04 +0000 (17:42 -0700)]
implement access(2)
This is needed by lxc's cgfsng driver.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Mon, 21 Mar 2016 17:55:24 +0000 (10:55 -0700)]
release 2.0.0.rc7
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Mon, 21 Mar 2016 17:46:54 +0000 (10:46 -0700)]
use a better word in signal() failure error message
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Stéphane Graber [Mon, 21 Mar 2016 16:04:45 +0000 (12:04 -0400)]
Merge pull request #100 from hallyn/2016-03-20/starton
upstart: change how we decide to not run in a container
Serge Hallyn [Mon, 21 Mar 2016 07:56:03 +0000 (00:56 -0700)]
Merge pull request #101 from hallyn/2016-03-20/misc
Address feedback from Markus Elfring
Serge Hallyn [Mon, 21 Mar 2016 07:25:16 +0000 (00:25 -0700)]
lxcfs reload: only call async-safe functions
So don't call fprintf, don't take a lock we don't need, just set
an atomic volatile int to 1 when called.
Closes #94
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Mon, 21 Mar 2016 07:03:04 +0000 (00:03 -0700)]
configure.ac: drop second call to AM_INIT_AUTOMAKE
Closes #95
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Mon, 21 Mar 2016 06:49:21 +0000 (23:49 -0700)]
handle error in signal(2)
Closes #96
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Mon, 21 Mar 2016 04:08:47 +0000 (21:08 -0700)]
upstart: change how we decide to not run in a container
Otherwise lxcfs keeps lxc from hitting state 'started', which
in turn blocks reboot/shutdown.
Closes #92
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Sun, 20 Mar 2016 16:48:44 +0000 (09:48 -0700)]
Merge pull request #99 from stgraber/master
hook: don't use mountpoint
Stéphane Graber [Sun, 20 Mar 2016 15:00:55 +0000 (11:00 -0400)]
hook: don't use mountpoint
It's not very reliable (had it fail on one of my servers) and since
we're already iterating through a list of mountpoints, it's also
completely unneeded.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Serge Hallyn [Sun, 20 Mar 2016 01:43:35 +0000 (18:43 -0700)]
Merge pull request #98 from stgraber/master
Fix lxcfs mount handling with newer lxc
Stéphane Graber [Sat, 19 Mar 2016 03:23:17 +0000 (23:23 -0400)]
Fix lxcfs mount handling with newer lxc
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Serge Hallyn [Thu, 17 Mar 2016 21:49:39 +0000 (14:49 -0700)]
release 2.0.0.rc6
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Thu, 17 Mar 2016 21:47:03 +0000 (14:47 -0700)]
Merge pull request #97 from hallyn/2016-03-17/14.04
pam: support 14.04
Serge Hallyn [Thu, 17 Mar 2016 21:28:53 +0000 (14:28 -0700)]
pam: support 14.04
In 14.04 our pam_systemd module used a different format for the
login cgroups. If we find one of those in our name, then we want
to just chown it to us and not do anything more, just as we do in
xenial.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Mon, 14 Mar 2016 22:59:22 +0000 (15:59 -0700)]
release 2.0.0.rc5
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Mon, 14 Mar 2016 22:58:52 +0000 (15:58 -0700)]
Merge pull request #91 from hallyn/2016-03-14/nonint
pam_cgfs: create a new systemd cgroup if current isn't ours
Serge Hallyn [Mon, 14 Mar 2016 19:19:27 +0000 (12:19 -0700)]
pam_cgfs: create a new systemd cgroup if current isn't ours
If current systemd cgroup does not end in user-$uid.slice/session-c%d.scope,
then pam did not create our current systemd cgroup for us, so create a new
one rather than chowning the current one.
This happens with noninteractive sessions.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Sat, 12 Mar 2016 07:14:06 +0000 (23:14 -0800)]
Add sysvinit to init systems for Debian and Ubuntu
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Sat, 12 Mar 2016 06:54:13 +0000 (22:54 -0800)]
systemd config files don't go under /usr
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Sat, 12 Mar 2016 06:11:37 +0000 (22:11 -0800)]
release 2.0.0.rc4
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Stéphane Graber [Sat, 12 Mar 2016 05:30:20 +0000 (00:30 -0500)]
Simplify the upstart job
This fixes the nesting case as before it would hit the first check,
which stops the job, then post-stop would unmount it.
Instead, lets just not start in containers, lxcfs is meant to run on the
host and be bind-mounted from there into containers.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Stéphane Graber [Sat, 12 Mar 2016 05:14:50 +0000 (00:14 -0500)]
Fix lxcfs passthrough
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Serge Hallyn [Tue, 8 Mar 2016 00:09:25 +0000 (16:09 -0800)]
release 2.0.0.rc3
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Stéphane Graber [Tue, 8 Mar 2016 00:05:53 +0000 (19:05 -0500)]
Merge pull request #90 from hallyn/2016-03-07/cached
2016 03 07/cached
Serge Hallyn [Mon, 7 Mar 2016 23:50:50 +0000 (15:50 -0800)]
meminfo_read: return 0 for Slab
Slab: is supposed to be the "in-kernel data structures cache". I don't
know of a good way to calculate this from memory cgroup info. If/when
we find it we can update it. This value is used by free -m meaning
that if we don't shrink it, we can end up with negative values for
used memory.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Mon, 7 Mar 2016 23:42:18 +0000 (15:42 -0800)]
always use container root cgroup, not init pid's
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Stéphane Graber [Mon, 7 Mar 2016 18:56:47 +0000 (13:56 -0500)]
Mount /proc files even if /sys/fs/cgroup is disabled
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Stéphane Graber [Fri, 26 Feb 2016 16:24:45 +0000 (11:24 -0500)]
Fix start on lxc-less upstart systems
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Serge Hallyn [Wed, 24 Feb 2016 21:31:38 +0000 (13:31 -0800)]
Fix release tarballs
Tell make dist to ship config/.
Fix the filename for the sysvinit job.
And release rc2 with this fix.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Wed, 24 Feb 2016 21:01:12 +0000 (13:01 -0800)]
release 2.0.0.rc1
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Tue, 23 Feb 2016 21:38:17 +0000 (13:38 -0800)]
Merge pull request #87 from hallyn/2016-02-23/init
Add upstart and systemd init jobs
Serge Hallyn [Tue, 23 Feb 2016 19:52:22 +0000 (11:52 -0800)]
Add upstart and systemd init jobs
Mostly copied from the Ubuntu package.
Note someone still needs to write the bsd and gentoo init
scripts. (You can look at the sysvinit jobs here and the
bsd+gentoo jobs in git://github.com/lxc/cgmanager for
inspiration).
Closes #71
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Fri, 19 Feb 2016 20:31:36 +0000 (12:31 -0800)]
configure.ac: release LXCFS 2.0.0.beta2
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Fri, 19 Feb 2016 20:16:16 +0000 (12:16 -0800)]
pam: don't hang if controllers have no mount path
closes #86
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Thu, 18 Feb 2016 18:10:16 +0000 (10:10 -0800)]
pid_from_ns_wrapper: remove the loop
If we clone a child which can't reply to us within the timeout, do
not keep looping, just return an error. Commonize the function
superficially to make it look like pid_to_ns_wrapper(). Presumably
we can now merge these into one function, that's left for later.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Fabian Grünbichler [Thu, 18 Feb 2016 11:56:44 +0000 (12:56 +0100)]
Use clone instead of fork for PID translation
Because of the different signatures of fork() and clone(),
pid_to_ns and pid_from_ns get an additional wrapper that is
passed to clone(). To pass the needed arguments to
pid_ns_clone_wrapper, a new struct called pid_ns_clone_args
is introduced.
The return type of pid_to_ns and pid_from_ns need to be
changed to int, returning equals exiting with clone().
(serge - inline fix of erorr typo which bled through from the original)
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Fabian Grünbichler [Thu, 18 Feb 2016 11:53:40 +0000 (12:53 +0100)]
Use clone instead of fork in write_task_init_pid_exit
Adds a new wrapper for send_creds, avoiding the fork / pid
namespace issue present in glibc.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Wed, 10 Feb 2016 06:27:39 +0000 (22:27 -0800)]
configure.ac: release 2.0.0.beta1
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Wed, 10 Feb 2016 04:57:13 +0000 (20:57 -0800)]
configure: drop unneeded variable
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Tue, 9 Feb 2016 21:58:29 +0000 (13:58 -0800)]
fix length check in proc_swaps_read
thanks Nehal for reminding me.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Tue, 9 Feb 2016 19:45:48 +0000 (11:45 -0800)]
Don't expand LIBDIR for liblxcfs.so, always use /usr/lib/lxcfs/
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Tue, 9 Feb 2016 19:13:49 +0000 (11:13 -0800)]
Add support for /proc/swaps
Example Output:
[root at lxc-dev <http://lists.linuxcontainers.org/listinfo/lxc-devel> ~]# lxc-attach -n ubuntuwily -- /bin/cat /proc/swaps
Filename Type Size Used Priority
none virtual
1048572 1048572 0
Signed-off-by: Teemu Grönqvist <teemu.gronqvist@net9.fi>
Signed-off-by: Nehal J Wani <nehaljw.kkd1@gmail.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Tue, 9 Feb 2016 08:29:37 +0000 (00:29 -0800)]
Merge pull request #81 from hallyn/2016-02-08/pam
pam_cgfs: change handling of name=systemd
Serge Hallyn [Tue, 9 Feb 2016 05:58:11 +0000 (21:58 -0800)]
pam_cgfs: change handling of name=systemd
Don't always ignore it.
Do ignore it (like all others) if not listed in the -c argument.
If the logged in task's name=systemd cgroup != that of the init
task's, assume we are in systemd and rename the user's.
If they are the same, assume we are in upstart or sysvinit and
create=chown a name=systemd cgroup just as for the others.
This should fix
https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/
1543353
and allow the ubuntu systemd package to drop its cgroup related
delta.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>